Recover from Cryptolock virus

how best to recover from the cryptolock virus? Also the "firefox.exe" file was lost during the virus cleaning. The rest of the dir tree under "Programs files/Mozilla Firefox" dir is intact. Of course all standard file types that this virus goes after are encrypted under "My Documents" dir tree. Most files are there but others are encrypted. All of this happen on a windows XP home 32-bit PC.
Firefox was the default web access program, so many other programs that try to access the web through Firefox crash or do not run right. There are a number of add ons to Firefox (such as epub, and other readers, PDF, translators, download manager, etc.). Some of the these have files that where encrypted.

Do to the non-response I got from this forum, I had to take solving this in my own hands and here is the results.
First I made a backup all of the dir sets that Firefox uses under "Programs" and "Documents and Settings". This was a precaution against losing some file that sill maybe needed, such as the bookmarks and other personalization data. Being there was no help from this forum on what to do, I copied everything. Then down loaded the latest version (29 in this case) of the installer on a different computer and put it on a USB drive to move to the computer under repair. MS Internet Explorer was never setup or used (although the updates where installed) on the repair computer. I did not want to go through time to see if IE is working, it is not the point here. I then moved the installer file to a temp dir on the repair computer, then ran it. It installed all of Firefox and as expected had some issues with the add-ons. Going through the add-ons one at a time, most just needed a update download and where fine, the Microsoft .Net need to be removed/uninstalled and reinstalled to get it working. Then I went back through the dir sets and removed all of the encrypted files that where left behind, they can't be used anyway. The backup files where not needed and I will be deleting them soon. At this time all is well. See it wasn't that hard to explain.
And to Philipp, Yes I will be moving to a newer OS in the near future. But I will be doing that at my own time of choice and need to run the two computers in parallel as I transfer data and programs.
One should never be in a hurry to spend money.

Similar Messages

  • What is the name of the folders which are your backup of Itunes library? I am recovering from a virus, have no workable desktop in Win XP, but can search and find files and folders. I would like to move these backup files to a new computer

    what is the name of the folders which are the backup of Itunes library? I am recovering from a virus, have no workable desktop in Win XP, but can search and find files and folders. I would like to move these backup files to a new computer, authorize it and sync with Iphone 3Gs and Ipod 5th gen.
    I

    I second the whole iTunes folder approach.
    If for some reason you have split the media folder from the library files then the media folder needs to restored to the same path it used to have while the library files can be copied into the music folder of your new profile.
    If in dobut, backup up the entire Documents and Settings folder before wiping the infected drive, but be selective about what you restore as many viruses drop active components capable of reinfecting the compuer in the temp folders and internet caches. It is much easier to backup more than you need than to discover after the fact that you no longer have access to some vital project you'd been storing in a folder on the desktop.
    tt2

  • Where specifically do I need to tell my software to recover from after an OS wipe and reinstall due to a fatal crash?

    I have read several questions and their answers about where backups for an apple device are stored, but the restores do not contain any of my photos (according to iphone backup extractor) and I am wondering if I need to undelete additional data from the hard drive and where to recover from.  Also, none of my apps were in the specified location either (part of the path did not exist for me, and yes I enabled showing hidden files and folders before checking).  I really really need some of these pictures back so I hope someone is able to h

    First you don't have a virus because none exist for OS X. So you can stop worrying about hat. If you recently got a warning about a Virus and accepted downloaded some software then you fell for a Trojan. Here is an article about that and how to rid yourself of it.
    If you did not download anything like that then doing a Erase and Install would be the way to go. Here is a video that will show you exactly what to do.

  • After delete plugin, all bookmarks dispeared. I am able to use hard drive recover , found firefox.bak. Can I recover from there?

    After delete plugin, all bookmarks dispeared. I am able to use hard drive recover , found firefox.bak folder. Can I recover from there?

