Desperetaly need help- back up data deleted by program

[Tac Ke 0]

Hello everyone,

The situation is my laptop windows 7 was infected with tesla ransomware. So far, I had run ESEC Security to scan the wole disk
Now I need to restore a file which created by the ransom, it s actually a junk text file and in it has the trace of the webpage to give money(ransom) taking the files back. I suppose it has been deleted during scanning
is there anyone experience the same situation or having some knowledge in this case?

I would appreciate too much

 

Below is the file I need to restore

Edited October 7, 2015 by Tac Ke

[Marcos 5,074]

Please provide 1-2 examples of encrypted files' names?

[shocked 60]

why do you want to get the file back? are you seriously going to give them money? note that even if you do, there is NO guarantee that you will gain again access to your locked files

 

 

and always keep a full image backup of your C, on another location and external hard disk

Edited October 6, 2015 by pavilion_alex

[Tac Ke 0]

Hi there, thank you so much for the information,

 

Besides option paying the ransom, the objective is also to save temp internet and cache files, some of left over files (by the ransomware) to preserve evidence waiting for the Cure coming out

 

But now Im suppose, I had been frustratingly customed and let ESET wiping out all traces

i wonder if there is any way out to recover at least one of the evidence,,,,

 

hopefully there will be no more victims of this devastating virus anymore. Users need to maintain habit of backing up our valuable datas in external drive,,

Edited October 7, 2015 by Tac Ke

[Tac Ke 0]

Please provide 1-2 examples of encrypted files' names?

 

All the documents (image, words, excels) and audio file infected was titled abc at the extension and was encrypted in the content: Þ­¾ïˆik`³ÿvLHw7Grf4µW/¥:H‰jÝnëÈ«ôE2VÀ in Notepad view

 

I think I dont hold much evidence though, I will try to dig up any information/file left once again

Edited October 7, 2015 by Tac Ke

[shocked 60]

surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis.

[Marcos 5,074]

Encrypted files are not detected and thus are not in quarantine (this is ok, no reason to detect garbage). Since they have .abc extension, decryption is not possible and there's no need to restore the payment instructions from quarantine either.

 

Please run ESET Log Collector on the infected computer(s) as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466 and supply me with the output via a personal message.

[DavidSmelser 0]

I'm rather concerned that the original poster got infected with ransom ware even though he had ESET installed.

[Tac Ke 0]

My Great Thanks for the replies

 

Files sent. (4,5 MB RAR file with three divided parts)

Edited October 14, 2015 by Tac Ke

[Tac Ke 0]

@pavilion_alex

 

first, thanks greatly for the reply,

regarding this

surely they must be in the quarantine if they aren't deleted for good. go there, right click them and submit them for analysis.

I had tried reference at Cisco hxxp://blogs.cisco.com/security/talos/teslacrypt, they say it needs key.dat for the decrypt program, had searched but it is not in quaratine files, It is possible it was classified as malware and ve been deleted forever. already

well, such last vain effort has been tried. Now hopefully for the future then

 

P.S: If anyone knows any update information/positive news regarding this ransomware or any information of IT security authorities searching for the criminal etc....please kindly share/help too, here would send the deepest appreciation

 

Thank you so much

Edited October 14, 2015 by Tac Ke