Deleting date created files
Cryptowall: Remove and delete encrypted files

Cryptowall: Remove and delete encrypted files

Comments 1 comment

Share on social media

These are the steps I’m going to be taking to remove the Cryptowall Virus and restoring my files to their previous state.

At present, I have the following means at my disposal.

  • System restore – Including restore shadow volumes
  • Online backups – Onedrive/Google drive
  • Offline backups – Solid state drive backups

Using a combination of these, I intend to restore my files to their previous state.

Step 1: Remove Virus:

To get things rolling again, and make my computer safe to use. I’ve to rid myself of the Virus.

Boot-time scan for viruses

Boot-time Scan

Most anti-virus software worth their salt have this option.

Has to be a boot-time scan to unsure your operating system and the connected files are not affected.

For my computer, which has 220GB used on the hard drive, it took around 3 hours.

Malware Bytes Scan

Malware bytes seeks those pieces of not-yet-virus material.

If you want to prevent your computer from getting the infection again, you need to run this.

JRT Scan

Junkware Removal Tool, or JRT.

Similar to Malware bytes, it simply insures that files associated with dubious activities won’t infect your machine in the future.

You may get some false positives with this, so not everyone likes to use it…

These steps are essential to ensure you have a clean system.

Step 2 Remove encrypted files:

I’m not going to pay for Cyptowall decryption service. I’m simple going to remove the files, and make do with the copies from back-up.

However, I don’t want these old files hanging around my system, and I’m going to remove them.

I’m going to do this using Windows search.

  • Search under datemodified:12/01/2016

Once this is up refine the search.Deleting date created files

  • Have the ‘date created‘ as the 12/01/2016. This will narrow things down a bit.

If the creation date and the modification date is the same and it’s consecutive files in the folder; delete these files.Deleted items

That’s it.

You’ve deleted all the files that have been created in a spam-like fashion by the Crytowall Virus, make sure you don’t inadvertently delete any genuine files at the same time.

3. Restore back-ups

Solid state – Syncbackfree

Cloud – Dropbox

4. Defrag

Get rid of all the spaces and smarten your disk up.

You’re good to go!

(Visited 11 times, 1 visits today)

Related Posts

 Cryptowall takes over my computer So..... Turns out the NHS, Fedex and a number of other companies and organisations have been hit by this same Ransomwear virus. According to Avast,...

Leave a Reply

Your email address will not be published. Required fields are marked *

shares