    Thanks.
    Just to get the terminology right, neither Spybot Search & Destroy nor Avast Browser Cleanup are supposed to clean viruses. This is what anti-virus software is for.
    Avast Browser Cleanup is a tool that serves to delete unwanted toolbars and plug-ins. None of these are viruses.
    I haven't heard about Avast Browser Cleanup before, and it's certainly not something I'd have used. In any case, it's not supposed to kill your profile.
    ''I have recovered a folder called Mozilla Firefox.bak and some other stuffs''
    So what's in that recovered folder? If it contains the automatically created backups of your bookmarks, you can recover your bookmarks from that.
    https://support.mozilla.org/en-US/kb/restore-bookmarks-from-backup-or-move-them

  • How do I best backup preference settings within Firefox ADD-ONs? RECOVERING from FireFOX RESET

    ''added this question to this - https://support.mozilla.org/en-US/questions/948264 - question thread - locking''
    Hello:
    what is ffox support suggested procedure to backup your preference settings set in each of the ADD-ONs.
    I currently have over 50 add-ons and the list seems to be growing each month.
    My add-on component is becoming a major component of my Firefox solution.
    Great in functionality, dangerous for recovering from the Firefox RESET feature.
    I have searched help online and found nothing of value to provide clear steps of what one must to do.
    Thankyou

    Which security software (firewall, anti-virus) do you have?
    Some security software has virtualization or sandbox features that may cause problems by protecting and restoring files in the Firefox profile folder.
    Try to rename or delete the prefs.js file and possible numbered prefs-##.js files and a possible user.js file to reset all prefs to the default values.
    *http://kb.mozillazine.org/Preferences_not_saved
    *http://kb.mozillazine.org/Resetting_preferences
    If you rename the file(s) then you can undo the action or inspect the files with an editor like Notepad.
    Do a malware check with some malware scanning programs on the Windows computer.<br />
    You need to scan with all programs because each program detects different malware.
    Make sure that you update each program to get the latest version of their databases before doing a scan.
    *Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php
    *SuperAntispyware:<br>http://www.superantispyware.com/
    *Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx
    *Windows Defender: Home Page:<br>http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
    *Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html
    *Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan
    You can also do a check for a rootkit infection with TDSSKiller.
    *http://support.kaspersky.com/viruses/solutions?qid=208280684
    See also:
    *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

  • Can't recover from sleep sometimes: "Oh no! Something has gone wrong!"

    I'm running gdm + gnome-shell (force fallback mode) on a Thinkpad W520 with intel integrated graphics only (via bios setting, so no optimus). Once a week or so, my Laptop fails to go to sleep properly and to recover from it.
    It basically works like this, normally when I close the lid, the sleep LED blinks a couple of times, and then stays on (and you can hear the fan turn off). When sending the laptop to sleep fails, the led blinks indefinitely (like, all night, if you let it), the fan keeps running as well.
    Once you open the lid again, you are greeted with the message "ACPI: Unable to dock!" on a black screen. This happens when successfully recovering from sleep mode as well, though.
    Shortly afterwards, instead of seeing a password prompt, you see this:
    http://wocares.com/host/images/516726_sleeperr1.jpg
    I tried to search the problem but couldn't find anything that was quite like my problem. I did however find someone saying the ~/.xsession-errors file could contain clues. So here is that:
    /etc/gdm/Xsession: Beginning session setup...
    localuser:esl being added to access control list
    /etc/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent -- gnome-session
    GNOME_KEYRING_CONTROL=/home/esl/.cache/keyring-JAbzae
    GNOME_KEYRING_CONTROL=/home/esl/.cache/keyring-JAbzae
    SSH_AUTH_SOCK=/home/esl/.cache/keyring-JAbzae/ssh
    GNOME_KEYRING_CONTROL=/home/esl/.cache/keyring-JAbzae
    SSH_AUTH_SOCK=/home/esl/.cache/keyring-JAbzae/ssh
    GNOME_KEYRING_CONTROL=/home/esl/.cache/keyring-JAbzae
    SSH_AUTH_SOCK=/home/esl/.cache/keyring-JAbzae/ssh
    GPG_AGENT_INFO=/home/esl/.cache/keyring-JAbzae/gpg:0:1
    (gnome-panel:1563): Gtk-CRITICAL **: gtk_accelerator_parse_with_keycode: assertion `accelerator != NULL' failed
    ** (gnome-panel:1563): WARNING **: Unable to parse mouse modifier '(null)'
    Failed to play sound: File or data not found
    Initializing tracker-store...
    Tracker-Message: Setting up monitor for changes to config file:'/home/esl/.config/tracker/tracker-store.cfg'
    ** (nm-applet:1585): WARNING **: Could not initialize NMClient /org/freedesktop/NetworkManager: Launch helper exited with unknown return code 1
    ** Message: applet now removed from the notification area
    ** (nm-applet:1585): WARNING **: fetch_connections_done: error fetching connections: (25) Launch helper exited with unknown return code 1.
    ** (nm-applet:1585): WARNING **: Failed to register as an agent: (25) Launch helper exited with unknown return code 1
    ** (process:1578): WARNING **: Trying to register gtype 'GMountMountFlags' as enum when in fact it is of type 'GFlags'
    ** Message: Starting applet secret agent because GNOME Shell disappeared
    ** (nm-applet:1585): WARNING **: Failed to register as an agent: (25) Launch helper exited with unknown return code 1
    ** (process:1578): WARNING **: Trying to register gtype 'GDriveStartFlags' as enum when in fact it is of type 'GFlags'
    ** (process:1578): WARNING **: Trying to register gtype 'GSocketMsgFlags' as enum when in fact it is of type 'GFlags'
    Tracker-Message: Setting up monitor for changes to config file:'/home/esl/.config/tracker/tracker-store.cfg'
    ** Message: applet now embedded in the notification area
    (gnome-settings-daemon:1515): Gtk-WARNING **: gtk_widget_size_allocate(): attempt to allocate widget with width -8 and height 27
    (nm-applet:1585): Gtk-WARNING **: gtk_widget_size_allocate(): attempt to allocate widget with width -23 and height 27
    ** Message: applet now removed from the notification area
    Starting log:
    File:'/home/esl/.local/share/tracker/tracker-store.log'
    (notification-daemon:1608): Gtk-WARNING **: gtk_widget_size_allocate(): attempt to allocate widget with width -23 and height 27
    Any help or pointers in the right direction would be appreciated.

