Tac Ke 0 Posted October 6, 2015 Posted October 6, 2015 (edited) Hello everyone, The situation is my laptop windows 7 was infected with tesla ransomware. So far, I had run ESEC Security to scan the wole diskNow I need to restore a file which created by the ransom, it s actually a junk text file and in it has the trace of the webpage to give money(ransom) taking the files back. I suppose it has been deleted during scanningis there anyone experience the same situation or having some knowledge in this case? I would appreciate too much Below is the file I need to restore Edited October 7, 2015 by Tac Ke
Administrators Marcos 5,451 Posted October 6, 2015 Administrators Posted October 6, 2015 Please provide 1-2 examples of encrypted files' names?
Most Valued Members shocked 60 Posted October 6, 2015 Most Valued Members Posted October 6, 2015 (edited) why do you want to get the file back? are you seriously going to give them money? note that even if you do, there is NO guarantee that you will gain again access to your locked files and always keep a full image backup of your C, on another location and external hard disk Edited October 6, 2015 by pavilion_alex
Tac Ke 0 Posted October 7, 2015 Author Posted October 7, 2015 (edited) Hi there, thank you so much for the information, Besides option paying the ransom, the objective is also to save temp internet and cache files, some of left over files (by the ransomware) to preserve evidence waiting for the Cure coming out But now Im suppose, I had been frustratingly customed and let ESET wiping out all traces i wonder if there is any way out to recover at least one of the evidence,,,, hopefully there will be no more victims of this devastating virus anymore. Users need to maintain habit of backing up our valuable datas in external drive,, Edited October 7, 2015 by Tac Ke
Tac Ke 0 Posted October 7, 2015 Author Posted October 7, 2015 (edited) Please provide 1-2 examples of encrypted files' names? All the documents (image, words, excels) and audio file infected was titled abc at the extension and was encrypted in the content: Þ¾ïˆik`³ÿvLHw7Grf4µW/¥:H‰jÝnëÈ«ôE2VÀ in Notepad view I think I dont hold much evidence though, I will try to dig up any information/file left once again Edited October 7, 2015 by Tac Ke
Most Valued Members shocked 60 Posted October 7, 2015 Most Valued Members Posted October 7, 2015 surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis.
Administrators Marcos 5,451 Posted October 7, 2015 Administrators Posted October 7, 2015 Encrypted files are not detected and thus are not in quarantine (this is ok, no reason to detect garbage). Since they have .abc extension, decryption is not possible and there's no need to restore the payment instructions from quarantine either. Please run ESET Log Collector on the infected computer(s) as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466 and supply me with the output via a personal message.
DavidSmelser 0 Posted October 8, 2015 Posted October 8, 2015 I'm rather concerned that the original poster got infected with ransom ware even though he had ESET installed.
Tac Ke 0 Posted October 14, 2015 Author Posted October 14, 2015 (edited) My Great Thanks for the replies Files sent. (4,5 MB RAR file with three divided parts) Edited October 14, 2015 by Tac Ke
Tac Ke 0 Posted October 14, 2015 Author Posted October 14, 2015 (edited) @pavilion_alex first, thanks greatly for the reply, regarding this surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis. I had tried reference at Cisco hxxp://blogs.cisco.com/security/talos/teslacrypt, they say it needs key.dat for the decrypt program, had searched but it is not in quaratine files, It is possible it was classified as malware and ve been deleted forever. already well, such last vain effort has been tried. Now hopefully for the future then P.S: If anyone knows any update information/positive news regarding this ransomware or any information of IT security authorities searching for the criminal etc....please kindly share/help too, here would send the deepest appreciation Thank you so much Edited October 14, 2015 by Tac Ke
Recommended Posts