Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Attacked by cryptowall 2.0 - now attempting rebuild

07 Nov 2014   #1

Windows 7 pro 64 bit
Attacked by cryptowall 2.0 - now attempting rebuild

It started Halloween is my guess looking for pic to carve a pumpkin with. Win 7 was out of memory - I have 24 gb so that was not right. In msconfig startup was ba025.exe file two places. Removed and rebooted. Seemed ok until I opend outlook and my email pst files were encrypted with instructions in the directory on how to pay ransom for encryption key. There wer 2500+ sets of these instructions in various directories, but not in my main photo folder and other key places. I may have stopped some of the attack. It also put these files on my backup drive but did not affect the backup.

Using restore I was able to put back my outlook pst files and open my email.

I have trend micro maximum security but it did not stop it.

I then noticed IE was slow and lots of comm processes were kicking off. I set IE to high security and that stopped. Trend micro sent me several tools but they all failed during scan. They want 80 bucks to work on it themselves or free if they send me the tools and do what I am told to do. As I said most tools fail. Some just show files that may be a threat.

I don't know for sure if it is still infected so I am rebuilding. I started with backing up some folders from c drive that are important and not effected. Then a disk image. I have a backup before the infection but not a disk image so I am using my Asus disk to recover by wiping partition and reinstalling. If this works I then have to apply my win pro upgrade to get back to the starting block. Then restore files from backup. Only my C drive and a couple folders on another drive seem to be encrypted.

Will I have a problem applying my upgrade? I have the key and the code I received from using key.
When restoring files is there an easy way to restore everything except the operating system files?
Restoring by folder shows the entire drive but I can't drill down. Restoring by file does show folders to restore but will any /user files mess up new op sys?

I will probably know before anyone replies but during restore is there anything else I should look out for?

Is there a way to prevent this in the future? AV software not catching it. Will avoid unknown sites now that I don't trust my av software to stop this.
Last does anyone know if during the encryption they are able to infect a file so that when opened it will all start over again like an image file? All replies are welcome and if you read this far thanks for your time.

My System SpecsSystem Spec
07 Nov 2014   #2

Windows 7 pro 64 bit

All seems well I had to change cables on the hard drives to get Asus to see my operating system drive as drive 0 but it went smooth after that. The upgrade to pro took a long time over 8 hours but finished. I am installing updates for pro now and will finish the important stuff tomorrow. Looks like a disaster has been avoided and my system is clean and running better than ever.
My System SpecsSystem Spec

 Attacked by cryptowall 2.0 - now attempting rebuild

Thread Tools

Similar help and support threads
Thread Forum
CryptoWall Ransomware, Please Help To Decrypt Files.
Hello There, I am not sure if this is the right section to Post my problem, I Got a CryptoWall Virus, So they Encrypted all my files and blackmail me to Decrypt them back, So Does anyone knows any way to Decrypt this ? Please anyone can help, It's Excel and Word Work Files. Once they do this...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:39.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App