Let’s see if I can respond without writing a entire book ;D
that's exactly what I'm doing (restarting from scratch).
I hope you do it the correct way.
- Disconnect from the net (pull the plug out)
- Install Windows
- Install all drivers (or at least make sure they all are installed correctly if Windows provides them)
- Install a av
- Go online and download/install all updates that are available for Windows and the av (if it doesn't happen automatically already)
The following are user specific/users choice, but I recommend to do them :
- "Tweak" Windows to your needs/how you want (settings, colors and such things)
- Install the applications you normally use and make changes to the settings as you wish.
- Place back the data that you need/want from a clean backup
- Install a tool that automatically creates a backup of date/the entire system (as you want) on a regular base.
- Create a image of the drive
Create/store the backup online.
Why?
Guess what will happen if the house burns down or if there is a burglary (hope it will never happen ofcourse).
In such cases gone is not only the system, but also the backup if it is stored/kept in the same house.
I wanted to know if Avast would take a look at the virus
avast does have a look at what someone submitted.
I can be wrong here, but I believe first analysis is done automatically and if needed a person is having another look at it.
This has to do with the huge amount of samples people sent to them each day.
On a quiet day, 350.000 new (or variants of existing) malware is found.
Analyzing them all manually would take the amount of people that live in a small country ;D
I thought that reporting it they would contact me, at least for further details.
As I said, they will contact you if they need/want more information.
It puzzles me the lack of any feedback.
I agree this a point for them to improve.
A automated email with something like :
- We have received your sample (on date, filename, hash)
- First analysis will be done automatically.
- If needed a person will have a further look at it.
- We will not contact you about this unless we need/want more information
- If the sample is found to contain new (or a new variant of existing) malware, we will add detection for it to the VPS
so they should be interested in it
They sure are interested in it.
Hence why they have the option to submit a sample ;) ;D
I do not know how far they are with the development of it, but avast is working on a tool/module for the av that detects/prevents infections with ransomware.
But it is not easy to create one without unwanted side-effects.
There are tools (Windows has it build in) that can encrypt date/entire drive content.
To say it simple, those tools do exactly the same as the ransomware does.
Difference is ofcourse that you have the key to decrypt the files.
So a tool to prevent ransomware must not detect those legitimate file/drive encryption tools.
As for the decryption of your files, keep a eye on https://www.nomoreransom.org
The keys they have there come from confiscated servers/systems from people that are behind the ransomware.
More keys will be added when they find them.
To be honest, chance that they find the key you need is small.
Have a deep breath and consider the files gone.
Learn the lesion (I think you already have) and backup frequently.
Don’t forget there is always the malware first.
After being discovered, research must be done to see how it operates.
And only then it is possible to go find a protection/cure.
Meaning all new malware can (and likely will) do damage before it is stopped.