    I'm having the same problem as you on a T420 (without optimus), see here: https://bbs.archlinux.org/viewtopic.php?pid=1131177

  • Blue screen error "windows has recovered from a unexpected shutdown"

    Hi guys
    I am using laptop & everyday it will unexpectedly shutdown and shows Blue screen error "windows has recovered from a unexpected shutdown"...Pls help me to resolve this issue.
    Problem signature:
      Problem Event Name: BlueScreen
      OS Version: 6.1.7600.2.0.0.256.48
      Locale ID: 1033
    Additional information about the problem:
      BCCode: d1
      BCP1: 00000030
      BCP2: 00000002
      BCP3: 00000000
      BCP4: 8F2DA8A5
      OS Version: 6_1_7600
      Service Pack: 0_0
      Product: 256_1
    Files that help describe the problem:
      C:\Windows\Minidump\062614-23836-01.dmp
      C:\Users\Venkateshwara swamy\AppData\Local\Temp\WER-74552-0.sysdata.xml
    Read our privacy statement online:
      http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
    If the online privacy statement is not available, please read our privacy statement offline:
      C:\Windows\system32\en-US\erofflps.txt

    It could be some driver compatibility issues.
    http://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx
     http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners.aspx
    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • I AM UNABLE TO CONNECT TO ANY WEBSITE USING FIREFOX. EVEN THOUGH, I HAVE BEEN USING FIREFOX ON THE SAME COMPUTER FOR YEARS WITH NO DIFFICULTY. THE PROBLEM AROSE AFTER COMCAST, MY ISP, RECOVERED FROM A WIDESPREAD OUTAGE THAT LASTED 5 HOURS.

