Hi Here are the log files as requested from Logs to assist page.
Is there any way of recovering my files?
I have a folder that may contain the original copies of files that I am struggling to get access to as I believe Cryptowall delets all orginal files and hides them away and then creates copies and encrypts them. I’m bit of a novice at computer related items but with some good help and instructions I can hopefuuly recover some files that are very important to me and needed urgently.
As you appear to have been hit by not one but two ransomware programmes… The chances of decrypting them is near impossible
Are you opening any attachments that come in your e-mail as that is the method of transmission
Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
If you have bookmarks, let’s save them by exporting them - Export Bookmarks
Then I need you to go Google Sync and sign into your account
Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome Although I would recommend against this
Import your bookmarks back into Chrome
Sign back in to your Chrome browser so that your bookmarks sync with your online account.
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Run FRST and press Fix
On completion a log will be generated please post that
FINALLY
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Hi Please see attached after Chrome was removed…I think as Chromw wasnt listed in the add/remove programs section did a quick search and couldn’t find it in the start menu program list either so unsure if it has been removed or not.
Did you run the FRST fix ? As the entries I deleted appear to have returned
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
Your system is badly infected.
The quickest and best way to solve the problems is to install Windows, drivers and such from scratch.
Unless you have a clean backup, consider your data gone.
I think buy the looks of things ive been hard hit and the chance of recovering my files is going to be impossible.
Please find attached log file as requested, I was unable to stop eset antivirus as it was preloaded onto this computer when i got it and have found it difficult to remove as a password is requested. But i guess with a format and clean install. It will dissapear.
Found the key.dat file but seems it already has the master key removed wondering if there was any other way o role it back? I’ve tried restore previous verisons but none were detected.
There is no way to “roll back” to retrieve your files.
If that tool isn’t working for you, you are out of luck.
The data is gone.
I know it is a hard way, but I hope you have learned from this.
This time it was malware but their are other things that can happen and destroy your data.
I hope it will never happen ofcourse, but your hard-drive can break down, your house can go up in flames etc.
That is why you always should have a backup of data and even better a image of the working system.
And never store the backup/image near your own system.
Some providers give the user some web-space for their own internet site.
That space can also be used to store a backup/image, if there is enough space ofcourse.
A other option is to use e.g. Google Drive.
To create a image/backup there are many free tools for it.
Find one that you like and use it.