| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 142429 | 2016-07-04 05:48:00 | crypto infection & data recovery | 1101 (13337) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1422646 | 2016-07-04 05:48:00 | Has anyone here tried to do a data recovery on a crypto infected PC. Old school data recovery, not decryption All the docs etc are encrypted, so they are all gone.... I read it might be possible to get files back via data recovery of deleted files, as the malware encrypts to a copy & deletes the original. Im not sure how much truth there is in this. Has anyone tried. Im running a data recovery now , not sure if the docs I'm finding are usefull or just old deleted junk Im recovering quite a few deleted docs, so may be some hope? |
1101 (13337) | ||
| 1422647 | 2016-07-04 06:10:00 | Which crypto do you think it's infected with? | Speedy Gonzales (78) | ||
| 1422648 | 2016-07-04 07:05:00 | Depending on the type of crypto has a lot to do with it, I have done one, luckily it was only 2 documents the person was after, ( every thing else was backed up a few days before) and shadowexplorer/ (www.bleepingcomputer.com) managed to get the files required. It reads the Windows Shadow Volume Copies, (System Restore files ). | wainuitech (129) | ||
| 1422649 | 2016-07-04 10:58:00 | Best to find out what you are dealing with first malwaretips.com ID Ransomware https://id-ransomware.malwarehunterteam.com/ |
Lawrence (2987) | ||
| 1422650 | 2016-07-05 03:15:00 | I did get some files back with data recovery, but I they may be rubbish in the recycle bin (yet to try via shadow) Its a new version of the Locky ransomware. (Id rather not name it for now) It cant be decrypted . So the next question, given just how vaugue & generic cleanup instruction are for it.. Are crypto infected pc's safe after a cleanup/removal ?? If it was my PC, Id wipe & start again, but thats not my choice. |
1101 (13337) | ||
| 1422651 | 2016-07-05 22:12:00 | If it is a new cryto variant there could be a fix in the near future but it does not get around the problem the client/friend whats a quick fix If a few of the recognized are run you will get a idea of where the infection has come from and email needs looking at to see how many spam links are getting through and from here get some recognized antimalware software(eg Malwarebytes Premium or Eset Smart Security or other) Might be a option to either replace/upgrade the drive and save the original for a future fix to get important files back,if they have not backed up it's not your problem Probably the most reliable site to go to is https://malwaretips.com/ |
Lawrence (2987) | ||
| 1422652 | 2016-07-06 02:00:00 | Are crypto infected pc's safe after a cleanup/removal ?? If it was my PC, Id wipe & start again, but thats not my choice. If you know everything about the malware, what it does, where it puts things, and are sure you removed everything, then I don't see a problem. But since you'll probably never really know, the only sure-fire solution is to nuke it all and reinstall. |
Agent_24 (57) | ||
| 1 | |||||