[Paopawdecarabao]

How bout a pdf? Can't upload the photos

Attached Files

•  Ismashan F.pdf   492.13KB   162 downloads

[Advertisements]

That was a legitimate file before all this happened?
And do you have any idea when all your trouble started?
A timestamp might give me an idea about which variants had not been released yet.

[Metallica]

That was a legitimate file before all this happened?
And do you have any idea when all your trouble started?
A timestamp might give me an idea about which variants had not been released yet.

[Paopawdecarabao]

Yes. It all happened when I left my computer on last fri Jan 30 through sat. And noticed it last sunday. I guess it got infected when I went to YJ. 

Edited by Paopawdecarabao, 03 February 2015 - 02:24 PM.

[Metallica]

Do you have any form of backups? If it is a new variant, and that sounds like it will be, there will be no known decrypters available.
You could try http://www.shadowexp.../downloads.html

And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.

[Paopawdecarabao]

Do you have any form of backups? If it is a new variant, and that sounds like it will be, there will be no known decrypters available.
You could try http://www.shadowexp.../downloads.html

And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.

I will take a look later. But unfortunately there is no way to encrypt it to its original file? I don't have any backups. And wait for a decrypter file? How about if I try Virtual Lab data recovery tool?

[Metallica]

Any recovery tool at this moment depends on backups, knowingly placed on your computer or not.
For example you can try : http://windows.micro...sions-files-faq

Decrypting is hard and is usually only successful if the ransomware creators were sloppy or lazy.
So far solutions were presented by various sources to decrypt files encrypted by most, if not all variants.
But I can give you no guarantee that will happen and certainly not how long it will take. It took months in some cases.

Another, not recommended option is to pay the ransom. By doing so, you are financing the next round of ransomware to be developed.
Plus the outcome is rather uncertain. You are dealing with unknown criminals, so why would they keep up their end of the bargain?
Another factor in your case is that we don't even know who to pay.

[Metallica]

Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.

[Paopawdecarabao]

Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.

Thank you for the help. Now I'm worried. I would fine any html or txt files once I get home but as of now my best bet is to use shadow explorer?

Edited by Paopawdecarabao, 03 February 2015 - 02:32 PM.

[Metallica]

If that works, you would get out of this easy.
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.

[Paopawdecarabao]

If that works, you would get out of this easy.
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.

If the shadow explorer worked. I would back up the files that has been saved and reformat the whole hdd?

[Metallica]

I'm not saying you should. I'm saying I would.
I use my computer for work and I want to be sure it's clean and trustworthy.

[Paopawdecarabao]

https://curah.micros...tb-locker-virus

 

Is this helpful? found it when googling.

[Paopawdecarabao]

Nothing shows on the drives partition on shadowexplorer

[Paopawdecarabao]

Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.

 

 

Saw this on my malwarebytes log Trojan.ransom.ed is that it? any solution? I'm desperate thank you

[Metallica]

That could be the installer.
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?