Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CRYPTOWALL 3.0
#31
(09-02-2016, 07:19 AM)Partha Wrote:  So what happened when you tried to open the file there? I want to know if it failed with a message

Please try to be precise


I would comment on them when I feel it's time to comment on them. It is important that we troubleshoot in a linear way.
IN the beginning it said:

whooops
There was a problem previewing this document

and then I tried to open with google sheets/ google documents

with result:

Unable to convert

PS sorry, after this post, I' li be back in a couple of hours
Reply

#32
It could be because of the cache. Please remove the browser cache or try a different browser, and also see if you can view any of the xlsx files there

I just realized now that if your system was infected with CryptoWall like you said it was, you shouldn't have been able to access the files, but you said that you made copies of those files while your system was infected.

I would like to know how you realized that your system was infected with the ransomware. Could you please clarify that part?
Reply

#33
(09-02-2016, 07:51 AM)Partha Wrote:  It could be because of the cache. Please remove the browser cache or try a different browser, and also see if you can view any of the xlsx files there


I just realized now that if your system was infected with CryptoWall like you said it was, you shouldn't have been able to access the files, but you said that you made copies of those files while your system was infected.

I would like to know how you realized that your system was infected with the ransomware. Could you please clarify that part?

In your point #1, do you mean checking with Google Drive ? if yes, have I already downloaded GoogleDrive (because I use it), and the only thing I uploaded one docx and one xlsx file with the results mentioned before.
Excuse me, but I don't understand what you mean by the cache. What should I do exactly ?

As far as point #2(a), and if I remember correctly, at that time I was completing the instructions guide for using the app.(access), and thought: "ok, now that I am done let me backup the whole 'AMADEUS' directory to the USB stick (I mean overwrite the specific USB directory".
That's what happened.

As far as point #2(b), I realized that I got infected by the appearance of these 'beautiful' Notices on my screen on my notebook.
Reply

#34
Can you attach a sample file so we can see ?
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Reply

#35
I was referring to the browsing history and other temporary files that get saved on the computer when a user browses the Internet

Please refer the article at https://www.pcworld.com/article/246049/how_to_delete_your_browser_history.html to clear those files depending on the browser you use

I also don't think your computer was infected with CryptoWall because if that was the case, the files wouldn't have been accessible
Reply

#36
(09-02-2016, 11:46 AM)Britec Wrote:  Can you attach a sample file so we can see ?
Of what ?

Reading back my last post are you talking about #2(b) ? If so, I meant the well known Ransomware Notices, that your file are encrypted, and that you must pay so many bitcoins.
Else, please specify, and i will do it with pleasure.

Something else. I understood that the USB stick was infected as well, only by seeing these funny HELP_ENCRYPT files in the root directory of the ' E:\AMADEUS '
Reply

#37
Look, you wrote that you did not know that your system was infected and that you  had made some copies of .xlsx and .accb files which you saved on your USB stick as a backup

Now please understand that if your system was infected with CryptoWall, you wouldn't have been able to use your system and so, while you were making copies of those files, your system couldn't have been infected with it.

If it had been infected, the only way I can think of, for accessing the files would've been via safe mode, which was not the case. The infection therefore must have happened later.

Is this part clear or do you still believe your PC was infected with it back then?
Reply

#38
YOU SAID
Look, you wrote that you did not know that your system was infected and that you  had made some copies of .xlsx and .accb files which you saved on your USB stick as a backup

Not some but the whole 'amadeus' directory


YOU SAID
Now please understand that if your system was infected with CryptoWall, you wouldn't have been able to use your system and so, while you were making copies of those files, your system couldn't have been infected with it.

The infection therefore must have happened later.

What you are saying makes sense. Your conclusion, that the infection must have happened later, OK but how later I mean the 'Δt' ?  At least at by the time that the USB was still plugged-in. Right ?

YOU SAID & ASKING
Is this part clear or do you still believe your PC was infected with it back then?
Of course it is clear.but i never suggested that the PC was infected by the USB, if that is what you mean
Reply

#39
I didn't mean that it was infected by the USB. By it, I meant CryptoWall but anyway, at least we are on the same page now and that's nice.

Do you remember if your USB drive was plugged in or not when the infection happened?
Reply

#40
(09-02-2016, 01:17 PM)Partha Wrote:  I didn't mean that it was infected with the USB stick. By it, I meant CryptoWall but anyway, at least we are on the same page now and that's nice.

Do you remember if your USB drive was plugged in or not when the infection happened?
It is my habit not keep the USB plugged-in for a long time. When I want something to read from it or write to it, I plu it in. And when done I unplug it.
Now for your question.
1. It is almost 10 months ago.
2. Usually this Δt, that I am talking in my last post and according to what I said above, should have been very small, but the truth is I do not honestly recall.
3. But why other stuff that I had in the USB were not infected ?
4. So should I conclude, that it was NOT plugged-in ? The copy paste of the 'AMADEUS' from the infected notebook to the USB, could it be performed, although infected ?
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.