Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected computer "help_decrypt" [Solved]


  • This topic is locked This topic is locked

#31
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Thanks. 

 

If you're not using Ad-Aware Anti-Virus (it looks like you are using Norton), please uninstall the Ad-Aware/Lavasoft programs from your system:

  • Ad-Aware Antivirus
  • AdAwareInstaller
  • AdAwareUpdater
  • AntimalwareEngine
  • AntispamEngine

Norton should already be protecting you in real-time, and MBAM can be used to scan for spyware/malware.

 

 

Try to download the ESET scanner from here: http://download.eset...taller_enu.exe

 

Install it and see if you can run a scan that way.

 

 

I will be out of town for the evening so I probably won't be able to reply until tomorrow.   :)


  • 0

Advertisements


#32
928gts

928gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi DanoNH

 

Uninstalled the adaware, but still no luck with the ESET scanner.

Enjoy your night out!

 

Cheers

 

 

Christian


  • 0

#33
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hi Christian,

 

Let's try this instead.  We'll clean up a few odds and ends, and then try a different tool:

 

First
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   1.56KB   111 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
     
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Second

Download the Emsisoft Free Emergency Kit from here.

  • Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
  • Go to the new directory and right-click on Start Emergency Kit Scanner.exe and choose 'Run as administrator...'.
  • Once the scanner loads, allow it check for updates.
  • When the updates are finished, click the BACK button to return to the main menu.
  • Click on the SMART SCAN to start scanning your system.  Please enable the PUA/PUP/PMA detection option.
  • If the scan finds anything, it will open a scan finding window.  Please click on View Report; copy this report and paste it here in reply post.
  • Please close the Emergency Kit Scanner program now.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST Fixlog
  • Emisoft report (if it found anything)

 

And please tell me how the system is running. Any issues?  :)


  • 0

#34
928gts

928gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi again

 

The first round with FRST64 didn't work out well, the program/computer got stuck and I had to do a restart.

The second time everything went smoothly, and the computer seems to work as it should....

(Didn't see "Smart scan" option in Emsisoft Free Emergency Kit, only Quick Scan, Malware scan and Custom scan....) I choose the custom.

 

Regards

 

Christian

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Ina (2015-08-23 21:43:49) Run:4
Running from C:\Users\Ina\Desktop
Loaded Profiles: Ina (Available Profiles: UpdatusUser & Ina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {03FA150B-CC47-4ACF-B057-500173BFC04C} - System32\Tasks\{8D4AF62D-5A8B-4E15-8A3C-A9DFC92F4E6A} => pcalua.exe -a C:\Users\Ina\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {324E42BA-D7F9-4EF8-8DEA-C774E594B56D} - System32\Tasks\{3D8DB94A-A784-45DB-A60D-26736C7EFE13} => C:\Users\Ina\Desktop\esetsmartinstaller_enu (11).exe
Task: {49B1B70C-DAAB-45F1-9898-DC29A50F73FB} - System32\Tasks\{DDFEB66E-DD78-4C81-94DD-17F4EA0C2D4A} => C:\Users\Ina\Desktop\esetsmartinstaller_enu (11).exe
Task: {5924B2BE-D58E-40F4-9A0C-FB46EAE7ECDF} - System32\Tasks\{5C9B5F3E-ECC5-4066-8177-71AF69C568CF} => C:\Users\Ina\Desktop\esetsmartinstaller_enu (11).exe
Task: {7DA5FBC5-459D-433B-B032-7A12FEB0FDAD} - System32\Tasks\{ABA190AE-D566-4697-A330-94C7E315A4BF} => C:\Users\Ina\Desktop\esetsmartinstaller_enu (11).exe
Task: {9AC19917-F839-4227-819C-44B2318F9E89} - System32\Tasks\{9771DF90-2226-4EDA-A598-98E53E5B913E} => C:\Users\Ina\Desktop\esetsmartinstaller_enu (11).exe
Task: {F8B1172E-9B24-48AD-847D-CD54C4C68E5E} - System32\Tasks\{EB93F98E-310D-40A4-91F0-9CD0DDE00EBE} => pcalua.exe -a C:\Users\Ina\Desktop\esetsmartinstaller_enu.exe -d C:\Users\Ina\Desktop
Task: {FC5C3997-3954-4457-AE17-AAC72DB7F0CB} - System32\Tasks\{8EEB44E5-AF2D-49EA-8C55-ECC84814C57E} => pcalua.exe -a C:\Users\Ina\Downloads\esetsmartinstaller_enu(3).exe -d C:\Users\Ina\Downloads
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03FA150B-CC47-4ACF-B057-500173BFC04C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03FA150B-CC47-4ACF-B057-500173BFC04C}" => key removed successfully
C:\Windows\System32\Tasks\{8D4AF62D-5A8B-4E15-8A3C-A9DFC92F4E6A} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D4AF62D-5A8B-4E15-8A3C-A9DFC92F4E6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{324E42BA-D7F9-4EF8-8DEA-C774E594B56D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{324E42BA-D7F9-4EF8-8DEA-C774E594B56D}" => key removed successfully
C:\Windows\System32\Tasks\{3D8DB94A-A784-45DB-A60D-26736C7EFE13} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D8DB94A-A784-45DB-A60D-26736C7EFE13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B1B70C-DAAB-45F1-9898-DC29A50F73FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B1B70C-DAAB-45F1-9898-DC29A50F73FB}" => key removed successfully
C:\Windows\System32\Tasks\{DDFEB66E-DD78-4C81-94DD-17F4EA0C2D4A} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDFEB66E-DD78-4C81-94DD-17F4EA0C2D4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5924B2BE-D58E-40F4-9A0C-FB46EAE7ECDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5924B2BE-D58E-40F4-9A0C-FB46EAE7ECDF}" => key removed successfully
C:\Windows\System32\Tasks\{5C9B5F3E-ECC5-4066-8177-71AF69C568CF} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C9B5F3E-ECC5-4066-8177-71AF69C568CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DA5FBC5-459D-433B-B032-7A12FEB0FDAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DA5FBC5-459D-433B-B032-7A12FEB0FDAD}" => key removed successfully
C:\Windows\System32\Tasks\{ABA190AE-D566-4697-A330-94C7E315A4BF} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ABA190AE-D566-4697-A330-94C7E315A4BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AC19917-F839-4227-819C-44B2318F9E89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC19917-F839-4227-819C-44B2318F9E89}" => key removed successfully
C:\Windows\System32\Tasks\{9771DF90-2226-4EDA-A598-98E53E5B913E} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9771DF90-2226-4EDA-A598-98E53E5B913E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8B1172E-9B24-48AD-847D-CD54C4C68E5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8B1172E-9B24-48AD-847D-CD54C4C68E5E}" => key removed successfully
C:\Windows\System32\Tasks\{EB93F98E-310D-40A4-91F0-9CD0DDE00EBE} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB93F98E-310D-40A4-91F0-9CD0DDE00EBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC5C3997-3954-4457-AE17-AAC72DB7F0CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC5C3997-3954-4457-AE17-AAC72DB7F0CB}" => key removed successfully
C:\Windows\System32\Tasks\{8EEB44E5-AF2D-49EA-8C55-ECC84814C57E} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8EEB44E5-AF2D-49EA-8C55-ECC84814C57E}" => key removed successfully

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

EmptyTemp: => 195 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 21:46:14 ====

 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 23.08.2015 21:59:59
User account: Ina-PC\Ina

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 23.08.2015 22:07:22
Value: HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS  detected: Application.Win32.InstallExt (A)

Scanned 236038
Found 5

Scan end: 23.08.2015 22:51:52
Scan time: 0:44:30


  • 0

#35
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, a bit more clean-up here.  Almost done... :)

 

Run a FRST Fix
 

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   663bytes   100 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 


  • 0

#36
928gts

928gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by Ina (2015-08-24 20:59:09) Run:5
Running from C:\Users\Ina\Desktop
Loaded Profiles: UpdatusUser & Ina (Available Profiles: UpdatusUser & Ina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg delete "HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
reg: reg delete "HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS" /f
EmptyTemp:
Reboot:

*****************

Restore point was successfully created.

========= reg delete "HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-21-50259209-3484564090-2128610906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS" /f =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32" /f =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS" /f =========

Operasjonen er utf›rt.

 

========= End of Reg: =========

EmptyTemp: => 36.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 20:59:35 ====


  • 0

#37
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Everything looks good in your logs here, so I'm happy to tell you:

Congratulations, your log is clean! :thumbsup:

Now, let's cover some additional steps to clean up your computer and help you avoid getting infected again...

Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Tool Removal
We need to remove the tools we've used during cleaning your machine

  • Download DelFix from here
  • Ensure Remove disinfection tools is ticked
  • Also check these options:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix_zpsjnkukbim.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply, and delete any remaining tools we downloaded, registry files (928gts.reg) and logs that you have left over on your Desktop, or in your Downloads folder (if that's where you saved them).  If you need any of these tools for later, you will get fresh copies, and this will prevent you from accidentally running a tool on your system which could damage it.

Now let's take a few preventative measures to reduce the risk of further infections. :cool:

Automatic Updates for Windows 7
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

Keep Java Updated
Warning: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser).

If you do need to keep Java then download JavaRa.
Run the program and select Remove Java Runtime.  Uninstall all versions of Java present.
Once done then run it again and select Update Java runtime > Download and install Latest version.
javara.JPG

Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will likely be more secure.

Note: If you are going to use Firefox, I would suggest the use of these add-ons:

  • NoScript - for blocking ads and other potential website attacks.
  • AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

Other Program updates
If you use any Adobe software make sure to keep them updated.  Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".

Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.

If you wish to keep using your current program, always make sure it is up to date and enabled.

These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:

Anti Spyware Programs
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware.  I would advise running this at least once a month.  If you need to download it again, you can get it from here:

Malwarebytes Anti-Malware

Instant Messengers
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

File/System Cleaners
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

CryptoLocker Warning
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
 
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
 
It is suggested to download and install CryptoPrevent, which is free for home use. It will help prevent CryptoLocker and other similar infections.

Further Reading
Here are some articles that are must reads and should be read by everybody in your household that uses the Internet:

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.

I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.

OK, happy computing, and stay safe! :cool:

Please reply again to this thread to acknowledge you have read my last post.  If you have no further questions, this thread will be closed to prevent others from posting here.

Thanks!


  • 0

#38
928gts

928gts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thanks DanoNH, that is great news! :)

 

After the first round With DelFix, I carried on with your list and after a while the machine rebooted before I could save/post the log from DelFix.

I ran it once more after going through everything you said, and this is the result. (see below)

 

Thank you so much for your time and patience helping me solve this problem!

 

 

Best regards

 

Christian

 

 

# DelFix v1.011 - Logfile created 24/08/2015 at 22:33:27
# Updated 18/08/2015 by Xplode
# Username : Ina - INA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Users\Ina\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#39
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

You are most welcome.  It's been my pleasure.  :thumbsup:

 

You should still have copies of your encrypted files in your D:\backup folder, so if there ever is a decryption tool you might be able to recover them.  The CryptoPrevent tool is a great way to help protect against the CryptoWall and CryptoLocker types of infection which you have already had the misfortune of contracting. 

 

In your case I would underline the need to make regular backups of your important files.  The safest way to do this is via a USB drive or other storage that is not always connected to the system.  Some backup programs allow you to create an off-site copy of the backup for safekeeping.  I actually use Acronis True Image to make incremental disk images, but a very good free backup tool which allows you to create bootable recovery media is Macrium Reflect Free.

 

I'll leave the topic open for a bit before closing it, so let me know if you run into any issues or have any further questions. 

 

Stay safe, and Happy Computing!

 

Dan


  • 0

#40
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP