Crytolocker Virus Issue


  1. Posts : 53
    Windows 7 64 bit
       #1

    Crytolocker Virus Issue


    Morning all,

    We recently had a laptop which seemed to have the cryptolocker virus on it. We ran some scans on it, and wasn't aware of it being cryptolocker at the time. At the time, the tech noticed pop ups coming up at start up saying that files were locked, so the tech ran malware bytes and AVG. After removing a bunch of malware and removing the pop ups from start up, it seemed all right. We ran one last scan and let the user take the laptop home while it scanned (he was leaving for the day). Today he said he took the laptop home and the scan came back clean, but was missing files. After this he decided to do a system restore to the 18th (before we looked at it) and is now missing files. Is there anything we can do to recover the missing files? Let me know if anybody has been in a similar position. Thanks.
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Could they possibly be found in the service --> Volume Shadow Copy?

    I don't work on computers that have been so highly infected, so you are on your own. Sorry
      My Computer


  3. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #3

    Hi,
    Not good the tech's didn't remove prior restore points after cleaning
      My Computer


  4. Posts : 7,101
    W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
       #4

    IM NOT RECOMMENDING THIS AS A FIX.

    The files that you want will more than likely be in the quaritine log files, and as such they are "infected",
    you can restore them but you will be reinfected..

    Roy
      My Computer


  5. Posts : 10,485
    W7 Pro SP1 64bit
       #5

    AGame20,
    What kind of files are missing? Files that the user created or files associated with various applications? I would run a rootkit scan, chkdsk and full virus scan using an offline tool like WDO.

    There are "Crypto style" infections that do nothing to files. The simply demand a ransom and some users will pay it.

    If the user of this laptop can still open user created files (documents, spreadsheets, pictures, videos...), then maybe the computer had one of the fake "Crypto style" infections.

    Real versions of "Crypto style" infections will change (encrypt) many types of files. Some versions of these infections change the file extension. Perhaps that is why the user thinks files are missing. Shortcuts (jumplists) pointing to those files will not work any more.

    The encryption can be undone for a few versions of the these infections. For real versions of these infections, the encrypted files should be replaced from a backup system.

    Antivirus tools or anti-malware tools should not move files that have been changed by a "Crypto style" infection into a quarantine folder. Most tools should know to just leave the files alone. The files are not dangerous, they are just encrypted.
      My Computer


  6. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #6

    If I had to fix this computer I would not be trying to patch it.
    Their are many types of Crypto infection. Some worse than others.

    I would wipe and format the drive and install one of the backups or clones the customer has.

    If the customer does not have backups or a clone I would do a Clean Install.

    Because one doesn't know what other infection might of been on the infected computer; I would recommend changing all password for everything.
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #7

    I so totally agree with Jack, above ^^^ !
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:32.
Find Us