doctorWho 0 Posted January 11, 2016 Share Posted January 11, 2016 My wife's pc at work is infected with RSA-4096 virus for about a month. I am not sure what was the antivirus solution used at that time. A technician tried to fix it but, as he said, till now there is no better solution than format. I want to ask if Nod32 can clean the computer from the virus or, at least, if Nod32 can help her save her files. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 11, 2016 Administrators Share Posted January 11, 2016 It depends on what type / variant of Filecoder encrypted the files. If she has a license for ESET, have her run a full disk scan and post here the scan results so that we know what was detected. Link to comment Share on other sites More sharing options...
doctorWho 0 Posted January 12, 2016 Author Share Posted January 12, 2016 (edited) It depends on what type / variant of Filecoder encrypted the files. If she has a license for ESET, have her run a full disk scan and post here the scan results so that we know what was detected. She does not know if the company's tech person has any spare license, seh does not anything about it. If not, will the trial version do the job? Can I borrow her my license for only one scan? EDIT: after scanning, is there a way to save results in a file? Edited January 12, 2016 by doctorWho Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 13, 2016 Administrators Share Posted January 13, 2016 She can activate a trial version after install, however, if decryption of the files was possible it'd be necessary to purchase a license as assisted cleaning and decryption are provided as an extra service. Link to comment Share on other sites More sharing options...
Solution jcwrks 2 Posted January 13, 2016 Solution Share Posted January 13, 2016 Assuming your system restore points aren't hosed you can try shadowexplorer to recover files before the infection date. If that fails you could search for a tesladecrypt tool that works with your particular variant of the malware. Link to comment Share on other sites More sharing options...
doctorWho 0 Posted February 3, 2016 Author Share Posted February 3, 2016 Hello again!! As the technician seems to be unable to do something to help, I told my wife to forward the mail to my mail account. I used Acronis true Image to back my laptop's disk sector by sector and then I opened the mail with the virus. I wanted to infect the laptop in order to be able to give you accurate info, log etc for the virus. The mail has an attached zip file containing only a .js file. I ran it and nothing happened. With right click I opened the properties, In the General tab I checked the Unlock radio button (It was saying "the file came from another computer and might be blocked to help protect this computer"), pressed Apply and tried again. I ran it many times and nothing happened. I uninstalled nod32 version 8, rebooted and ran it again. Nothing happens. My laptop cannot be infected? Why? My wife's pc has windows XP. My laptop has windows 7. Is it the reason for not getting infected? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted February 3, 2016 Administrators Share Posted February 3, 2016 If the js file is malicious and can be actually loaded without errors, most likely it's a downloader with links that do not work any more. As a result, running it wouldn't do anything bad. You can submit the js file to Virustotal to find out how other scanners detect it. I assume it will be detected by ESET as well. Link to comment Share on other sites More sharing options...
doctorWho 0 Posted February 4, 2016 Author Share Posted February 4, 2016 Here is the report from VirusTotal. Nod32 is not detecting it. https://www.virustotal.com/el/file/d133f70b8c784de760c3a949cf9a6b24708812a62607a5e18f7fcc8721c3333c/analysis/1454588471/ Link to comment Share on other sites More sharing options...
doctorWho 0 Posted February 4, 2016 Author Share Posted February 4, 2016 I made it!! My wife sent me via mail two encrypted files. I used TeslaDecoder from here: hxxp://download.bleepingcomputer.com/BloodDolly/TeslaDecoder.zip and followed the instructions from "Instructions.html" which is inside the zip file of the TeslaDecoder. In an hour (with my pour 3GHz 4-core AMD cpu) I managed to find the key needed to decrypt these files. Thank you my friend jcwrks !!! Link to comment Share on other sites More sharing options...
safety 8 Posted August 22, 2016 Share Posted August 22, 2016 My wife's pc at work is infected with RSA-4096 virus for about a month. I am not sure what was the antivirus solution used at that time. A technician tried to fix it but, as he said, till now there is no better solution than format. I want to ask if Nod32 can clean the computer from the virus or, at least, if Nod32 can help her save her files. @doctorWho We had to immediately specify the extension of the encrypted files. If it was * .vvv, then at this point, ESET has been the solution for decoding. But like BloodDolly. Link to comment Share on other sites More sharing options...
Recommended Posts