Question about ‘Savefiles’ Ransomware Attack

  Dan_28 12:46 10 Sep 2018

I would start by saying that my skills place me firmly in the novice bracket. I have an old laptop and at the weekend I managed to fall foul of a Ransomware attack. It has encrypted a number of my files and renamed them with “Savefiles” in the extension and opens a very nice txt file telling me I have to pay $500 in 72 hours for the encryption key. I cannot find hardly any mention of this variant of Ransomware when I search for it. I have rebooted in safe mode and copied all the unaffected files on to an external hard drive. My question is would it be safe to put these files on a new laptop (there are no executables only photos and word documents). I would add that the laptop is so old I could replace it for less that the cost of recovering it (I tried a few free virus/malware products but they didn’t even recognise the Ransomware). Any help would be greatly appreciated.

  MJS WARLORD 14:27 10 Sep 2018

you have obviously got hit by something , don't be offended but you don't have to go on porn sites to get this to happen to you , I got ransomware on a spare pc on a games site.

you need to save all the things you don't want to loose and look in your list of programs for the recovery console , reboot your pc to a never used state.

the code for some ransomware is so complicated that some anti virus people admit they cant crack it.

DO NOT pay any money all they want is your bank details to clean you out , they wont take the $500 they will take everything.

Also do you really think they will delete everything they put on your pc , if they don't they will pay you another visit.

REBOOT TO FACTORY SETTINGS IS THE ONLY SAFE OPTION.

  MJS WARLORD 14:28 10 Sep 2018

Please let me know how you get on , btw what make of pc do you have.

  Dan_28 14:49 10 Sep 2018

Hi many thanks for the reply. I had been looking around for an old Atari st emulator so reckon that is where I picked up the Ransomware. It’s an old dell E6400 laptop that I bought second hand about 3 years ago so it’s not worth much, apart from a bit of light internet surfing it’s only used to dump the photos off our phones and for emails so I’ve never felt the need for anything newer. Like I said I have copied off all the files I need to keep so if it’s safe to copy them back afterwards I can clear everything except the operating system off of it if I need to). I’ve just gone in to ‘Control Panel’ (I should of mentioned this is Windows 7) and the previous owner had switched off windows backups. Should I use the recovery option to restore (the only restore point I have is 1st September but that should be far enough back.

  MJS WARLORD 15:04 10 Sep 2018

use the recovery option and look for the wording never used state or clean install or something like that , if you every buy a new pc keep your old one for downloading , that's what I do

  Fruit Bat /\0/\ 15:36 10 Sep 2018

‘Savefiles’ Ransomware comes as a trojan and inffects word documents as a Macro

So do not load any of your word documents to your other PCs or laptops probably best to delete the others as well, do you have back ups?

Safest option is to get your windows serial key off the machine and then format the drive and do a complete clean install of windows you can download and make a windows iso from MS (key need for win 7 / XP), what op system windows 7?

Some info click here do not download spyhunter from the links on that page

  Dan_28 16:05 10 Sep 2018

MJS WARLORD, there was only one restore point and as the link Fruit Bat posted mentioned that is also corrupted (I’ve restored it and nothing has changed even though it’s nearly s week earlier that the Ransomware struck.

Fruit Bat, that sounds a little out of my comfort zone but since the laptop is basically no good I’m happy to give it a try as I have nothing to lose. It’s Windows 7 Ultimate btw. One thing, I’ve had s look and the only documents I really need to keep are pdf’s (I have a backup but not that recent), do you think they may be safe and can I assume the photos as safe?

  lotvic 01:16 11 Sep 2018

You should be able to download Windows 7 from Dell. Download and Use the Dell OS Recovery Image click here

  Dan_28 08:47 11 Sep 2018

Many thanks for all the help, I’ve managed to download and install a fresh copy of Windows 7 and everything is now working fine.

What is Markdown?

Markdown lets you add more formatting to your post. Simply type in your post and it will display as written.

If you wish to add bold or italic characters, add a hyperlink to another website, a heading or a horizontal line, simply use the relevent icons above the text input field.

A preview of your post will appear in the grey box below. If you make a change and you're not happy, simply press the back arrow icon to undo.

Post a Reply

4500

Elsewhere on IDG sites

Huawei Mate 20 Pro review: In-depth hands-on

See concept art from groundbreaking video games including The Last of Us, Journey and No Man's Sky

iPhone XR release date, price & specs

Les meilleurs VPN pour Kodi (2018)