As the title obviously indicates I have a virus issue. Well the wife does. She got one of those funky emails on her laptop with a link planted in it with no explanation, curiosity drew her in and even though I've warned her and everyone else not to she clicked on it anyway!!!

So I believe I have expelled the CryptoWall but I can't seem to remove the HELP_Decrypt items from the startup menu. I also have yet to find a way that I trust to decrypt the files that this nasty bugger encrypted!

Has anyone here dealt with this??

 

Hit our network. Machine that launched the virus had to be wiped and reloaded. Encrypted files are lost. We suffered naught because we use a dynamic backup system that replaced the several thousand damaged files.

I have never heard of anyone successfully decrypting the files even if they paid the ransome.


The same user that launched this one launched another one a few months ago. He uses the slowest machine in the office.......by design.

 

The good thing is there wasn't many files so I'm not so worried about that. Under system configuration these Help_Decrypt files are in the "startup" menu. I've unchecked them but I want to delete them from the machine. I did a search on the C drive and found them as well as many others. I considered just deleting them all but I'm worried that I might crash the machine. What are your thoughts on that?

 

The virus probably has a hidden backup and registry entries to fire them off later. The only solution I know of is to wipe and reload. Any temp fix is only to buy time to copy files before they're infected.