    I SUCCEEDED IN TRANSFERING ALL MY BOOKMARKS TO GOOGLE CHROME. THIS WILL ALLOW ME ACCESS TO WEBSITES WHILE I WAIT FOR A METHOD TO REPAIR MY FIREFOX PROGRAM. IN A PREVIOUS MESSAGE, I EXPLAINED THAT I WAS UNABLE TO ACCESS ANY WEBSITE USING FIREFOX AFTER COMCAST, MY ISP, RECOVERED FROM AN OUTAGE THAT LASTED 5 HOURS. WHENEVER I TRIED TO CONNECT TO A SITE, A POP-UP MESSAGE APPEARED INDICATING: "UNABLE TO INITIALIZE THE APPLICATION'S SECURITY COMPONENT. THE MOST LIKELY CAUSE IS PROBLEMS WITH FILES IN YOUR APPLICATION'S PROFILE DIRECTORY. CHECK THAT THIS DIRECTORY HAS NO READ/WRITE RESTRICTIONS." I EVEN REMOVED FIREFOX FROM MY COMPUTER AND DOWNLOADED IT AGAIN, FIGURING THAT BY NOT MERELY USING AN UPGRADE, I WOULD BE INSTALLING A COMPLETELY FRESH DOWNLOAD. UNFORTUNATELY, I RECEIVED THE SAME DISAPPOINTING RESULT, WITH THE SAME POP-UP MESSAGE RE-APPEARING. HOWEVER USING BOTH GOOGLE CHROME AND INTERNET EXPLORER, I WAS ABLE TO CONNECT TO WEBSITES. SO I HAVE TO CONCLUDE THAT THE PROBLEM IS NOT WITH MY INTERNET CONNECTION.

    Press '''START + R''' in keyboard to open the '''Run''' box(or '''start''' then '''run''') , type in the RUN box '''%APPDATA%''' (or copied in just i wrote, bold text) then click '''OK'''. A Windows Explorer window will appear, in this window, choose '''Mozilla''' then '''Firefox''' then '''Profiles'''. Each folder in the "Profiles" folder (e.g., "xxxxxxxx.default") is a profile on your computer (maybe is one file if you have only one profile).
    see for more info : [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile folder - Firefox ]
    try it, good luck
    thanks again

  • Recovering from a network drive

    Hey all
    I've been successfully using Time machine on a network drive (using "defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1"
 in a console). Unfortunately, my HDD broke and apple support had to install a new one.
    Now, how do I restore from that network drive again? I have a freshly installed and fully updated Leopard already and would like to just restore the users' settings. But, the network drive isn't visible in the migration assistant.
    I even tried to copy the network drive's content to a firewire disc... still nothin visible.
    What else can I do?
    Thanks a million!!!
    Bernhard

    Yes, I can mount the image and thus have access to all revisions stored by time machine. Maybe I could use rsync to get the data back in place? My hope was to make time machine recognize the image on the (now) local drive and recover from there... is that possible?
    I know that it's unsupported to use time machine on a nas, but - for me - running time machine on a local hdd just doesn't make much sense (I want multiple computers to do their backup to the same drive and I also want to separate the backup drive from the original drives physically). I also don't see why this should be so difficult to implement (Vista can do it btw... :-)), unless, of course, Apple wants to sell its time capsules...
    Anyway, I didn't want to complain, I would just like to get my data back.
    Thanks for your help!
    Bernhard

  • Following hard drive failure on iMac running Maverick I have recovered from TimeMachine backup but now app store does not connect. All other internet connections normal. Does anyone know of a fix?

    following hard drive failure on iMac running Maverick I have recovered from TimeMachine backup but now app store does not connect. All other internet connections normal. Does anyone know of a fix?
    Also mail not loading. The error report suggests that I look for updates from the app store?

    http://www.apple.com/support/mac/app-store/contact/

  • CCM 8.6.1- Installation Failed. Restart install to recover from failure

    Hi All,
    I am installing CCM 8.6.1 on an MCS7835I3 platform. The platform came with CCM 8.6.1 preloaded on the harddrive. During the installation linux detected some compenents like NIC, Raid, and USB.
    then after checking some components i face below error
    "The installtion has failed and must be restarted to recover from the faliure.
    You may dump diagnostic information at this time to a USB storage key. Would you like to dump diagnostic information"
    I am try to figure out what is causing this message.
    Pls help me!!

