1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help! a virus attack

Discussion in 'Black Hat SEO' started by seoscrachiers, Dec 2, 2015.

  1. seoscrachiers

    seoscrachiers Newbie

    Joined:
    Sep 22, 2015
    Messages:
    23
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Blogger and SEO Executive
    Location:
    Udaipur, Rajasthan, India
    Home Page:
    Hi, I am rohit. Today when i opened a email (which was a spam ) all pictures,text files, sql files and many more files are automatically got encrypted.
    And now when i try to open them i got a message to buy their software named crptowall. Have any body heard or faced it.
    please help me i am frustrated and can't use any of images or files.

    I am attaching the image that i am getting all the time. All the files are named " HELP_YOUR_FILES.extension ".



    HELP_YOUR_FILES.PNG
     
  2. InnovativeSEO

    InnovativeSEO Senior Member

    Joined:
    Feb 5, 2013
    Messages:
    860
    Likes Received:
    3,797
    Occupation:
    Business development
    Location:
    New York City
    If you truly need help I can probably help you. DAMMIT I hate bug catching, but if you haven't got a fix let me know.
     
    • Thanks Thanks x 1
  3. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,843
    Likes Received:
    7,459
    Home Page:
    In my opinion you have lost your data unless you have a backup - I have not heard anyone that can decrypt those files.
     
  4. seopencil

    seopencil Supreme Member

    Joined:
    Aug 3, 2011
    Messages:
    1,486
    Likes Received:
    532
    Location:
    BHW
    Home Page:
    You attacked with CryptoWall Ransomware

    now they will ask you money to fix that

    Its adware

    scan with malwarebytes or any good spyware/adware removal sotware.

    ps : You data gone if you are infected with Cryptowall. Now you can only remove that but no option to take data back
     
    • Thanks Thanks x 1
    Last edited: Dec 2, 2015
  5. redbandit

    redbandit Power Member

    Joined:
    Sep 30, 2014
    Messages:
    516
    Likes Received:
    101
    Location:
    BHW
    Crypto locker attacker, you can do a system restore, there are plenty of tutorials n it, if that fails you can't recover those files, they are gone.
     
  6. Cryogenesis

    Cryogenesis Jr. VIP Jr. VIP

    Joined:
    Sep 1, 2013
    Messages:
    1,693
    Likes Received:
    2,168
    Gender:
    Male
    Location:
    India
    Home Page:
    What sort of Email did you receive?
     
  7. seopencil

    seopencil Supreme Member

    Joined:
    Aug 3, 2011
    Messages:
    1,486
    Likes Received:
    532
    Location:
    BHW
    Home Page:
    Let me correct OP

    Hi, I am rohit. Today I saw a offer and i opened email and click on Attachment (which was a spyware ) all pictures,text files, sql files and many more files are automatically got encrypted.

    op : that spyware encrypted all your data in background with secret key. That key they will suppose to send once you will pay. This is technology ransom (Phirautee).
     
    • Thanks Thanks x 2
  8. webstartm

    webstartm Registered Member

    Joined:
    May 19, 2013
    Messages:
    60
    Likes Received:
    18
    There might be some decriptors,i saw them work in some cases,in some not
    read this

    techspot.com/downloads/6229-kaspersky-rakhnidecryptor.html
    support.kaspersky.com/viruses/utility#rakhnidecryptor
    noransom.kaspersky.com/
    activationcodes-database.com/helpmeatfreespeechmail/
    sensorstechforum.com/restore-files-encrypted-via-rsa-encryption-remove-cryptowall-and-other-ransomware-manually/
    talosintel.com/teslacrypt_tool/
    and this
    wintips.org/how-to-decrypt-or-get-back-encrypted-files-by-known-encrypting-ransomware-crypt-viruses/#cryptodefense

    You need to see what .extension is on your files,and try to use right tool from above ^^
    it takes some processing time,it depends on core strength of your CPU
    and try to google some more

    On one IT forum in my country,some guys successfully decrypted all files using this methods ^^
     
    • Thanks Thanks x 2
  9. seopencil

    seopencil Supreme Member

    Joined:
    Aug 3, 2011
    Messages:
    1,486
    Likes Received:
    532
    Location:
    BHW
    Home Page:
    Tool to decrypt RSA-2048 encryption ?

    Its not possible. We are still on near 2016

    Op you have two option

    1. Boot on safe mode, restore system and run malwarebytes

    2. Boot on safe mode and run malwarebytes and delete encrypted files (you can't decrypt that)
     
  10. webstartm

    webstartm Registered Member

    Joined:
    May 19, 2013
    Messages:
    60
    Likes Received:
    18
    Maybe it is just pretender
    He can try,i personally would try, nothing costs me

    "Files affected by this particular malicious threat typically have the .exx, .xyz, .zzz, .aaa, .abcor appended to the end of the file. Users may think they've been targeted by Cryptowall, because some TeslaCrypt versions may pretend to be Cryptowall 3.0.
    As we have already pointed out in the comments section of the Restore Files Encrypted via RSA Encryption sensorstechforum.com/restore-...ware-manually/, the Tesla decryptor tool can be tried. You can download it from here:
    talosintel.com/teslacrypt_tool/ "

    and by the way @OP ,always make backup of your important data on external HDD, it is safest point
     
    • Thanks Thanks x 1
  11. seoscrachiers

    seoscrachiers Newbie

    Joined:
    Sep 22, 2015
    Messages:
    23
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Blogger and SEO Executive
    Location:
    Udaipur, Rajasthan, India
    Home Page:
    I tried with malware byte. Is detected and deleted and again when i restarted my system it appears again.
     
  12. seoscrachiers

    seoscrachiers Newbie

    Joined:
    Sep 22, 2015
    Messages:
    23
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Blogger and SEO Executive
    Location:
    Udaipur, Rajasthan, India
    Home Page:
    Its was of some banks offer
     
  13. seoscrachiers

    seoscrachiers Newbie

    Joined:
    Sep 22, 2015
    Messages:
    23
    Likes Received:
    3
    Gender:
    Male
    Occupation:
    Blogger and SEO Executive
    Location:
    Udaipur, Rajasthan, India
    Home Page:
    Thanks webstartm,
    I will surely try this.