This morning Avast has detected a virus named “Sirefef-PL” and then it freezed completely while trying to fix. Then I killed it (Maybe I should have not) in order to plan a scan when windows start. When I restarted my computer, avast detected some malware.
Now I realize that the virus have converted all my files (images, txt, videos, everything) into crypted html files making it impossible to read :(.
I don’t know if the virus is still there but how can I recover my files? I really need to recover some of these important files.
Hi,
Thank you for your answer.
I have been assisted early by an professional who remotely connected and installed all these tools (combofix, malwarebytes and TDSkiller) and probably removed the virus. I plan to reinstall completely my system to make sure everything is cleaned, but actually I am very afraid about my files. When I open any files I am redirected to the website http://mblpcblock.in/ , where the virus ask me to pay to have a decryptor. I don’t know what to do :(.
I understand your point. For sure, it will be good that I get assisted again to avoid reinstalling my system, but what does this going to help me if I will not able to recover my files? As I said, everything has been crypted ( images, pdf, text files, C, videos, …) on my computer, and additionally, some programs refuse now to start.
It is very very sad for me. I don’t know if I have to pay ransom, go to police or if there is a way to recover my files with external tools.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
To reply:
I am not able to access any of my files (images, txt, pdf, …) , please take a look into the attached file “code_test.txt” to see how the encryption looks like (extension manually changed by me from .txt.html to .txt for upload reasons). The original file was “code_test.txt” and it contained around 10 characters, now it has been renamed into code_test.txt.html and completely impossible to read, if opened it redirects me to the ransom website.
There is only one restore point available and it was automatically done when I ran combofix. My disk space is almost full, it is probably the reason for which windows didn’t keep previous restoration points.
Until now I didn’t find anything that could help me recover my files. All king of things I saved from the beginning of my life.
–
Sorry for mistakes, English is not my main language.
Unfortunately I have been unable to locate anything approaching a cure for this, it may well be a month or so before one of the labs cracks it and then they will probably need to be very lucky.
This is the only option offered at the moment
10.Unfortunately, at this time there is no decryptor for the files that have been encrypted by this malware. This means that you will need to restore from a backup or attempt to restore from a previous version using Windows. To restore from a previous version when there is no backup available, please rename the file to its original filename. Then right-click on it and select Properties. When the Properties window opens, click on the Previous Versions tab. You will now be shown a screen screen that lists any previous versions you may have of this file. If you find any, backup the existing encrypted file and then restore the previous version. Windows will then restore the older file and overwrite the encrypted one.
It looks like the first thing I can do is to rename all files to the original name, by removing extra .html extension? Do you know a script that can do that?