locked
CryptoWall and file history RRS feed

  • General discussion

  • A client got CryptoWall 3.0 on her Windows 8.1. By the time I got to it, almost every folder on the computer had been compromised with the tell tale HELP_DECRYPT.HTML files in every folder. She didn't notice the problem until she opened outlook, the Outlook Data file had been encrypted and wouldn't open. Luckily she had an external drive configured with "File History". My heart sank when I looked at the "Configuration Folder" and found the HELP_DECRYPT.HTML files in there too. With nothing to lose, I restored her computer to factory defaults, attached the external and tried to recover files via "File History". I decided to go back 10 days and restore her documents folder. Everything was going well, I was able to go back over a year if I wanted to. When I began the restore it indicated over 4gb, it restored about 100 files and quit. I could go in and preview files but when I went to restore, nothing. Same thing with other folders, pictures was about 15gb, it only restored about 500mb worth. I ended up going into the external manually and retrieved what I could. I'm guessing that the "Catalog.edb" file or the "Config" file has been encrypted, the Config file recreated itself. Is there a way to rebuild the Catalog file? One other thing, this customer logs in with her outlook.com email address, is there a way to make her a standard user? I don't know how people are supposed to protect themselves from this threat, I can't even figure out how she got it in the first place, all of my scans came up with nothing. If this ever becomes wide spread it could have devastating effects. Thank for your time and thoughts.
    Thursday, January 15, 2015 8:51 PM

All replies

  • see this link i think this will help you to fix this problem 

    http://deletemalware.blogspot.com/2015/01/how-to-remove-cryptowall-30-virus-and.html

    Thursday, February 26, 2015 9:09 AM