Solved I have cryptowall virus, hopefully you can help

Status
Not open for further replies.
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
I have been having trouble posting to the forum so am on another computer. If this works, I'll upload the logs in another post
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
That worked, so back on the infected PC now. Here are the logs
 

Attachments

  • FRST.txt
    27.8 KB · Views: 138
  • Addition.txt
    24 KB · Views: 102
  • AdwCleaner[S1].txt
    1,013 bytes · Views: 80
  • aswMBR.txt
    1.2 KB · Views: 89
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Hi, Thanks for your reply. Yes, I understand we will not be able to recover the files. I read the information you suggested, thanks
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
 
  • Like
Reactions: Jack
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Thanks, Hope you will be able to help me remove this virus
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
I tried to run the scan, but it started and then wouldn't complete. It froze when it got to "extra checks". It only produced 1 log, which I have attached
 

Attachments

  • FRST.txt
    27.4 KB · Views: 148
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.





51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a5bf3d99e8a-ComboFixlogo16.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
 

Attachments

  • fixlist.txt
    1.6 KB · Views: 139
Last edited:
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Sorry, I can't see where you have attached the fixlist.txt file
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Thanks, I have done those 2 scans, and I have attached the logs
 

Attachments

  • FRST.txt
    28.7 KB · Views: 108
  • Fixlog.txt
    3.8 KB · Views: 132
  • ComboFix.txt
    11.6 KB · Views: 77
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
I have run the scan, it didn't find anything. The log is attached.
I have noticed that I am no longer getting the cryptowall messages popping up, but have still got random "decrypt..." files on the computer.
I also noticed that I can't open the email progam (microsoft outlook) This is the error message "cannot open your default email folders. The file ... (location.pst)... is not a personal folders file" I'm not sure if this is a new problem or not as haven't tried to open it for awhile. Could this be connected to the crypotwall problem?
 

Attachments

  • scan log.txt
    1 KB · Views: 83
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Sorry for the late reply, but had to work yesterday. I'll try those today and let you know how I get on. Great news that the PC is clean now, thanks
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
I tried the decrypcryptolocker site. I got a message about a certificate error, and then the file wouldn't upload. I tried it on my laptop, no error this time, so transferred a corrupted file to a memory stick and uploaded it successfully. I got an message saying that the file did not appear to be corrupted by cryptolocker. Could this be because I had crypotowall instead?

I looked at the link regarding the email problem. The error message it describes is different to the one I get when I try to open outlook, however I did try to repair the offline folder using scanost.exe. This wouldn't work, the message said it wasn't compatible with my version of outlook. I checked that it wasn't running in compatibility mode. The article refers to .ost file problems, my error message refers to a .pst file. Maybe they are the same thing?, I don't know.
 
S

Sue64

New Member
Thread author
Verified
Jul 29, 2013
22
Thank you for all your help, at least we got rid of the problem. I will try the methods mentioned in the above article to see if I can restore files.
Thanks again
 
Status
Not open for further replies.

Similar threads

J
  • Locked
Google Chrome redirecting to Bing and Yahoo
Replies
2
Views
491
Windows Malware Removal Help & Support
nasdaq
nasdaq
Frika
  • Locked
Portscanning problem in our home setup
Replies
12
Views
795
Windows Malware Removal Help & Support
Frika
Frika
L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
167
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top