Solved Windows 7 - Various Files Show As Corruputed After Virus Removal

[Adplusone]

Need your help again!

Thanks!

Adplusone

 

[Adplusone]

Was a WEIRD file....not a wired file....

 

[Adplusone]

See attached for the reports from Trend Micro on what was removed and the network log.

 

[TwinHeadedEagle]

Hello Jeffrey,

Unfortunately, you were infected with Cryptowall malware. Basically it encrypts your files and ask for ransom to decrypt them.

If you want more information, you can read about Cryptowall on this link:

CryptoWall and HELP_DECRYPT Ransomware Information Guide and FAQ

What I can say about this is that there is no way to restore encrypted files to working condition. Basically you can either save them somewhere safe if they are too important, because in future they will probably find a fix for this encryption so you can restore your files to working condition. But this is only my assumption.


Do you still have this fake email you received?


There are still some leftover I would like to clean. Also, you can run Adwcleaner again and clean all found items.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Adplusone]

Ran tool....fixlog attached.

 

[Adplusone]

I do NOT have the email that got me all this trouble.

 

[TwinHeadedEagle]

Did you run Adwcleaner?

How is your PC behaving now?

 

[Adplusone]

1) Reran Adwarecleaner...log attached.
2) Reran Malwarebytes Anti-Malware and came up clean.
3) Ran across the attached "ransom" instructions buried in a file.

 

[Adplusone]

Computer has run normal all day...only issue is the corrupt file issues.

Have not had time to read the CryptoWall and HELP_DECRYPT Ransomware Information Guide and FAQ.

Will try to get to it this evening or tomorrow....but guessing not good news.

I froze my Carbonite backup as soon as I realized what we going on.....can I restore corrupt files using carbonite? Or will they still be corrupt?

 

[Adplusone]

I guess considering paying the "ransom" is really dumb....ran the List C Wall program...it found over 6,400 files.

 

[TwinHeadedEagle]

Is your Carbonite backup cloud based?

Yes, I don't think paying to these bad guys is a good idea, I would never give them my money for such awful thing.

 

[Adplusone]

Yes Carbonite is cloud based.

 

[TwinHeadedEagle]

Then I suppose it is clean. You can try to restore your system.

 

[Adplusone]

Am in process of restoring files via Carbonite...could take two days.

My TrendMicro just ran a report and found the 8 attached files (see log).

Is this related to the current problem...does that mean we did get all the Crypto files out?

 

[TwinHeadedEagle]

Yes, these are only files which purpose is to tell you how to pay to restore your files. Main infection is gone.

 

[Adplusone]

All is clear....

Thanks again....you have helped me in the past....what is your PayPal address...would like to buy you a few beers

 

[TwinHeadedEagle]

Excellent.

You can donate using donate button in my profile. Let me know if you have some problems.

 

[Adplusone]

Sent a donation for your help...much thanks as always!

 

[TwinHeadedEagle]

I can't thank you enough, you're amazing