My files have been taken hostage...they want a ransom paid.

Not sure if this might help

Don’t Pay Up – How To Beat Ransomware!

ok...hmmm.....

correct me if I'm wrong.. but the YT video in the OP SHOWS how to completely get rid of this so call 'nasty' virus.. from what I see from the vid.. (if it's legit) is basic file navigation .. ? for the lack of a better term if there is one.. LOL

serously .. yes and or no on this vid..

YT link embed is being a douche ..
www.youtube.com...

Komodo
ok...hmmm.....

correct me if I'm wrong.. but the YT video in the OP SHOWS how to completely get rid of this so call 'nasty' virus.. from what I see from the vid.. (if it's legit) is basic file navigation .. ? for the lack of a better term if there is one.. LOL

serously .. yes and or no on this vid..

YT link embed is being a douche ..
www.youtube.com...

edit on 13-4-2014 by Komodo because: (no reason given)

edit on 13-4-2014 by Komodo because: (no reason given)

no no no no no no no

sorry

you could say the virus I have is part 2. part 1 had a flaw which was found and yes in most cases you could fix it. but not the new and improved virus released about 2 weeks ago.

Swills
reply to post by Mr Mask

 

I dunno why people think Mac's are invulnerable to hackers. The main reason why hackers don't target Mac users is because they are the minority compared to PC users, so if I were you I wouldn't suggest to anyone to switch over because you don't want your Mac numbers rising, do you?

100% Correct...

This confirms it:

It CAN affect Macs. I had a client less than a week ago who had the CryptoLocker virus infect her Windows XP installation. Trouble was she was running it virtualized through Parallels Desktop on her iMac. She also had the access Mac home folder from Windows enabled in Parallels. As a result every single one of her pdf, eps, jpeg and Office documents on the Mac partition were hosed. Naturally it took out the same file types in Windows but there weren’t many of those. Most of her work was on the Mac.

www.makeuseof.com...

PhoenixOD
Not sure if this might help

Don’t Pay Up – How To Beat Ransomware!

thanks anyway but no that doesn't work. they block all system restore points. I tried but just in case.

reply to post by bellagirl


Yes. If you're only seeing one account to log in to once Windows loads then that's the default account which has full administrative privileges.

reply to post by Goteborg


so for better protection I am better off creating a new user account ???

I wonder if I create a new user account does the infection cross over ??

bellagirl

so for better protection I am better off creating a new user account ???

I wonder if I create a new user account does the infection cross over ??

Yes. It's not guaranteed to protect you but using a standard account without write privileges is safer than using the admin account on a regular basis.

I can't answer with certainty as to whether or not your infection will cross over into files created using a new standard account. I can say that in the instances I've personally dealt with I have not seen that happen but that doesn't mean it can't happen. The best play here is to continue to deal with a pro, and by 'pro' I do not mean your friend who claims he handles cyber-security for banks, and once you have the all clear then create standard user accounts and use them.

All data should have a remote backup for your important files. Then they can do what they will and all you would need to do is reinstall the OS. A pain but much less painful than losing everything or paying the hostage fee.

OP, you say that the virus you've got is literally a mark 2 and hence can't be fixed, so I don't know if this is helpful, as it is from Feb 2014.
www.pcthreat.com...

Is this newer virus from after Feb?
I am scanning my laptop right now but the above link may still be valid, I hope.

Goteborg
How does your son feel about that? That's not generally how this malware is spread. There are variants now that can spread on their own but the most likely way to catch this bug is for someone to click on an executable file (.exe) while logged into the PC on an account that has administrative privileges, in other words who ever checks their email on that PC most likely infected the machine.

An exe is a typical transmitter, but once it's been run it's no longer the problem. The one I had installed DLL's into various folders that attached themselves to core services. Miss even one of those and it just might recreate all the rest next time you reboot. More like cancer than a virus...

bellagirl
I am not trying to fix it myself....that would be way beyond me. I have spoken to someone and was told to wait a week to see if there is a fix that can recover the files.

the interesting this you mentioned was the thing about the admin. there is only 1 "user" on the laptop. so am I right in thinking that what I am on is always the admin account ???

Yes, there's always an admin account. If there's only one account, you're on it.

Most of the time ransomeware is nothing more than an annoying graphical virus infection, that simply tells you that its done XYZ to your machine and to phone a number.

Very often you can use safe mode and free software like HiJackThis to deal with the issue.

As many have posted for specific software removal, there are lots of good guides. Just bare in mind that often they will add some changes to your searching on the internet taking to fake versions of sites, some times its best to research a solution on another machine.

bellagirl
I am extremely lucky that its a personal laptop that I mainly go on social media and ats. any work stuff is all on a usb.

What kind of USB?
Flash drives are known to fail at any time without any warning, any important work would be better stored on an external hard drive. Luckily, they are now much cheaper than they were some years ago.

Just wanted to posted out here, incase you saved your original hard drive and still didn't get a chance to decrypt.

Article Link :
Kaspersky releases decryption tool that unlocks ransomware

The Netherland's National High Tech Crime Unit (NHTCU) recently got its hands on a CoinVault command-and-control server (a type of ransomware that has been infecting Windows systems since last November) and, upon examining it, discovered a large database of decryption keys

a reply to: ArMaP

yeah mate....i have been backing up on an external hard drive as well.

thanks for your reply.