Hello. First of all, I apologize if I'm posting this to wrong subforum, but I figured this would be the best place to ask.
Anyway, after cleaning sisters PC with various tools over the past few days, I've managed to get rid of this nasty trojan called CTB Locker (or at least that's the name I've seen on my desktop). There are no traces left of it, no new files are being infected and no software is finding anything.
But now I'm left with a whole new problem. Bunch of files, 4971 to be exact had their extension changed to something not even Google is familiar with: .NXSDBFH
I've spent hours trying to figure it out, visited countless forums and have read hundreds of posts from other users who had contact with this or similar ransomware, but to no success. I'm simply unable to decrypt the files and obviously, reverting extension back to it's original one is not working. I've tried to use te94decrypt.exe from Dr.Web, but whatever key I use it scans the PC and simply ends with "0 files decrypted".
So now, I'm asking fellow tomshardware members if anyone else has any other idea? Neighbour who works in IT told me I shouldn't have cleaned the virus without being able to decrypt my files first, but that doesn't make sense to be honest. System restore doesn't work, since there weren't any system restore points before and I've read this virus deletes all of them anyway.
There are three more things on my mind which are doable, and that's sending Dr.Web one file, but to do that, I need to purchase Dr.Web, but being a student is not helping the cause. Second one would be data recovery, as I've read some versions of this virus don't modify files, but rather copy them, change the copied one and delete original - but then again, I'm not sure which software I should use, considering PhotoRec hasn't been as useful - it's restoring every single thing and files have it's own name, so there's no way I could find those 5k infected files in 800k+ files total. Last would be paying money to whoever made the virus to send me the key so I can decrypt the files, but that costs even more than above mentioned Dr.Web solution and honestly, what is the chance this person/company/whoever would actually send the key?
So there I am, having exhausted all other possibilities, asking for your help. Any and all suggestions are welcome!
Anyway, after cleaning sisters PC with various tools over the past few days, I've managed to get rid of this nasty trojan called CTB Locker (or at least that's the name I've seen on my desktop). There are no traces left of it, no new files are being infected and no software is finding anything.
But now I'm left with a whole new problem. Bunch of files, 4971 to be exact had their extension changed to something not even Google is familiar with: .NXSDBFH
I've spent hours trying to figure it out, visited countless forums and have read hundreds of posts from other users who had contact with this or similar ransomware, but to no success. I'm simply unable to decrypt the files and obviously, reverting extension back to it's original one is not working. I've tried to use te94decrypt.exe from Dr.Web, but whatever key I use it scans the PC and simply ends with "0 files decrypted".
So now, I'm asking fellow tomshardware members if anyone else has any other idea? Neighbour who works in IT told me I shouldn't have cleaned the virus without being able to decrypt my files first, but that doesn't make sense to be honest. System restore doesn't work, since there weren't any system restore points before and I've read this virus deletes all of them anyway.
There are three more things on my mind which are doable, and that's sending Dr.Web one file, but to do that, I need to purchase Dr.Web, but being a student is not helping the cause. Second one would be data recovery, as I've read some versions of this virus don't modify files, but rather copy them, change the copied one and delete original - but then again, I'm not sure which software I should use, considering PhotoRec hasn't been as useful - it's restoring every single thing and files have it's own name, so there's no way I could find those 5k infected files in 800k+ files total. Last would be paying money to whoever made the virus to send me the key so I can decrypt the files, but that costs even more than above mentioned Dr.Web solution and honestly, what is the chance this person/company/whoever would actually send the key?
So there I am, having exhausted all other possibilities, asking for your help. Any and all suggestions are welcome!
/zoomfiles.net/3dkos
Facebook
Twitter