BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Cryptolocker
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Cryptolocker  
Forum Quick Jump
 
New Topic Post reply to : Cryptolocker Printable version of : Cryptolocker
[ << Previous Thread | Next Thread >> ]

petlad
New Member


Date Joined Dec 2008
Total Posts : 30
 
   Posted 10/29/2013 12:25 PM (GMT +3)    Quote: CryptolockerAlert an admin about: Cryptolocker
Hi all ,
 
My friend's laptop with windows XP on it got infected with Cryptolocker virus ransomware. If any one has a solution to decrypt the files which are infected and are not opening since removal of cryptolocker please feedback and I can send / post logs for the use if required.
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 10/29/2013 4:24 PM (GMT +3)    Quote: CryptolockerAlert an admin about: Cryptolocker
I am very sorry to hear about the difficulties your friend is having.

Encryption infections can do one of the three below:

1. They do not encrypt anything, but change or delete the extension, making the system unable to recognize the type of file.
2. The files are encrypted, but the key did reach one of the Virus Teams from security companies and files can be decrypted with one of the tools that you can find on the internet, or the security suite can also disinfect/decrypt the files affected immediately.
3. The files are encrypted, the key is deleted and they become completely unrecoverable. This is the worst case scenario because without a backup, all your files are completely gone.

Bleepingcomputer.com have gone and wrote a very good article on this nasty infection:
www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Panda Security has graciously offered a Decrypt tool:
www.pandasecurity.com/resources/tools/pandaunransom.exe
Note: I do appreciate the effort that went into making this tool, but I do not know whether it works or not, because I have never dealt with this infection before.

Please recommend your friend to install a good security suite that will catch this. The chances are that he doesn't know where he got infected and this only means that he could get it again.

BullGuard removes this infection immediately, so other than the very good article that Bleeping Computer has put up and the tool from Panda, I would not know what to recommend. What is certain is that the longer the infection is allowed to exist, the more damage it will do.

All the best!


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 14

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

petlad
New Member


Date Joined Dec 2008
Total Posts : 30
 
   Posted 10/29/2013 10:01 PM (GMT +3)    Quote: CryptolockerAlert an admin about: Cryptolocker
Dear Andreea ,

Thanks for prompt reply. I have downloaded the tool and will read full article of beeping computer . I had advised him initially to run malwarebytes but my friend had already used some tool to delete virus and he thought the files will now open but they are not. I shall do needful as advised and I am very sure that he shall get access to his files shortly. As academics and learning i would like to know a bit more about key. I am using one program of fx trading having a security key which i always save it on my pendrive and also on multiple secured locations should i loose pendrive. Now my question is if Virus creator is removing or applying a key when one opens a file will the program not ask for password -- i mean load a key ? I am not sure if this virus apply a key or as you have mentioned have deleted extension. The files that has been corrupted still shows that either they are word file or xls or txt etc. If its convenient for you to explain it would be great pleasure to know more. Thanks again Andreea and shall update on results .
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 10/30/2013 4:48 AM (GMT +3)    Quote: CryptolockerAlert an admin about: Cryptolocker
Two commonly used methods of encrypting data are DES and RSA. You can read more about Encryption from here:

en.wikipedia.org/wiki/RSA_(algorithm)
en.wikipedia.org/wiki/Data_Encryption_Standard
en.wikipedia.org/wiki/Computational_complexity_theory

From what I have read about Cryptolocker, it uses RSA.

It really would be too much for me to post here.

Encryption is pretty straight-forward. You just need to be good (very good, arguably), at math. The only problem with encrypting is that your files can potentially be lost, if you loose the key.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 14

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Post Edited (Andreea-Luciana Ostache) : 10/30/2013 2:08:07 AM GMT

Back to Top
 

southcoastsounds
New Member


Date Joined Nov 2013
Total Posts : 2
 
   Posted 11/8/2013 10:54 AM (GMT +3)    Quote: CryptolockerAlert an admin about: Cryptolocker
There was a very informative feature on BBC Radio 5 Live last night on CryptoLocker. It seems that there really is no way out of this ransomware once it's on your computer because the encryption key get's destroyed after 72 hours if you've not paid the ransom by then. A recent article in The Register says that the crooks behind it are kindly offering to recover the encrption key if you've missed the deadline - but at a cost of $2,300!

Clearly this is a new and huge threat and the most important approach is to avoid getting the malware in the first place.

What is worrying is that if you are backing up your data to the cloud automatically, if you're not quick of the mark, the corrupted files will be transferred to the cloud too! However, I contacted LiveDrive today (the cloud storage I use) and they assured me that they keep several versions of my files so I can roll back to an un-encrypted version.

Thomas Cunliffe

Post Edited (southcoastsounds) : 11/8/2013 6:30:25 PM GMT

Back to Top
 
New Topic Post reply to : Cryptolocker Printable version of : Cryptolocker
 
Forum Information
Currently it is Friday, October 24, 2014 9:05 PM (GMT +3)
There are a total of 60,693 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 27 reply posts. View Active Threads
Who's Online
This forum has 36551 registered members. Please welcome our newest member, 270bajigur.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard firewall blocks dns requests for virtual machine clients (3)10/24/2014 11:55:39 AM (leok)
Errors, warnings, infections, trojans and junk (25)10/24/2014 7:49:17 AM (Touch)