[needy1]

I My PC was infected with the Cryptolocker / Torrentlocker virus today and my files have been encrypted.

The latest info I can find says that these files can't be recovered unless the ransom is paid for the decryption key.

 

I hope this isn't true! I really need some of the files that weren't backed up but want to try anything I can first before having to pay these thieves.  

Any suggestions or recent info on this virus would be greatly appreciated. I haven't cleaned or removed anything yet.

 

Cheers

[Advertisements]

Hi lets see if this will help (courtesy LiquidTension )

Previous Versions

• Right-click the file/folder and click Properties.
• Click Previous Versions.
• This tab will list all copies of the file and the date they were backed up.
• To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
• If you wish to restore the selected file and replace the existing one, click Restore
• If you wish to view the contents of the file before restoring, click Open.

ShadowExplorer

• Please download ShadowExplorer and save the file to your Desktop
• Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
• Right-Click ShadowExplorer.exe and select http://Run as administrator to run the programme.
• You will see a drop-down menu with the shadow copies of all partitions and disks present.
• Click C:\ from the drop-down menu.
• To the right, pick a date prior to the infection from the drop-down menu.
• To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.

File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

• R-Studio
• Photorec
• Recuva

Then we can start cleaning however dependant on the version of the malware will determine if you can recover any data

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi lets see if this will help (courtesy LiquidTension )

Previous Versions

• Right-click the file/folder and click Properties.
• Click Previous Versions.
• This tab will list all copies of the file and the date they were backed up.
• To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
• If you wish to restore the selected file and replace the existing one, click Restore
• If you wish to view the contents of the file before restoring, click Open.

ShadowExplorer

• Please download ShadowExplorer and save the file to your Desktop
• Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
• Right-Click ShadowExplorer.exe and select http://Run as administrator to run the programme.
• You will see a drop-down menu with the shadow copies of all partitions and disks present.
• Click C:\ from the drop-down menu.
• To the right, pick a date prior to the infection from the drop-down menu.
• To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.

File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

• R-Studio
• Photorec
• Recuva

Then we can start cleaning however dependant on the version of the malware will determine if you can recover any data

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.