How bout a pdf? Can't upload the photos
REGSVR32 ERROR ON START UP MODULE FAILED TO LOAD AND INTERNAL HDD CAN&
#16
Posted 03 February 2015 - 09:21 AM
#17
Posted 03 February 2015 - 09:23 AM
And do you have any idea when all your trouble started?
A timestamp might give me an idea about which variants had not been released yet.
#18
Posted 03 February 2015 - 09:26 AM
Yes. It all happened when I left my computer on last fri Jan 30 through sat. And noticed it last sunday. I guess it got infected when I went to YJ.
Edited by Paopawdecarabao, 03 February 2015 - 02:24 PM.
#19
Posted 03 February 2015 - 09:46 AM
You could try http://www.shadowexp.../downloads.html
And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.
#20
Posted 03 February 2015 - 11:03 AM
Do you have any form of backups? If it is a new variant, and that sounds like it will be, there will be no known decrypters available.
You could try http://www.shadowexp.../downloads.html
And like I said in my mail. If you have an encrypted and original version of one file, I can see if I can reverse the process for other files, but that really only has a small chance of success.
I will take a look later. But unfortunately there is no way to encrypt it to its original file? I don't have any backups. And wait for a decrypter file? How about if I try Virtual Lab data recovery tool?
#21
Posted 03 February 2015 - 12:24 PM
For example you can try : http://windows.micro...sions-files-faq
Decrypting is hard and is usually only successful if the ransomware creators were sloppy or lazy.
So far solutions were presented by various sources to decrypt files encrypted by most, if not all variants.
But I can give you no guarantee that will happen and certainly not how long it will take. It took months in some cases.
Another, not recommended option is to pay the ransom. By doing so, you are financing the next round of ransomware to be developed.
Plus the outcome is rather uncertain. You are dealing with unknown criminals, so why would they keep up their end of the bargain?
Another factor in your case is that we don't even know who to pay.
#22
Posted 03 February 2015 - 01:30 PM
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.
#23
Posted 03 February 2015 - 02:24 PM
Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.
Thank you for the help. Now I'm worried. I would fine any html or txt files once I get home but as of now my best bet is to use shadow explorer?
Edited by Paopawdecarabao, 03 February 2015 - 02:32 PM.
#24
Posted 03 February 2015 - 03:00 PM
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.
#25
Posted 03 February 2015 - 03:20 PM
If that works, you would get out of this easy.
I don't see many other good options.
As much as I hate to be the bearer of bad news, you are rightfully afraid.
To be honest if something like this happened to me, I would rescue what I could and re-format.
The system has been seriously compromised and I would no longer trust it.
This depends on your use for it of course.
If the shadow explorer worked. I would back up the files that has been saved and reformat the whole hdd?
#26
Posted 03 February 2015 - 03:22 PM
I use my computer for work and I want to be sure it's clean and trustworthy.
#27
Posted 03 February 2015 - 05:39 PM
#28
Posted 03 February 2015 - 09:49 PM
Nothing shows on the drives partition on shadowexplorer
#29
Posted 03 February 2015 - 10:20 PM
Regarding that last bit of my post. Can you see if there are any text or html files in your libraries, for example "My Pictures" that you did not put there?
Some ransomwares leave their pay-options behind there. That might tell us something about who we are dealing with.
Saw this on my malwarebytes log Trojan.ransom.ed is that it? any solution? I'm desperate thank you
#30
Posted 04 February 2015 - 02:09 AM
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users