Original Cryptolocker Ransomware Support and Help Topic

Hi,
 
We have been able to remove this by creating a Kaspersky Rescue Disk: http://support.kaspersky.com/viruses/rescuedisk#downloads
 
Once booted into this you can use the File Manager and register editor to remove the start up entry for this, first browse the registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run locate the random file (this will also show you where on the system this is loading from. Remove this reg entry. You should also check: HKLM\Software\Microsoft\Windows\CurrentVersion\Run.
 
Once the reg entry is deleted the use the File Manager function to browse to where this file is located and delete this file.
 
Shut down the rescue disk and boot as normal, this should then be able to boot without the CrytoLocker screen appears, you should then run a scan with your current AV software or download Malwarebytes:  http://www.malwarebytes.org/ and run a scan with this. It maybe best to run this scan with the computer in safe mode.

We got infected on a client machine which then infected the server shares.  Thinking it was the typical malware that we have all seen where it hides your files and tries to blackmail you, we removed the infection.  is there any way to recover the encrypted files now that we have removed the infection?

I have read throught the whole topic, but I wasn't sure if there was a way to reinfect my machine so I could pay the ransom (I can't believe I just typed that either).  I am afraid that it will double ecrypt my files and I will be really screwed.

(I can't believe I just typed that either).

Here is the update I receieved today from Trend Micro.....

 

Bad news.

 

We found that the files appears to be encrypted using RSA encryption. This type of encryption uses a public and a private key pair.  If this is true, the restoration of the affected files may be close to impossible.  Though we're still checking the affected files and the sample malicious file provided.

 

This is the update from our malware team.

 

Can we have a discussion on what possible ways these files can be decrypted based on each user needing a private key and that key being impossible to attain.  What conceivable way could this be done?

Hi all,

We are currently working with this virus now, and wanted to see if anybody still has the original executable that it created. We want to infect one of our test machines to see if we can figure out a fix for the encryption, as well as see how it functions.

Please shoot me a PM if you can help us out.

Thanks!

I have a machine quarrantined with the virus...