    Hi
    It seems to me that your server did not begin the CUCM installation. If you already have pre-loaded CUCM media in the server hard disk then you should first check the boot sequence on the server. Make sure that the first option is the hard disk.
    Once confirmed, restart the server.
    If you still face the issue, then i suggest that you install CUCM from CD.
    Below is the installation document. Do check the server compatibility and hardware requirements.
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/install/8_6_1/install/cmins861.html
    Regards ,
    - Jayant

  • Mac Pro display does not recover from sleep

    Hello,
    I have a Mac Pro Mid 2010 with two graphics cards (ATI 5770 & nVidia Geoforce GT 120) and three displays.  After intense use of the GPUs with graphics processing jobs, and after the screen goers to sleep, they do not recover.  The computer is accessible via the network (ping, ssh, etc) however, the screens blank out and no longer recover from sleep.  The only resolution is to reboot.
    I have already run memtest all just to make sure there isn't a memory issue.  All tests passed.  Also, this issue has ocurred with Mountain Lion and Mavericks.
    Does anyone have any suggestions or experiences with regard to this iussue?
    Thanks

    Update -- I now can reproduce the issue at will and it is definitely related to the sleep feature and has gotten much worse under OS X Mavericks.  Side Rant -- First let me note how disappointing Mavericks is as a platform.  Apple's output seems to be getting progressively less thought out, reliable and buggy. 
    Now back to the issue.  I created a hot corner that puts my display to sleep.  Every time I active the hot corner the system display is lost -- that is the system continues to function and respond via network (ping, ssh, etc) but no joy on un-sleeping the displays. 
    I have Mac Pro Mid 2010 w/ 2x 2.4Ghz Quad Core, 32GB RAM, ATI 5770 and NVidia Geoforce GT 120 using three displays (2x 27" Apple and 1x Panasonic 1080P HD TV) running OS X 10.9.1 (13B42).

  • Itunes 7 + Win XP Pro (Recover from a serious error0

    Everytime i turn on my PC I get this window telling me that windows has recovered from a serious error. The last blue screen I got was almost a week ago. I have done system retore to pre iTunes 7 and i continue to get this error. iTunes 7 is the only recent change to my computer(which is almost 5 yrs old) Is it my computer, Windows, or iTunes??

    i wish I had time to do that except by the time i reformat, and restore all my files that will kill a whole afternoon. I plan on buying an imac when leopard comes out, considering that itunes , office and IE are all i use this computer for hopefully it can survive til spring (knock on wood) Thanks

  • MBP not recovering from sleep / Strange 'freezing' crashing...

    I'm having a VERY strange issue here.
    Over the past week, my MBP (only 4 months old?) has become suddenly unable to recover from sleep. I'll be watching a movie in FrontRow, 'sleep' it from my Apple remote, and then when it re-awakens, the screen fires up but it's black (as in, the backlight is obviously on and drive/fan spins up, but no image on display).
    Then, just tonight, I've been working on some websites, nothing too intensive, maybe running iTunes and Safari in the background alongside 'DreamWeaver', and the whole system just FROZE. I can't type, I can't move the cursor, the screen is completely frozen. I kept waiting for the familiar 'kernel panic' screen to appear or something, but I've never seen any Apple machine do this before...
    It's kinda worrying as I'm not particularly stressing the machine or anything.... any ideas??

    Try setting your SMC controller - especially if its a wake and sleep related issue.
    http://support.apple.com/kb/HT3964
    Likewise in Utilities, open 'Console' to look at your logs. There will be diagnostic messages (I hope) about the crash.
    You could also run the activity monitor to make sure processes aren't topping out and hogging the CPU.

  • Is there any file carver technology tool to recover from a HDD only a group of named jpg files

    Is there any file carver technology tool to recover from a HDD only a group of named jpg files that i lost? I lost 500 jpg files in my iPhoto library named i.e from 1.jpg to 500.jpg and I want to recover ONLY them from an 1TB external WD My Book e-sata disk, to avoid time waste and unwanted jpg files.
    I' ve used data recovery software as Photorec, but it recovers all the jpgs it can find, it can't search for specific name files and as it uses its own naming for the files it recovers, i have thousands of photos to look up and find these i really want.Not to mention so much waiting time.
    Even if you know other technology tool that can help me please tell me.
    I've also used StellarPhoenixMacDataRecovery that is not file carving tool, but with similar results.

    Prosoft Data Rescue may be what you need.  Others may work that way, that are described here:
    My data has become inaccessible, and I don't have a backup!

Maybe you are looking for