Author Topic: CryptoWall Virus  (Read 34407 times)

Offline [TD]Medivh

  • Grunt
  • ***
  • Posts: 126
    • View Profile
CryptoWall Virus
« on: May 18, 2015, 01:01:33 PM »
Anyone knows anything about that virus?
My father's pc just got infected , and seems like theres no way to remove it or get back the crypted files without paying a ransom of like 800 USD through bitcoin to the virus maker.

Actually ive tried all traditional solutions, ComboFix itself failed.
Looks like 4/5 of italian ppl got infected by that virus.

Is there anyone in this community that can tell me what i can do?

Offline Rit

  • Grunt
  • ***
  • Posts: 245
    • View Profile
    • Rit's Youtube
Re: CryptoWall Virus
« Reply #1 on: May 18, 2015, 01:23:04 PM »
1. Boot the computer into safe mode with networking.
2. Download, install, and update Malwarebytes.  Run a Threat Scan and remove whatever malware you detect.  Reboot into safe mode with networking again.
3. Download Microsoft Safety Scanner and run a Full Scan.  Remove threats.  Reboot into safe mode with networking again. Link: https://www.microsoft.com/security/scanner/en-us/default.aspx
4. Run a full anti-virus scan.  If he isn't using one already, here is a 90 day BitDefender trial: https://www.facebook.com/bitdefender/app_118554158281905
5. I'm sure the computer is probably riddled with adware too, so it probably wouldn't hurt to run AdwCleaner: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
6. Clean the registry with CCleaner (if you start getting registry errors after the removal): https://www.piriform.com/ccleaner - Usually this will take care of any problems, but sometimes the registry entries will need to be deleted manually.

Keep me updated and I'll assist you to the best of my ability.
« Last Edit: May 18, 2015, 01:26:58 PM by Rit »

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #2 on: May 18, 2015, 01:30:04 PM »

Anyone knows anything about that virus?
My father's pc just got infected , and seems like theres no way to remove it or get back the crypted files without paying a ransom of like 800 USD through bitcoin to the virus maker.

Actually ive tried all traditional solutions, ComboFix itself failed.
Looks like 4/5 of italian ppl got infected by that virus.

Is there anyone in this community that can tell me what i can do?

All that porn huh? Well that's life.

It would probably be best to back up all your important files and just reinstall the OS....instead of downloading this anti virus and that anti spyware.


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline Howl

  • Peon
  • **
  • Posts: 8
    • View Profile
    • Warcraft2Online
Re: CryptoWall Virus
« Reply #3 on: May 18, 2015, 01:32:36 PM »
Generic advice from Rit is ok but it won't bring your files back.
forums.malwarebytes.org/index.php?/topic/150193-removal-instructions-for-cryptowall/

They use public/private key encryption, meaning you are pretty much fucked (unless there is some kind of bug in the malware, but i think trivial bypasses existed only in the early versions of cryptolocker/ cryptical).

Here are some descriptions that look legit (i checked them out only briefly)

scarybearsoftware.com/news/cryptowall/ (version 2)
deletemalware.blogspot.com/2015/01/how-to-remove-cryptowall-30-virus-and.html ( version 3)

thread about it on stack exchange security.stackexchange.com/questions/80861/cryptowall-3-how-to-prevent-and-how-to-decrypt

Offline Rit

  • Grunt
  • ***
  • Posts: 245
    • View Profile
    • Rit's Youtube
Re: CryptoWall Virus
« Reply #4 on: May 18, 2015, 01:49:17 PM »
Generic advice from Rit is ok but it won't bring your files back.

Indeed.  I'm unfamiliar with this virus. 

Offline Nox

  • Death Knight
  • *********
  • Posts: 4133
    • View Profile
Re: CryptoWall Virus
« Reply #5 on: May 18, 2015, 02:09:17 PM »
Terror-Gorefiend said you have to paid them Lol
Mr.120apm aka U8! Best player of the world losing 4v3 against Phillip5256.

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #6 on: May 18, 2015, 02:12:07 PM »
Are you still able to move your files out?


Sent from my Motorola DynaTAC 8000X using Tapatalk

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline Howl

  • Peon
  • **
  • Posts: 8
    • View Profile
    • Warcraft2Online
Re: CryptoWall Virus
« Reply #7 on: May 18, 2015, 02:20:05 PM »
the original files were removed and only encrypted copies are left (useless without the key).

I would strongly advise against moving any files to another computer with important data on it (if you don't know what you're doing), cause by accident you may infect other one as well.
« Last Edit: May 18, 2015, 02:21:56 PM by Howl »

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #8 on: May 18, 2015, 02:31:50 PM »

the original files were removed and only encrypted copies are left (useless without the key).

I would strongly advise against moving any files to another computer with important data on it (if you don't know what you're doing), cause by accident you may infect other one as well.


Only way to guarantee 100% that you are rid of the virus is to reformat and reinstall OS...what OS are you currently running?


Sent from my Motorola DynaTAC 8000X using Tapatalk

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline [TD]Medivh

  • Grunt
  • ***
  • Posts: 126
    • View Profile
Re: CryptoWall Virus
« Reply #9 on: May 19, 2015, 12:12:03 PM »
Actually i have Windows 7 installed , i cant move files to anywhere , since if i plug in a USB it istantly gets infected , by now all my USB pens are infected , same thing for DVD's and CD's, ive never seen something like this.
I Cannot even run the backup program since this virus deleted all old images of the system , shadow images included. I didnt create any restore point with dvd's or anything.
Seems like the only way to get back my files is to pay the fucker, i won't do it tho.

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #10 on: May 19, 2015, 01:02:04 PM »

Actually i have Windows 7 installed , i cant move files to anywhere , since if i plug in a USB it istantly gets infected , by now all my USB pens are infected , same thing for DVD's and CD's, ive never seen something like this.
I Cannot even run the backup program since this virus deleted all old images of the system , shadow images included. I didnt create any restore point with dvd's or anything.
Seems like the only way to get back my files is to pay the fucker, i won't do it tho.

Just reformat.


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline [TD]Medivh

  • Grunt
  • ***
  • Posts: 126
    • View Profile
Re: CryptoWall Virus
« Reply #11 on: May 19, 2015, 03:06:25 PM »
Ya , i think its the only solution ,but what about the files?
Lost forever?

Offline I hate naggers

  • Ogre Mage
  • ********
  • Posts: 2345
    • View Profile
Re: CryptoWall Virus
« Reply #12 on: May 19, 2015, 03:40:18 PM »
Ya , i think its the only solution ,but what about the files?
Lost forever?
have you even read howl's post dummy[/td][/tr][/table]

Offline Certified MENSA Genius Brain (smart)

  • "The Architect"
  • Global Moderator
  • Dragon
  • *****
  • Posts: 5384
    • View Profile
Re: CryptoWall Virus
« Reply #13 on: May 19, 2015, 04:58:17 PM »
This virus sounds badass.
    

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #14 on: May 19, 2015, 04:59:29 PM »

Ya , i think its the only solution ,but what about the files?
Lost forever?

From what your telling me about the virus behavior, yes i would say so...


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)