help virus 50$ all files encrypted

[jasem]

i have windows 7

all files ( music photo dada ........all) encrypted

this warning in folders

File Decryption costs ~ $ 50

In order to decrypt the files, you need to perform the following steps:
1. You should download and install this browser [removed by admin]
2. After installation, run the browser and enter the address: 4sfxctgp53imlvzk.onion
3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.


Guaranteed recovery is provided within 10 days.

please help me my data very important

 

[crankypenguin]

First off, please read this, and DO NOT DO ANYTHING THAT RANSOMWARE tells you to do. Late with your ransom payment? Never mind, CryptoLocker crooks will, er, give you a break ? The Register . I will try to look into a solution, but perhaps someone more knowledgeable can help while I search. You can try these things.

Step 1.
Start in safemode with networking and scan for malware. To do so you need to
Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.

If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan with Malwarebytes Anti-Malware and HitmanPro ( update these programs before you scan, in the safemode with networking )to remove the malicious files from your machine. If does not work, you can try reverting your machine to a previous state using the system restore utility. Once restored, go into safemode again with networking and repeat step 1.

 

[Slartybart]

1st - disconnect from the internet.

There are a number of 'crypto' ransomwares out there. Depending on which one is on your system, your files might be safe. The newest versions actually encrypt files with a key only on their system.

The 1st step to clean up your box is to know what virus is on it.

CrankyPenguin gave you some tools to use that might identify the bug, but if you have screens showing waht you see, please post an image (use your phone or camera) thanks.

Read only - no action suggested: http://www.sophos.com/en-us/mediali...ers/SophosRansomwareFakeAntivirus.pdf?dl=true

 

[cottonball]

jaseem,

Is the ransomware, by any chance called: CryptoLocker or CryptoLocker 2.0

 

[jasem]

hello

thanks my freind

i going to test

 

[Kaktussoft]

When did you get infected? Do you have "restore points" prior to it? You know exactly which folders have ben encrypted?

 

[jasem]

my system dont have restore point please help me

 

[Kaktussoft]

my system dont have restore point please help me

Why did you disable that feature? If they had been made you could go back in time using option "previous version of folders and files". http://www.sevenforums.com/tutorials/85679-previous-versions-restore-files-folders.html

Do you have a good backup of the folders? Or a system image backup? I don't have the key to unencrypt the stuff..... only the criminals have.

 

[jasem]

my system dont have restore point please help me

Why did you disable that feature? If they had been made you could go back in time using option "previous version of folders and files". http://www.sevenforums.com/tutorials/85679-previous-versions-restore-files-folders.html

Do you have a good backup of the folders? Or a system image backup? I don't have the key to unencrypt the stuff..... only the criminals have.

not work

hello i deleted windows and installed new windows
help.

 

[Kaktussoft]

my system dont have restore point please help me

Why did you disable that feature? If they had been made you could go back in time using option "previous version of folders and files". http://www.sevenforums.com/tutorials/85679-previous-versions-restore-files-folders.html

Do you have a good backup of the folders? Or a system image backup? I don't have the key to unencrypt the stuff..... only the criminals have.

not work

hello i deleted windows and installed new windows
help.

??????

So you reinstalled windows? Data files are still there? On another partition?

 

[jasem]

my files in drive d and i formated drive c windows in drive c

my files in drive d but cant open encrypted
help

 

[Kaktussoft]

In http://www.sevenforums.com/tutorials/783-elevated-command-prompt.html

vssadmin  list  shadows  /for=d:

Post output