X
Xoyn Z Nikay
Guest
Am I doing everything correctly? I am unsure. Help please!
Hi,
I want to share with you what has happened and ask you for any comments, tips, suggestions and questions that might help me or tell me if I am doing something wrong.
I was infected at 11:20 am on December 26, 2018 with GandCrab 5.0.4 with extension QXFCEHV. Many files are encrypted and some files are not. I cleaned/killed the virus with scans from Malwarebytes and Avast, however, I notice that there appears to be something, remnants or something that tends to return with every restart or boot because I have removed the same file over and over again and now I notice I am not removing it, but I haven’t restarted either. Right now I am going through every file to see and a QXFCEHV-DECRYPT.txt file or the ransom note. Prior to understanding this crap a little better, I attempted to reinstall my OS and guess what? I could not as it stated things such as my user profile was missing. I tried to boot into safe mode and I couldn’t it kept giving me a wrong password message when I would go into safe mode and sign in. So, right now at this moment, I am trying to recover anything that I can recover. My first recovery run was sort of a test run to see if I could do it since it seems that there are things I cannot do. I used Disk Drill once and now I am using EaseUS recovery once. I am going to get an external drive and recover all I can to this drive to hold. Afterward, I am going to contact the PC manufacturer–talk to them–then I’m taking it to be professionally wiped clean and have the OS reinstalled since I cannot do it. I am praying for a new decryptor soon and until then I have kept those encrypted files so I can decrypt them later. One thing I do know is, no matter how bad something is, there is always someone that can find something to defeat that bad something. Nothing is original, better manipulated and mixed up, but not original. A working decryptor will be released. Reply with anything you’d like to tell me or add. Thanks so much!
P.S: I kept all encrypted files and I kept the ransome notes. I did manipulate one file to see what it does and what would happened. It was an encrypted .jpg file of some weeds in a garden I didn't mean to take..I changed the extensions back and forth. It still not a normal .jpg file and I cannot see the thumbnail but when I open the file I can see the picture just as it was.
More...
Hi,
I want to share with you what has happened and ask you for any comments, tips, suggestions and questions that might help me or tell me if I am doing something wrong.
I was infected at 11:20 am on December 26, 2018 with GandCrab 5.0.4 with extension QXFCEHV. Many files are encrypted and some files are not. I cleaned/killed the virus with scans from Malwarebytes and Avast, however, I notice that there appears to be something, remnants or something that tends to return with every restart or boot because I have removed the same file over and over again and now I notice I am not removing it, but I haven’t restarted either. Right now I am going through every file to see and a QXFCEHV-DECRYPT.txt file or the ransom note. Prior to understanding this crap a little better, I attempted to reinstall my OS and guess what? I could not as it stated things such as my user profile was missing. I tried to boot into safe mode and I couldn’t it kept giving me a wrong password message when I would go into safe mode and sign in. So, right now at this moment, I am trying to recover anything that I can recover. My first recovery run was sort of a test run to see if I could do it since it seems that there are things I cannot do. I used Disk Drill once and now I am using EaseUS recovery once. I am going to get an external drive and recover all I can to this drive to hold. Afterward, I am going to contact the PC manufacturer–talk to them–then I’m taking it to be professionally wiped clean and have the OS reinstalled since I cannot do it. I am praying for a new decryptor soon and until then I have kept those encrypted files so I can decrypt them later. One thing I do know is, no matter how bad something is, there is always someone that can find something to defeat that bad something. Nothing is original, better manipulated and mixed up, but not original. A working decryptor will be released. Reply with anything you’d like to tell me or add. Thanks so much!
P.S: I kept all encrypted files and I kept the ransome notes. I did manipulate one file to see what it does and what would happened. It was an encrypted .jpg file of some weeds in a garden I didn't mean to take..I changed the extensions back and forth. It still not a normal .jpg file and I cannot see the thumbnail but when I open the file I can see the picture just as it was.
More...