CryptoLocker Infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by shredwood, Oct 1, 2014.

  1. shredwood

    shredwood Private E-2

    Hi, and thank you in advance for looking at my issue.

    Only a few data files have become encrypted. No ransom message was received but decrypt instructions are in the affected data folders.

    Attached are:
    RKreport_SCN_09302014_182631.log
    Malwarebytes' Anti-Malware log
    TDSSKiller log
    HitmanPro log
    MGlogs.zip

    RKreport[1].txt from RogueKiller was either not generated or could not be found. One additional report (not attached) that was generated was RKreport_DEL_09302014_182713.log

    Have a great day!
     

    Attached Files:

    shredwood, Oct 1, 2014
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no signs of a CryptoLoker infection.

    How many is a few and do you really need them? If truly locked by CryptoLocker you may have already lost them. But you may want to look into the below. We can neither confirm or deny that what is mentioned there will work, but if the files are really locked and you need them, it may be worth your time to investigate.

    http://www.zdnet.com/fireeye-fox-it-...re-7000032372/
     
    chaslang, Oct 3, 2014
    #2
  3. shredwood

    shredwood Private E-2

    Thank you Chaslang. I am very relieved and happy to hear the good news.

    I have attached a text file from the directory containing the encrypted data files to help with identifying the malware. This text file appears to seek a ransom for the locked files.. perhaps it is a new malware, but not cryptolocker.

    If there is time, perhaps you could take a look at that text file.

    Otherwise, thanks again!
     

    Attached Files:

    Last edited: Oct 6, 2014
    shredwood, Oct 6, 2014
    #3
  4. shredwood

    shredwood Private E-2

    I would add that Windows Update is not working, and Windows Security Center cannot be started.

    Also, there are subdirectories in the User folder that cannot be accessed, like "cookies", "nethood", "templates", etc.
     
    shredwood, Oct 6, 2014
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Windows Update could be broken for any number of reasons.

    Normal.

    The file you attached is from CryptoWall not CryptoLocker. However there really were no offical ways to decrypt these either. Do you have files like that in more than one folder? Do you have any files that really seem to be encrypted? If you really have this infection ( even though not showing up in your logs ) you will likely be reinstalling unless you want to pay the randsom which is strongly not recommended.

    See the below link for a lot of good info on CryptoWall

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information


    You should try running the listcwall program giving in the above link:
     
    chaslang, Oct 7, 2014
    #5
  6. shredwood

    shredwood Private E-2

    ListCWall found 0 Cryptowall infected files.

    There are *.mdx files in 2 directories (one directory is a backup of the other) that are encrypted causing a data management program to not function.

    The corrupted/encrypted data files can be restored from cloud backup... no worries there. Was hoping to solve the riddle and be able to use this PC as is.

    Do you recommend a re-install of the operating system?
     
    shredwood, Oct 7, 2014
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you want to be confident that nothing is waiting to come up later to bite you then the answer would be yes. As I stated I did not see ansigns of an active infection but you did attach a file that would come from an infection. And you say that a few files were encrypted. Thus you really cannot trust this PC now.
     
    chaslang, Oct 8, 2014
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds