[OkayOkayOkay]

I have private messaged you the links

[Advertisements]

I have private messaged you the links

[OkayOkayOkay]

I have private messaged you the links

[OkayOkayOkay]

I checked your dropbox link and it's still only your software hive. If you could upload those files and provide a link that would be great. To avoid any confusion you could upload them to SendSpace if you wish as well. Then just provide the link.

I have uploaded them to SendSpace and sent you the link, privately

[BrianDrab]

Thanks. I have everything I need now.

 

Did you happen to try this tool to see if we get lucky?

http://www.bleepingc...-by-teslacrypt/

 

 

Assuming that doesn't work, It's decision time so we can get you cleaned up.

1. Before we clean your machine do you want me to copy all your encrypted files somewhere so in case a decryption is ever created that you can utilize it? Or do you just want to cut your loses and move forward at this point.

2. Your other option is to pay the ransom to get your files decrypted but there's no guarantee it will work. Many people have had success with this. It's a very personal decision.

 

Let me know and we'll continue on.

[OkayOkayOkay]

yes. no such luck!!

 

Please can we back my files up.

 

Have you ever come across somebody that hasn't had their files returned upon paying the ransom?

Do you think it's likely there will be a fix in the near future?

[BrianDrab]

Have you ever come across somebody that hasn't had their files returned upon paying the ransom?

 

Only one. Most were successful.

 

Do you think it's likely there will be a fix in the near future?

 

Unfortunately no.

[BrianDrab]

And just to verify have you checked for restore points to see if you have any that are dated previous to the infection?

[OkayOkayOkay]

I've just come across a feature that allows me to decrypt 1 file for free. Could this help at all? I'm currently decrypting one of my more important files.

 

I have tried restore points (I think). Is that the Windows backup?

 

I won't be paying the ransom.

[BrianDrab]

I've just come across a feature that allows me to decrypt 1 file for free. Could this help at all? I'm currently decrypting one of my more important files.

 

 

Hopefully you can get that one decrypted. It won't help us decrypt any of the others however.

 

I have tried restore points (I think). Is that the Windows backup?

 

If you right-click on one of your encrypted files and select properties. Then choose Previous Versions, are there any that are before the encryption?

 

 

I won't be paying the ransom.

 

Good. It's not my place to make this decision for you but I'm happy that you aren't. You have a recent version of TelsaCrypt that pretends to be CryptoWall. It's a nasty piece of malware and currently no way to decrypt.

[OkayOkayOkay]

I've tried restoring. Nothing doing!!

[BrianDrab]

OK. Let's clean up now.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

 

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   18.52KB   258 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool. Click I agree if you agree with the terms of use.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[C1].txt as well.

 

Step#3 - JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#4 - Uninstall McAfee

1. Uninstall McAfee from add/remove programs.

2. Then after rebooting, please run the McAfee Removal Tool.

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner Log

3. Junkware Log

 

[OkayOkayOkay]

I don't have a FRST64 document on my laptop

[OkayOkayOkay]

I have a FRST file that's also a notepad file. Is that what I need in the same place as the fix list file?

[OkayOkayOkay]

I believe the file you've asked me to keep on my desktop has become encrypted since I last restarted my laptop. Will I have to reinstall the original file? I can't remember what it was.

[BrianDrab]

Just re-download FRST64.exe to your desktop as well as the fixlist.txt from my previous post. Ensure both are on your desktop and then run FRST64.exe and click on fix.