These are the steps I’m going to be taking to remove the Cryptowall Virus and restoring my files to their previous state.
At present, I have the following means at my disposal.
- System restore – Including restore shadow volumes
- Online backups – Onedrive/Google drive
- Offline backups – Solid state drive backups
Using a combination of these, I intend to restore my files to their previous state.
Step 1: Remove Virus:
To get things rolling again, and make my computer safe to use. I’ve to rid myself of the Virus.
Most anti-virus software worth their salt have this option.
Has to be a boot-time scan to unsure your operating system and the connected files are not affected.
For my computer, which has 220GB used on the hard drive, it took around 3 hours.
Malware Bytes Scan
Malware bytes seeks those pieces of not-yet-virus material.
If you want to prevent your computer from getting the infection again, you need to run this.
Junkware Removal Tool, or JRT.
Similar to Malware bytes, it simply insures that files associated with dubious activities won’t infect your machine in the future.
You may get some false positives with this, so not everyone likes to use it…
These steps are essential to ensure you have a clean system.
Step 2 Remove encrypted files:
I’m not going to pay for Cyptowall decryption service. I’m simple going to remove the files, and make do with the copies from back-up.
However, I don’t want these old files hanging around my system, and I’m going to remove them.
I’m going to do this using Windows search.
- Search under datemodified:12/01/2016
- Have the ‘date created‘ as the 12/01/2016. This will narrow things down a bit.
You’ve deleted all the files that have been created in a spam-like fashion by the Crytowall Virus, make sure you don’t inadvertently delete any genuine files at the same time.
3. Restore back-ups
Solid state – Syncbackfree
Cloud – Dropbox
Get rid of all the spaces and smarten your disk up.
You’re good to go!