06-02-2012 05:41 PM
I didn't delete the key you mentioned in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. I did delete the key that's in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run.
To be honest, if I didn't stop it, it would have encrypted all of my files. When I stopped it, I saved about half of them. But it still got around 200,000 files screwed up (mostly documents and installation files).
The virus encrypts all (.asm, .asmx, .jpg, .pdf, .txt, .rtf, .doc, docx, ppt, pptx, xls, xlsx, htm, html, .js, .css, .vbproj, .djvu, .frm, .cdr, .cdx, .php, .phpr, .phprt, .phpyt, phpyyt, .cer, .chm, .dfm, dpr, .key, .pas, .vbp, .wri and .xfm) files.
Did the virus total scan help?
06-02-2012 05:48 PM
Don't use the tool just above to do with photorec etc.
we need a exported winlogin key to see the ID etc.
I will also PM you with instructions for the file.
as for the If I didn't stop it................................., all you have to do is shift the files to another location to make them dormant but not delete them from the PC and don't alter the registry.
06-02-2012 07:05 PM
Thanks, I have the files I will have to unpack and repack. The guy for free that will try the work has gone to bed, we are also trying to get the files from Bleeping Computers thread to help with this and to compare.
06-02-2012 07:13 PM
where would i find it in my computer? i used norton to clean my computer after i was infected. thats all i did. i did not go to my registry or anything like that. so how do i proceed?
06-02-2012 08:38 PM
I also have had this virus infect my computer. Most of my files are backed up but not the most recent one. I would like to save the encrypted .jpg if possible. I have not deleted anything. Is there anything I can add to help?
06-02-2012 08:46 PM
guys on this thread for a minute just please slow down, I would rather do that as this involves personal files OK.
can you find the the registry key I mentioned previously, very slowly as I DON"T want it deleted but exported DON"T DELETE!!!!!