Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: File recovery from ransomware infection

  1. #11
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hi Wayne,

    Quote Originally Posted by waynebinukq View Post
    The encrypted files are stored on a separate storage D: drive not the C: drive, I still all the files I just can’t open or do anything with them.
    Were the encrypted files originally on the C:\ drive?
    Last edited by tashi; 2015-01-21 at 19:10.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  2. #12
    Junior Member
    Join Date
    Jan 2015
    Posts
    11

    Default

    Quote Originally Posted by tashi View Post
    Hi Wayne,


    Were the encrypted files originally on the C:\ drive?
    No, they have always been stored on the separate storage d: drive

  3. #13
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello Wayne,

    This thread is too long to merge posts so I will ask a volunteer analyst to take a take a look at your logs from the reformatted machine.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #14
    Junior Member
    Join Date
    Jan 2015
    Posts
    11

    Red face

    Quote Originally Posted by tashi View Post
    Hello Wayne,

    This thread is too long to merge posts so I will ask a volunteer analyst to take a take a look at your logs from the reformatted machine.

    Best regards.
    Thanks tashi you are a superstar!!

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't know if there is anything I can do, if we can identify which infection it is then there is a chance we can undo some of the damage.

    IDTool
    • Please download IDTool and save the file to your Desktop.
    • Right-Click idtool.zip and click Extract All. Select your Desktop and click Extract.
    • Right-Click IDTool.exe and click Run as administrator to run the programme.
    • If you're prompted to download and install Micorsoft .NET Framework, please agree.
    • Allow the programme to collect the necessary data.
    • Once the main console is loaded, click Rescan Computer and Generate a New Report.
    • Upon completion, and when prompted that the rescan is complete, click Generate Text Friendly Report for Forums.
    • Copy the contents of the report and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Jan 2015
    Posts
    11

    Default

    Quote Originally Posted by Juliet View Post
    Don't know if there is anything I can do, if we can identify which infection it is then there is a chance we can undo some of the damage.

    IDTool
    • Please download IDTool and save the file to your Desktop.
    • Right-Click idtool.zip and click Extract All. Select your Desktop and click Extract.
    • Right-Click IDTool.exe and click Run as administrator to run the programme.
    • If you're prompted to download and install Micorsoft .NET Framework, please agree.
    • Allow the programme to collect the necessary data.
    • Once the main console is loaded, click Rescan Computer and Generate a New Report.
    • Upon completion, and when prompted that the rescan is complete, click Generate Text Friendly Report for Forums.
    • Copy the contents of the report and paste in your next reply.
    I have done as you instructed above but the scan completes instantly with no results? Am I doing something wrong here?

    Regards

    Wayne

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Right-Click IDTool.exe and click Run as administrator?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Jan 2015
    Posts
    11

    Default

    Quote Originally Posted by Juliet View Post
    Right-Click IDTool.exe and click Run as administrator?
    That's what I did? ?

  9. #19
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The infection has been removed by tools your friend used. The damage was not reversed.

    Please read over these links to see what this infection does and the possibilities of what, if anything can be done.
    http://www.bleepingcomputer.com/foru...tb2-extension/
    http://www.bleepingcomputer.com/foru...nsion-to-ctbl/
    http://www.bleepingcomputer.com/viru...re-information
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #20
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Thank you Juliet.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •