Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Crytolocker Virus Issue

06 Jan 2016   #1

Windows 7 64 bit
Crytolocker Virus Issue

Morning all,

We recently had a laptop which seemed to have the cryptolocker virus on it. We ran some scans on it, and wasn't aware of it being cryptolocker at the time. At the time, the tech noticed pop ups coming up at start up saying that files were locked, so the tech ran malware bytes and AVG. After removing a bunch of malware and removing the pop ups from start up, it seemed all right. We ran one last scan and let the user take the laptop home while it scanned (he was leaving for the day). Today he said he took the laptop home and the scan came back clean, but was missing files. After this he decided to do a system restore to the 18th (before we looked at it) and is now missing files. Is there anything we can do to recover the missing files? Let me know if anybody has been in a similar position. Thanks.

My System SpecsSystem Spec
08 Jan 2016   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Could they possibly be found in the service --> Volume Shadow Copy?

I don't work on computers that have been so highly infected, so you are on your own. Sorry
My System SpecsSystem Spec
08 Jan 2016   #3

Win-7-Pro64bit 7-H-Prem-64bit

Not good the tech's didn't remove prior restore points after cleaning
My System SpecsSystem Spec

08 Jan 2016   #4

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring


The files that you want will more than likely be in the quaritine log files, and as such they are "infected",
you can restore them but you will be reinfected..

My System SpecsSystem Spec
08 Jan 2016   #5

W7 Pro SP1 64bit

What kind of files are missing? Files that the user created or files associated with various applications? I would run a rootkit scan, chkdsk and full virus scan using an offline tool like WDO.

There are "Crypto style" infections that do nothing to files. The simply demand a ransom and some users will pay it.

If the user of this laptop can still open user created files (documents, spreadsheets, pictures, videos...), then maybe the computer had one of the fake "Crypto style" infections.

Real versions of "Crypto style" infections will change (encrypt) many types of files. Some versions of these infections change the file extension. Perhaps that is why the user thinks files are missing. Shortcuts (jumplists) pointing to those files will not work any more.

The encryption can be undone for a few versions of the these infections. For real versions of these infections, the encrypted files should be replaced from a backup system.

Antivirus tools or anti-malware tools should not move files that have been changed by a "Crypto style" infection into a quarantine folder. Most tools should know to just leave the files alone. The files are not dangerous, they are just encrypted.
My System SpecsSystem Spec
08 Jan 2016   #6
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64

If I had to fix this computer I would not be trying to patch it.
Their are many types of Crypto infection. Some worse than others.

I would wipe and format the drive and install one of the backups or clones the customer has.

If the customer does not have backups or a clone I would do a Clean Install.

Because one doesn't know what other infection might of been on the infected computer; I would recommend changing all password for everything.
My System SpecsSystem Spec
08 Jan 2016   #7
Microsoft MVP

Windows 7 Ultimate 32bit SP1

I so totally agree with Jack, above ^^^ !
My System SpecsSystem Spec

 Crytolocker Virus Issue

Thread Tools

Similar help and support threads
Thread Forum
Virus issue, need help ASAP.
So, I've had this virus for a couple of weeks now and it has annoyed me, I've tried running Malwarebytes around 10 times now with no success, it detects the file, deletes it but it re-creates. It's until today the virus really scared the living soul out of me. It started to do some VERY weird...
System Security
Anti Virus Pro Security issue
Hello, I've been passed an acer laptop on with the Anti Virus Pro Security ransom ware on. i have removed these before using safe mode but this one seems to be a little more inventive. when i log in in safe mode it boots me back out and restarts the laptop up in standard mode. same with...
System Security
Virus issue
hey friends, my friend has got 21 files affected by virus. Was getting an error. These excel & word files which are affected. We want to know how can we recover/back-up these files as they are really important without losing them forever??? Its a Dell laptop No AV, No Firewall, No external...
System Security
Virus Issue
I have picked up a virus that shows itself as a virus protection program. It will not allow me to into msconfig and it has shut down Essentials. I have shut down the system and removed it from my network and online capabilities. How can I delete this issue without reinstalling Windows? And...
System Security
Back up issue after a virus.
I recently had some trouble with a virus. My Norton scanner cleaned the virus out, but it had changed my registry and some other files I do not know how to restore.(I think some of the virus is still present because my computer is slower then before) So I wanted to do a clean re-install of my...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:45.
Twitter Facebook Google+