Go to safe mode

Then open sys restore and restore to a 2 days older date

 

This should rectify ur prob as mine was corrected by this step, let us know if it helps. 

Hello,

 

Did you run any files before you encounter the problem?

If so, that may be the culprit.

 

If you remember and still have the file, can you send the file to us for analysis?

You can submit the file via https://submit.symantec.com/websubmit/retail.cgi.

 

Please reply this message with tracking # you received.

badhannobiscuit:

 

Do not change any more file extensions as this may prevent the file from being unencrypted.  Removal of the malware will not correct the file extensions. There are links to two possible fixes, both programs offering trials.  Only small numbers of files can be corrected at one time in the trial versions.

 

http://www.softpedia.com/get/Security/Decrypting-Decoding/Unvicrypt.shtml

 

http://www.exquisysltd.com/productinfo.php?p=DA02EX

 

I would recommend reading the information on the site carefully to make an informed decision.

Thank you for all the ideas. Here we go...

 

I tried to restore the system to the way it was before this, when it reboots it says unable to restore system, despite having daily restore points. I tried several different restore points, all with the same failure.

 

I believe that equisysltd is the releaser of this malware due to their advertising on every post that names .vicrypt. It is certainly not professional advertising.

 

Unvicrypt does not work on this, I already tried it. It is unable to change a single file back to normal.

 

I downloaded 3 files, all from Softpedia, right before this happened. The files are here: [Removed]

 

I personally believe it is the first file on that list.

 

I am working from my laptop as I have isolated the other computer from my network/the internet to prevent any further issues, so I do not have the files, and I am unwilling to download them to my laptop and risk the same thing.

 

On another note, the computer is running windows xp sp3, norton IS 2010, and I have not had a virus since the late 1990's. I downloaded these files from softpedia, which I used to trust, and scanned them with NIS, which i used to trust, before I opened them.

 

That computer has all of my school work on it, and all of my photos. I will format and reinstall, I just need some way to recover those files.

 

[edit: Please do not direct link to malicious websites per the Participation Guidelines and Terms of Service.]

Try sys restore in only safe mode, coz norton prevents sys restore in normal mode.

 

Had u tried it in safe mode or normal mode? 

i'm not about nis2010, but older versions of nis you had to turn off norton tamper protection for system restore to work

I just tried to restore again in safe mode and safe mode with networking, it failed in both instances. I tried restore points to almost a month ago. Could this thing have somehow burrowed into the restore points and be making them fail?

Ya but after that encryption thing, he might not be able to turn off tamper prot or may be he has not done it.

In safe mode all other util other than norton are not blocking sys restore, so its better to restore using safe mode than normal. 

gupta, you had the exact same problem with vicrypt? Where the heck did this come from? isn't system restore not supposed to change your files when it restores? I am going to try to turn off tamper protection and restore.