Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cryptowall Virus


  • Please log in to reply

#1
Aarcam

Aarcam

    New Member

  • Member
  • Pip
  • 2 posts

Dear Geeks,

 

I've recently had some problems with the cryptowall virus, or "save_your_files virus".

I followed many different procedures, which I've found on the net, trying to avoid the fake ones.

 

Please, mind that currently I have no important files on this pc, so I don't need to restore them (which seems to be the real problem). I just want to have a 100% healthy pc.

 

What I tried:

 

The number 5 of this guide

https://malwaretips....ncrypted-virus/

which is to say: 

-Malwarebytes (it found cryptowall -about 6 different files- and removed it)

-Hitman (for a doublecheck, it found only one issue, which I think wasn't correlated with the virus)

 

Safe mode

I found many videos that suggested this solution. In my OS (Windows 8.1) I didn't find the same path that they showed. 

I followed 2 different paths:

1) Local Machine -> software -> Microsoft -> Run (which was empty in my case, and in many videos wasn't)

2) Current User (or something like that) -> software -> Microsoft -> (here one video found a folder named "cryptowall", nothing like this happened to me) - Run (which was empty in my case, and in many videos wasn't)

So I didn't really found anything useful (maybe because Malwarebyte had already deleted them?)

 

This Guide

http://www.wintips.o...yptowall-files/

which is to say:

-Roguekiller to stop the virus running the processes (it didn't find anything)

-Malwarebytes (as I had just run it, I didn't repeat it)

-Deleting temporary folders

 

 

Now, I don't really know if I've get rid of the virus itself. If i run again any antimalware, they don't find anything. On the other hand, when I start the pc there are still some popups, such as the image and the html file.

I could maybe eliminate them going to the starting processes, but as they could be a signal of the virus' presence I didn't do it yet,

 

Can you help me? Do you think i still have the virus or not? How to resolve best the problem (and the popups)?

 

Thank you


Edited by Aarcam, 06 December 2015 - 09:27 AM.

  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi Aarcam,

Welcome to GeeksToGo! :)

I would be more than happy to help you out in your time of need.

Please nothing more than what I ask you to do in the way of running scans, etc. At this time, could you please post the logs generated by the tools you have used so I could have a look see what was found and/or removed. Also I need a couple more logs to view. See below:

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Make sure that FRST is on the desktop of the infected system
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Log I need to see in your next reply are as follows:

FRST.txt
Additions.txt



Thank you,
Donna :)
  • 0

#3
Aarcam

Aarcam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi, thank you for your reply

 

Attached, 

2 logs from Farbar

1 log from Malwarebytes

1 log from BitDefender (the Antivirus I'm using right now)

 

 

Attached Files


  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi Aarcam,

Thank you for the logs. While I review the contents of these logs, please run the following scan and provide the reports that it generates.

Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP