Question Virus encypted files

[blacky1]

Hello,

I guess this sort of belongs here...
I just caught a very insidious virus. It encrypted all my files and made them .LANSET. So ofcourse they left notepads in which they require payment to get back my files.
So my question is, is there any possibility i can get back this files or is it just waste of time and I should make a full format?
Anybody has experience with this?

Thanks.

 

[ss202sl]

Format and re-install the OS, and restore the files from last backup

 

[Dark Lord of Tech]

Better off making a FULL format to ensure you eradicate the virus.

 

[blacky1]

Format and re-install the OS, and restore the files from last backup

I just did that, copied the important files in "D" and reinstalled the OS.. Still infected

 

[blacky1]

Better off making a FULL format to ensure you eradicate the virus.

Might as well do that...... This should be a lesson to me, how stupid i feel now.

 

[Dark Lord of Tech]

I would , that way you start with a clean slate.

 

[jnsupes]

Yeah, sadly only a full clean format will get rid of it. Even if you only try and save a few files there is a chance the encryption malware is hidden in them. I know it sucks, but its the best way to check.

Even having antimalware and antivirus programs doesn't mean you are necessarily safe from them. It just mitigates some of the risk. Even sticking to completely legitimate website and programs doesn't mean you are safe either. Sites like Forbes have given people viruses through their ads. Some Steam games have tried turning people's systems into crypto mining in the background.

If you have anything such as USB drives connected to your system you will need to do formats of them if they were possibly infected also. In case you were hit with key loggers or other types of viruses (or if that malware had something like that hidden in the program before the encryption) you should look into changing passwords for any accounts you log into also.

 

[jailbreak_or_iHate]

I had to deal with a virus recently, i made a backup of all files, then did a carbon copy clone to a new ssd, downloaded microsoft visual studio code, did random things without regards to consequences since it was a copy and I dont know how to code, and after three days of that and then learning aspects of windows i didnt know existed, was able to recover my files.

faster way is to transfer infected files to an old or throwaway OSX machine and use terminal (which i find to be more easy in terms of language and safety nets...just dont ever type the word "sudo" unless you have to and watched 5 tutorials

 

[jailbreak_or_iHate]

Some Steam games have tried turning people's systems into crypto mining in the background.

isp just couldnt figure out why my DL speed was 1mbps and upload was an incredible 299mbps at all times. After concluding that was not 24/7 only uploading torrents for two weeks straight, i got the whole "reset the router...again...itll work this time" boot loop...i quite literally just wiped my pc and did clean install from another offline machine i keep around (something I highly suggest having as well)

 

[USAFRet]

I had to deal with a virus recently, i made a backup of all files, then did a carbon copy clone to a new ssd, downloaded microsoft visual studio code, did random things without regards to consequences since it was a copy and I dont know how to code, and after three days of that and then learning aspects of windows i didnt know existed, was able to recover my files.

faster way is to transfer infected files to an old or throwaway OSX machine and use terminal (which i find to be more easy in terms of language and safety nets...just dont ever type the word "sudo" unless you have to and watched 5 tutorials

So the fix for an unnamed virus infection is:

Make a full copy of the infected drive
Some random things with VS Code
Full recovery

Alternately:
Some random terminal commands in OSX.


Got it...easy.

 

[ex_bubblehead]

I had to deal with a virus recently, i made a backup of all files, then did a carbon copy clone to a new ssd, downloaded microsoft visual studio code, did random things without regards to consequences since it was a copy and I dont know how to code, and after three days of that and then learning aspects of windows i didnt know existed, was able to recover my files.

faster way is to transfer infected files to an old or throwaway OSX machine and use terminal (which i find to be more easy in terms of language and safety nets...just dont ever type the word "sudo" unless you have to and watched 5 tutorials

And to think I had to spend 4 years earning a software engineering degree when it was actually just that easy

 

[Darkbreeze]

Where's G-unit when you actually NEED the Homer Simpson flaming bowl of milk and cereal animation?

