Jump to content

Desperetaly need help- back up data deleted by program


Tac Ke
 Share

Recommended Posts

Hello everyone,

The situation is my laptop windows 7 was infected with tesla ransomware. So far, I had run ESEC Security to scan the wole disk
Now I need to restore a file which created by the ransom, it s actually a junk text file and in it has the trace of the webpage to give money(ransom) taking the files back. I suppose it has been deleted during scanning
is there anyone experience the same situation or having some knowledge in this case?

I would appreciate too much

 

Below is the file I need to restore

post-9144-0-37561600-1444142076_thumb.png

Edited by Tac Ke
Link to comment
Share on other sites

  • Most Valued Members

why do you want to get the file back? are you seriously going to give them money? note that even if you do, there is NO guarantee that you will gain again access to your locked files

 

 

and always keep a full image backup of your C, on another location and external hard disk

Edited by pavilion_alex
Link to comment
Share on other sites

Hi there, thank you so much for the information,

 

Besides option paying the ransom, the objective is also to save temp internet and cache files, some of left over files (by the ransomware) to preserve evidence waiting for the Cure coming out

 

But now Im suppose, I had been frustratingly customed and let ESET wiping out all traces

i wonder if there is any way out to recover at least one of the evidence,,,,

 

hopefully there will be no more victims of this devastating virus anymore. Users need to maintain habit of backing up our valuable datas in external drive,,

Edited by Tac Ke
Link to comment
Share on other sites

Please provide 1-2 examples of encrypted files' names?

 

All the documents (image, words, excels) and audio file infected was titled abc at the extension and was encrypted in the content: Þ­¾ïˆik`³ÿvLHw7Grf4µW/¥:H‰jÝnëÈ«ôE2VÀ in Notepad view

 

I think I dont hold much evidence though, I will try to dig up any information/file left once again

Edited by Tac Ke
Link to comment
Share on other sites

  • Most Valued Members

surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis.

Link to comment
Share on other sites

  • Administrators

Encrypted files are not detected and thus are not in quarantine (this is ok, no reason to detect garbage). Since they have .abc extension, decryption is not possible and there's no need to restore the payment instructions from quarantine either.

 

Please run ESET Log Collector on the infected computer(s) as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466 and supply me with the output via a personal message.

Link to comment
Share on other sites

My Great Thanks for the replies

 

Files sent. (4,5 MB RAR file with three divided parts)

Edited by Tac Ke
Link to comment
Share on other sites

@pavilion_alex

 

first, thanks greatly for the reply,

regarding this

surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis.

I had tried reference at Cisco hxxp://blogs.cisco.com/security/talos/teslacrypt, they say it needs key.dat for the decrypt program, had searched but it is not in quaratine files, It is possible it was classified as malware and ve been deleted forever. already

well, such last vain effort has been tried. Now hopefully for the future then

 

P.S: If anyone knows any update information/positive news regarding this ransomware or any information of IT security authorities searching for the criminal etc....please kindly share/help too, here would send the deepest appreciation

 

Thank you so much

Edited by Tac Ke
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...