Virus Ransomware .booa

Status
Not open for further replies.

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
441
3,348
Did you save the thesis anywhere else than on your system? Maybe dropbox or a cloud backup service like OneDrive? Or did you save it on a USB drive (even if you deleted it from there, it might be retrievable)

Please try the following steps. They have a low chance to be successful, but they are worth a try.

1. Shadow Explorer
  • Please download Shadow Explorer
  • Right-click on the Shadow Explorer archive, click Extract all.. and confirm to extract the files
  • In the extracted folder, double-click on ShadowExplorerPortable.exe to run the program
  • Now you can see previous versions of the files on the system. Make sure the correct drive letter is selected (usually "C:" )
  • There is a date on the upper bar. Check if there is a date available that was before the ransomware attack. If the date isn't available, you don't have any shadow volume copies from before and recovery is not possible.
  • Within Shadow Explorer, navigate to files or folders you want to recover
  • To recover: Right-click and click Export... then choose a folder to save the files to and click OK
Let me know if this works.

2. File Recovery Software
  • Please download PhotoRec, choose Windows 64-bit from that list.
  • Right-click on the testdisk-7.1.win64.zip archive and click Extract all.
  • Now navigate into the extracted folder and run qphotorec_win.exe
  • Select your Hard Disk from the list.
  • Make sure that FAT/NTFS/HFS+/ReiserFS is selected
  • Choose a destination for your recovered files by clicking on the "Browse" button
  • Now click "Search" and the tool will start recovering. Wait for it to finish, then click Quit
You will find recovered files in the selected destination folder.
If you had any external drives encrypted, you may try the same on them.

Please tell me if any of this worked for you.
 
Last edited:

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
441
3,348
The best precaution against ransomware are backups of your personal files to a drive that is not permanently connected to your system. Alternatively backup cloud services that provide previous versions of files work as well. That way you don't loose any files after an infection.

About infection prevention:
Your particular strain of ransomware (STOP/DJVU) arrives via malicious software downloads, cracks and illegal software. Not using illegal software helps.
Other strains of ransomware use the same infection methods as any other malware. Good infection prevention practices include:

  • Keep your programs always up-to-date, including the operating system, browsers, email programmes, everything that you use to interact with the web, and also your Antivirus suite.
  • Use exactly one Antivirus suite. Several will get in the way of each other, fight for resources, and potentially detect each other as malicious due to the way AV has to monitor the system.
  • Use browser plugins that prevent ads (aka adblockers) and execution of scripts, e.g., NoScript.
  • Be careful with email attachments and links. Those can potentially contain malware or lead to phishing sites.
  • Avoid using P2P software. This software is sharing files with lots of other computers. Infected files, especially worms, thrive in this environment.
  • Enable to view file extensions in file explorer, so that you can recognize double extensions. These are used by malware to trick you into executing their files, e.g. my_great_movie.mp4.exe
 

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
441
3,348
You are welcome. I keep my fingers crossed.
I am closing this thread now.
 
Status
Not open for further replies.
Top