Cryptowall: Remove and delete encrypted files

January 13, 2016 Michael Tyler Comments 1 comment

These are the steps I’m going to be taking to remove the Cryptowall Virus and restoring my files to their previous state.

At present, I have the following means at my disposal.

System restore – Including restore shadow volumes
Online backups – Onedrive/Google drive
Offline backups – Solid state drive backups

Using a combination of these, I intend to restore my files to their previous state.

Step 1: Remove Virus:

To get things rolling again, and make my computer safe to use. I’ve to rid myself of the Virus.

Boot-time Scan

Most anti-virus software worth their salt have this option.

Has to be a boot-time scan to unsure your operating system and the connected files are not affected.

For my computer, which has 220GB used on the hard drive, it took around 3 hours.

Malware Bytes Scan

Malware bytes seeks those pieces of not-yet-virus material.

If you want to prevent your computer from getting the infection again, you need to run this.

JRT Scan

Junkware Removal Tool, or JRT.

Similar to Malware bytes, it simply insures that files associated with dubious activities won’t infect your machine in the future.

You may get some false positives with this, so not everyone likes to use it…

These steps are essential to ensure you have a clean system.

Step 2 Remove encrypted files:

I’m not going to pay for Cyptowall decryption service. I’m simple going to remove the files, and make do with the copies from back-up.

However, I don’t want these old files hanging around my system, and I’m going to remove them.

I’m going to do this using Windows search.

Search under datemodified:12/01/2016

Once this is up refine the search.

Have the ‘date created‘ as the 12/01/2016. This will narrow things down a bit.

If the creation date and the modification date is the same and it’s consecutive files in the folder; delete these files.

That’s it.

You’ve deleted all the files that have been created in a spam-like fashion by the Crytowall Virus, make sure you don’t inadvertently delete any genuine files at the same time.

3. Restore back-ups

Solid state – Syncbackfree

Cloud – Dropbox

4. Defrag

Get rid of all the spaces and smarten your disk up.

You’re good to go!

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Michael Tyler

Narrowboat adventures

Cryptowall: Remove and delete encrypted files

January 13, 2016 Michael Tyler Comments 1 comment