• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

CRYPTOWALL?? Virus / HELP

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
mkoersvelt

mkoersvelt

Member
Joined
Mar 16, 2003
Location
Winnipeg,Canada (EH!)
Well my Laptop has a virus it seems
Cryptowall.
Anyone know how to remove this>??

I've tried AVG / Spybot / F Secure /
Unreal. Any info would be great
Thanks guys
 
looks like a nasty one... note your files encrypted by it are unrecoverable :(

found this guide http://www.precisesecurity.com/rogue/remove-cryptowall

also I would open a command prompt (admin) and type sfc /scannow it will check the windows files against an online image.

if it states you have violations in files then type the following after the scan Dism /Oneline /Cleanup-Image /RestoreHealth

this will retrieve the windows system files from the online image (note you may have to repeat these processes two or more times)

also go here http://www.freefixer.com/
run freefixer and it will monitor and highlight modified files after scanning. you need to select the files to replace manually but I`ve found it quite effective when you get a particular nasty rootkit that spawns.

note theres also a file nuke that you can copy and paste the path into and it will attempt to remove them on reboot.

your up against it with this rootkit/Trojan ransomware as its already encrypted the first 512 bytes of files with its code :-/

hope this helps :salute:
 
Last edited:
I'll give the items you posted a shot
The Laptop still runs fine. This is not cool. Did some research and apparently it's past through email attachments.
 
yeah? I read on that removal link on the comments that most victims were businesses. I see the payments are made via bitcoins... some deep web international gangster shiola right there.

they'd be hard pressed to see any payments out of everyday users.

also noticed some people had held back encrypted files in the hopes one day someone will crack the encryption... didn't see anyone post a solution though :-/

nasty scam indeed...
 
Scan is done
I tried to run the next promt you posted and I got:
The DISM log file can be found at C:\Windows\Logs\DISM\dissm.log

So now what is the next step
 
well reading the article seems they make upwards of $25,000 per day. the first wave attack made estimated upwards of $1.4 million.

giving people the shaft is big money.

seems the adware is exploited through flash player and java.

I`m just disabling my flash player add on`s in IE now :D screw that... (I surf the gutter a lot)
 
IE disable how to:-

no1 click settings top right IE select manage add-ons

dao1.jpg

no2 - disable flash and java add-ons
dao2.jpg

and relax :)

on firefox and chrome you`ll need to download the flashblocker
 
mkoersvelt said:
Scan is done
I tried to run the next promt you posted and I got:
The DISM log file can be found at C:\Windows\Logs\DISM\dissm.log

So now what is the next step
Click to expand...

was that after the sfc /scannow command?

or did Dism /Oneline /Cleanup-Image /RestoreHealth
not work?

if not then what version of windows are we dealing with?

 
Ok, I disabled it.
Should I try Free Fixer. This is total BS. Extorting $$$ from people
Sounds like the Taliban or ISIS have become computer savvy LOL

My system restore is not running-not sure when that happened?
Also Windows Defender is not running and I can't fire it up either
 
yes freefixer will dig out lots of suspect files and changes :)

it shows you what`s not quite right or suspicious rather than what`s safe to delete but on the other hand I think your OS is pretty trashed anyhow.

my concern is this bugger of a malware reproducing ready for your next install :-/
 
try:-

C:\Windows\system32>dism /online /Cleanup-image /AnalyzeComponentStore

if not then:-

Restart computer while holding down Shift Key...this brings up "Option Menu".
Click on "Troubleshoot" then "Advanced Options" then "System Image Recovery".
This solves a multitude of problems without affecting files etc.

official windows development team feedback:-

re-installing Windows as an upgrade using a MSDN 8.1 with update image.

__________________

if you need a windows image http://mcakins.com/2013/10/19/download-windows-8-1-iso-using-you-windows-8-0-key/

further guide http://dellwindowsreinstallationgui...-with-a-windows-8-0-retail-product-key-notes/

________________________

I suspect you`d may as well pass on the DISM if none of that works as the malware has eat into your wow64 files and other parts.

but after a clean install and scan of all your drives and network data I would run those commands and make sure it works.
 
Me chiming in; The only well known effective way to go back to a clean system when hit by these ransomware, go back to a clean backup and fresh install. Forget about trying to decrypt what's already been encrypted, forget about trying to clean it out of your system in the hope that it somehow releases the files being held hostage. It ain't happening.

You do back up regularly, right?
 
I haven't backed this whole thing up in awhile
I did back up all the pics on here though. There really isn't anything else on here

I tried re-starting holding the shift key. Also holding F8=nothing happened?
This is a retail install of Win 8. What's the best way to tackle this reinstall.
I've only done the OEM.
 
You must log in or register to reply here.

Similar threads

Tank Geek
Keyboards?
2
Replies
25
Views
630
Flamethrower1972
Flamethrower1972
D
New Laptop this year
Replies
8
Views
416
Dravenspur
D
T
Best Prebuilt pc in $1200-1600 range
Replies
4
Views
162
Evilsizer
Evilsizer
WrkBoot
Sometimes sound issue
2
Replies
22
Views
403
WrkBoot
WrkBoot
WrkBoot
Random freezing and blue screens
2
Replies
25
Views
693
EarthDog
EarthDog
Back