I ask for Malware removal assistance ( cryptowall 3.0 )

Status
Not open for further replies.

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
Hi , This Virus appears in my computer ask me to pay 500$ .. :p well in my country 500$ is a fortune, I can't access to my JPG files nor my Docx or TXT files In all my HARD DISKS ... the folders contain those 4 files of the virus named :

HELP_DECRYPT .txt
HELP_DECRYPT.png
HELP_DECRYPT.html

Talking about decrypting my files with RSA-2048 using CryptoWall 3.0.
-------

My problem is that all my files are MY LIFE , The Pictures of my familly since 2002 .. and everything and the most important Thing is MY DISSERTATION ( I'm a MASTER OF ART STUDENT ) and all the research that took me 2 years which is in *.Doc is crypted ,, imagine a research contain 500 pages is gone .... Imagine .

All I want is that my PC , return to normal and all my files .

I will do anything , just help me , because my job , work , life is on the edge.

Thank you.
 

Attachments

  • FRST.txt
    56.1 KB · Views: 144
  • Addition.txt
    26.8 KB · Views: 85

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
are you kidding me ?? you mean my research of 2 years is gone ????????? you mean 500 pages of my research is gone just like that ?
 

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
At least I've a RAR file of my dessertation ... but when I open it it said file """ the archive is either in unknown format or damaged ''''
can I at least repair it ?? with something ?
 

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
There is always a way with technology ... I don't know what it is but there's a solution without paying the ransom ... A TRACK , A WAY , A BACKDOOR .. I just don't know ... I'm only waiting and hoping for now
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, only thing you can do is to move encrypted files to the safe place and then wait until they crack the encryption or arrest the bad guys and extract data from their servers.
 
  • Like
Reactions: yigido

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
hi :)
when you go to %appdata%\Microsoft\Crypto\RSA

you find this files ? does they mean anything ???
 

Attachments

  • Sans titre.png
    Sans titre.png
    261.6 KB · Views: 91

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
look I'm thinking not to my self , but to everyone infected with this virus ..

I tried .. rannohdecryptor.exe .. I selected a crypted file then I choosed the same file Uncrypted but nothing happend o_O
2 ... I runned CryptoOffense & te94decrypt but both didn't locate the KEY .
3. It ALL ABOUT THE KEY !!! however ,,, I sure the key is in the PC ... why that ??

because when you disconnect .. and try to Use their FREE Unlocker before paying ... it actually unlock a file , so I'm sure the KEY is in the PC , but where I don't know !!!

an other question !! This virus delete all restoration system files ... Do you know what is the extension of those files ?? maybe if we use a EaseUS Data Recovery Wizard 7.5 maybe It wil Restore them and actually we can restore the system !!

Trust me man , there's a way !! NOTHING IS IMPOSSIBLE ... The evil never win against the Good !
 

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
one more thing , shadow explorer won't work in my computer , why that ???
I check ,shadowstorage I've some in my computer , but I don't know how to run them or what to do with them
 

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
I found them in the REGEDIT ... however !! I don't know what to do o_O if I modify them what should I write ?
 

Attachments

  • reegde.jpg
    reegde.jpg
    318.4 KB · Views: 136

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
For 1st Article : http://malwaretips.com/threads/i-ask-for-malware-removal-assistance-cryptowall-3-0.44240/

Now ... After lot of research and tools, I won't give up , Giving up was made to losers ..

I tried ListCWall ... and I found them in the Regedit !!!

however , what does the blue ICON mean in regedit ??

I'm sure there's a way if we change the ( donnée binaire ) in french ... see screen shot to undertand ... I sure they will get back to normal state ... !!

This Is a virus and every virus has a solution !! we can change the world !! we can find it !

USE YOUR MIND ! all for one and one for all
 

Attachments

  • SCREENSHOT.png
    SCREENSHOT.png
    252.3 KB · Views: 89

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
You found only a list of encrypted files, these are not your files, but only registry entries.

And again, don't get fooled, there is no cure for this infection, you cannot break the encryption.
 

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
I was thinking !! and I tried a recovery software !!

Look what I found ?? is it intresting ?? maybe if I recover them to the correct folder I can do system restore ?? what do you think ??

THE winsws is 3 GB !!! it might be something intresting ?

LOOK MAN !! if we find a software that can recover the SYSTEM VOLUME INFORMATION ... than we can recover our computer !!

Trust me , there's a way , and you'll see your self and my self in kespersky magazines
 

Attachments

  • winsws.png
    winsws.png
    284 KB · Views: 79

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
and the System volume information , take a look
 

Attachments

  • SVI.png
    SVI.png
    240.1 KB · Views: 82
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top