Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Crytolocker Virus Issue

06 Jan 2016   #1
AGame20

Windows 7 64 bit
 
 
Crytolocker Virus Issue

Morning all,

We recently had a laptop which seemed to have the cryptolocker virus on it. We ran some scans on it, and wasn't aware of it being cryptolocker at the time. At the time, the tech noticed pop ups coming up at start up saying that files were locked, so the tech ran malware bytes and AVG. After removing a bunch of malware and removing the pop ups from start up, it seemed all right. We ran one last scan and let the user take the laptop home while it scanned (he was leaving for the day). Today he said he took the laptop home and the scan came back clean, but was missing files. After this he decided to do a system restore to the 18th (before we looked at it) and is now missing files. Is there anything we can do to recover the missing files? Let me know if anybody has been in a similar position. Thanks.


My System SpecsSystem Spec
.
08 Jan 2016   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Could they possibly be found in the service --> Volume Shadow Copy?

I don't work on computers that have been so highly infected, so you are on your own. Sorry
My System SpecsSystem Spec
08 Jan 2016   #3
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Not good the tech's didn't remove prior restore points after cleaning
My System SpecsSystem Spec
.

08 Jan 2016   #4
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

IM NOT RECOMMENDING THIS AS A FIX.

The files that you want will more than likely be in the quaritine log files, and as such they are "infected",
you can restore them but you will be reinfected..

Roy
My System SpecsSystem Spec
08 Jan 2016   #5
UsernameIssues

W7 Pro SP1 64bit
 
 

AGame20,
What kind of files are missing? Files that the user created or files associated with various applications? I would run a rootkit scan, chkdsk and full virus scan using an offline tool like WDO.

There are "Crypto style" infections that do nothing to files. The simply demand a ransom and some users will pay it.

If the user of this laptop can still open user created files (documents, spreadsheets, pictures, videos...), then maybe the computer had one of the fake "Crypto style" infections.

Real versions of "Crypto style" infections will change (encrypt) many types of files. Some versions of these infections change the file extension. Perhaps that is why the user thinks files are missing. Shortcuts (jumplists) pointing to those files will not work any more.

The encryption can be undone for a few versions of the these infections. For real versions of these infections, the encrypted files should be replaced from a backup system.

Antivirus tools or anti-malware tools should not move files that have been changed by a "Crypto style" infection into a quarantine folder. Most tools should know to just leave the files alone. The files are not dangerous, they are just encrypted.
My System SpecsSystem Spec
08 Jan 2016   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If I had to fix this computer I would not be trying to patch it.
Their are many types of Crypto infection. Some worse than others.

I would wipe and format the drive and install one of the backups or clones the customer has.

If the customer does not have backups or a clone I would do a Clean Install.

Because one doesn't know what other infection might of been on the infected computer; I would recommend changing all password for everything.
My System SpecsSystem Spec
08 Jan 2016   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I so totally agree with Jack, above ^^^ !
My System SpecsSystem Spec
Reply

 Crytolocker Virus Issue




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Anti Virus Pro Security issue
Hello, I've been passed an acer laptop on with the Anti Virus Pro Security ransom ware on. i have removed these before using safe mode but this one seems to be a little more inventive. when i log in in safe mode it boots me back out and restarts the laptop up in standard mode. same with...
System Security
My friend is having a Virus issue - Win32/Sality
Hey, My friend has had this virus that he feels is taking control of his computer. Here's his message. Anyone know a way to solve this Virus? Regards, -TPS
System Security
Virus/Dos condition or performance issue?
Hi, This will be a short question. I recently reinstalled windows 7 for some errors. So after installing everything, windows went on smoothly(that is, performance wise) Now that i am installing every bit of software i need. Im getting DoS like conditions on the computer, when i start up...
System Security
Virus issue
hey friends, my friend has got 21 files affected by virus. Was getting an error. These excel & word files which are affected. We want to know how can we recover/back-up these files as they are really important without losing them forever??? Its a Dell laptop No AV, No Firewall, No external...
System Security
Virus Issue
I have picked up a virus that shows itself as a virus protection program. It will not allow me to into msconfig and it has shut down Essentials. I have shut down the system and removed it from my network and online capabilities. How can I delete this issue without reinstalling Windows? And...
System Security
Back up issue after a virus.
I recently had some trouble with a virus. My Norton scanner cleaned the virus out, but it had changed my registry and some other files I do not know how to restore.(I think some of the virus is still present because my computer is slower then before) So I wanted to do a clean re-install of my...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:34.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App