CRYPTOWALL 3.0

[Partha]

It is likely that the USB stick was plugged in at the time of the infection, and that the files on the USB drive were encrypted in the process

That could also be the reason those files won't open but then, that is just a guess and I cannot say that with certainty

Nevertheless, this would be the time I comment on those files called 'HELP_DECRYPT.HTML' and 'HELP_DECRYPT'. Have you tried opening them?

[george759]

(09-02-2016, 01:51 PM)Partha Wrote:  It is likely that the USB stick was plugged in at the time of the infection, and that the files on the USB drive were encrypted in the process

That could also be the reason those files won't open but then, that is just a guess and I cannot say that with certainty

Nevertheless, this would be the time I comment on those files called 'HELP_DECRYPT.HTML' and 'HELP_DECRYPT'. Have you tried opening them?

Nope.
Are you kidding ?
Do you think they would give any helpful Hints ? I doubt it.

Any back ideas regarding Post #2, together with my ideas (Post #21) and your idea of just dropping them (post #22) ?

Somehow I feel, we are getting near the end, right ?
I hope not

[Partha]

(09-02-2016, 02:00 PM)george759 Wrote:  Nope.
Are you kidding ?
Do you think they would give any helpful Hints ? I doubt it.

Any back ideas regarding Post #2, together with my ideas (Post #21) and your idea of just dropping them (post #22) ?

Somehow I feel, we are getting near the end, right ?
I hope not

Look, you have to cooperate with us. Did I say that those files would help in any way? I just wanted to know if you tried to open them and have a look

I doubt if the recovery software would be able to help bring the files back in their working states. I mean you can give that a try

There are still ways to recover text from the Word files and we can try them if you are interested.

[george759]

(09-02-2016, 02:15 PM)Partha Wrote:  

(09-02-2016, 02:00 PM)george759 Wrote:  Nope.
Are you kidding ?
Do you think they would give any helpful Hints ? I doubt it.

Any back ideas regarding Post #2, together with my ideas (Post #21) and your idea of just dropping them (post #22) ?

Somehow I feel, we are getting near the end, right ?
I hope not

Look, you have to cooperate with us. Did I say that those files would help in any way? I just wanted to know if you tried to open them and have a look

I doubt if the recovery software would be able to help bring the files back in their working states. I mean you can give that a try

There are still ways to recover text from the Word files and we can try them if you are interested.

Sorry to be that emotional.
You are very kind in helping me and also in that high degree.

Let me tell you very few words, regarding this AMADEUS project. At first I was doing this for a friend of mine completely free and before delivering this to him at a Final stage, that' s when CRYPTOWALL showed up. Is regarding a catering Corporation. Almost everything was built using Access. It was a single accdb file, with input and output files in the form of xlsx. Word files was just to write a guide how to use the app. Nothing more.
So many Word files to recover, there aren't so many. One-two.
My main problem was the access file. The only accdb backup file that I found was dated March 2013.

in my post #21, I suggested of plugging the USB stick into the notebook. Running the program (post #2) EaseUS Data Recover with results to be stored in a new CD. After running this program I thought of dropping this into Zemana to check it out. if all OK, I was going to try to open the files in question.
Please verify to me. This CD of mine, could it infect anything else, or not ?
What do you think ?
I am all open for ideas and suggestions.

[Partha]

Since Zemana didn't detect anything, I don't think there should be any malicious files

[george759]

Partha,

I just opened a docx file using the WPS. i didn' t get any funny messages in the beginning, but 1-2 lines/page but in wierd characters.
and not of any sequence.

If you want me, I could send it you on your e-mail. size 30k

---

(09-02-2016, 03:04 PM)Partha Wrote:  Since Zemana didn't detect anything, I don't think there should be any malicious files

No you are wrong.
The Zamana checking I did was for a copy from USB to a CD, without making this file through the EasUS Program.


Kindly also tell me about how dangerous the CD is (made by EasUS app.)

[Partha]

I would like you to follow the steps in this sequence.....................

1. Make sure that the autorun is disabled via Panda's USB Vaccine or via the Panda antivirus

2. Insert the CD into the DVD Writer/Reader

3. Now right click the optical drive and select "Scan with Zemana Antimalware Free". Make sure you are connected to the Internet while the scan runs

[george759]

(09-02-2016, 04:09 PM)Partha Wrote:  I would like you to follow the steps in this sequence.....................

1. Make sure that the autorun is disabled via Panda's USB Vaccine or via the Panda antivirus

2. Insert the CD into the DVD Writer/Reader

3. Now right click the optical drive and select "Scan with Zemana Antimalware Free".  Make sure you are connected to the Internet while the scan runs

Let me repeat myself to the steps exactly, that I will follow :
A. I will plug-in the famous USB stick. This stick is already vaccinated through the Panda's USB Vaccine.
B. I will insert a new CD into the notebook. It is already formatted. and has only one Directory named 'AMA'. It does not contain any files.
C. I ran the EasUS app., with output to be assigned to 'D:\AMA'
D. I drag and drop into Zemana the 'D:\AMA' to perform checking
E. if all OK, I will try to open the accdb, the xlsx and the docx files from 'D:\AMA'

Do you agree ?

[Partha]

you wrote
B. I will insert a new CD into the notebook. It is already formatted. and has only one Directory named 'AMA'. It does not contain any files.

Did you mean that the notebook has only one directory named 'AMA' with no files inside it?

you wrote
C. I ran the EasUS app., with output to be assigned to 'D:\AMA'

Did you already run the app or are you about to run it? I am confused because you said that you "ran" it

you wrote
D. I drag and drop into Zemana the 'D:\AMA' to perform checking

I understand that you would like to place all the recovered files inside D:\AMA and, you can scan that folder as well but, your main point of concern as I recall, was if the files on the CD were safe or not

[george759]

you wrote
B. I will insert a new CD into the notebook. It is already formatted. and has only one Directory named 'AMA'. It does not contain any files.

Did you mean that the notebook has only one directory named 'AMA' with no files inside it?
NO, THE NOTEBOOK IS THE ONE I AM USING SO FAR.
I AM TALKING ABOUT A NEWLY FORMATTED CD, AND ON IT I HAVE CREATED A NEW DIRECTORY 'AMA' WITH NOTHING ELSE ON IT

you wrote
C. I ran the EasUS app., with output to be assigned to 'D:\AMA'

Did you already run the app or are you about to run it? I am confused because you said that you "ran" it
MY MISTAKE, I MEANT : " I WILL RUN THE EasUS APP "
AND THE OUTPUT WILL GO TO THE CD AND SPECIALLY IN THE DIRECTORY 'AMA', AS STATED IN   B.


you wrote
D. I drag and drop into Zemana the 'D:\AMA' to perform checking

I understand that you would like to place all the recovered files inside D:\AMA and, you can scan that folder as well but, your main point of concern as I recall, was if the files on the CD were safe or not

i MEAN THAT THE NEWLY CREATED DATA (ON THE CD AND MORE SPECIFICALLY IN THE DIRECTORY 'AMA', ie D:\AMA
WILL BE DRAGGED AND DROPPED INTO ZEMANA IN ORDER TO BE CHECKED.
AFTER THAT AND IF ZEMANA'S CHECK, HAS BEEN CONCLUDED SUCCESSFULLY , THE CONTENT OF THIS CD (D:\AMA\*.*)        ARE THEY SAFE      TO BE OPENED ??