 

[ElectrO_90]

Hello,

I guess this sort of belongs here...
I just caught a very insidious virus. It encrypted all my files and made them .LANSET. So ofcourse they left notepads in which they require payment to get back my files.
So my question is, is there any possibility i can get back this files or is it just waste of time and I should make a full format?
Anybody has experience with this?

Thanks.

Don't download from dodgy sites, especially links from youtube.
Run antivirus software and a firewall.
Malwarebytes is also good to have
Backup important files to another hdd that's not connected to the computer or CLOUD Backup - which is simpler as you normally get 2GB for free.

 

[ElectrO_90]

And to think I had to spend 4 years earning a software engineering degree when it was actually just that easy

You went to the wrong school! You should have just watched youtube for 3 days, you'll know next time

 

[jailbreak_or_iHate]

And to think I had to spend 4 years earning a software engineering degree when it was actually just that easy

I am in medical school (which is hell), and if I could choose again I would have loved to explore software engineering. I’m not claiming to be an expert at all. I just am proud that I fixed something I would have- had I not been on break and had literally no responsibilities- paid someone to do. Then again I have been accused of hAving a one-track mind so I straight obsessed for three days over this and nothing else.

So the fix for an unnamed virus infection is:

Make a full copy of the infected drive
Some random things with VS Code
Full recovery

Alternately:
Some random terminal commands in OSX.


Got it...easy.

You forgot FULL WIPE/clean install/diskpart 01 big red button, and install clean os from a windows boot disk! The. transfer over the stuff you needed. Not rly that bad. (Was for me since I had no idea but hindsight...)

Also, some random terminal codes come from a huge repository of stuff on the homebrew website with detailed, beginner friendly instructions! Plus you can boot into a windows partition to double check if it’s functional! And I think permissions are easier to manage/understand/navigate in iOS (yes) and OSX terminal.

 

[Darkbreeze]

All of that could have been resolved in a single step after getting infected.

Step one: Clean install of Windows.

Step two: Done.

No other steps required or necessary. Especially since nothing on that system could be trusted to not be infected anyhow.

More important, is the idea that if you back things up periodically along the way, every few days or week, you could simply restore a full backup image to a point as close as possible to prior to the infection and not have to worry about any of this.

 

[jailbreak_or_iHate]

More important, is the idea that if you back things up periodically along the way, every few days or week, you could simply restore a full backup image to a point as close as possible to prior to the infection and not have to worry about any of this.

Thank you, I’m super guilty of not doing this.

 

[blacky1]

Thanks everyone for the answers.

Just crossed my mind, windows viruses are not recognized by Linux ) as i read somewhere.)
But now the problem is the encrypted files, not the virus itself, because i formatted the PC.
Anybody thinks if i install Linux, will it recognize those files as legitimate and could find a way to copy them to other machine as "healthy files" ?

 

[AllanGH]

Nope.

Encrypted is encrypted.

Your files are toast.

The time to use Linux was BEFORE the binary got onto your system--ignoring the fact that it never should have gotten in there in the first place. I'm not saying that Linux is completely immune to this kind of thing, but windows is the low-hanging fruit in terms of lack of security.

 

[ElectrO_90]

Your only try at breaking the encryption is to use all ZEROs
If that doesn't work - then you're screwed.

 

[USAFRet]

Thanks everyone for the answers.

Just crossed my mind, windows viruses are not recognized by Linux ) as i read somewhere.)
But now the problem is the encrypted files, not the virus itself, because i formatted the PC.
Anybody thinks if i install Linux, will it recognize those files as legitimate and could find a way to copy them to other machine as "healthy files" ?

The problem here is the encrypted files are the result of being infected, not the infection itself.
Lets suppose you had a text file, where the full contents of it were blacky1.
After the virus got hold of it, the contents of that text file are now @#&ghze.
Remove the 'virus, and the contents of that file is still @#&ghze.
You can't unscramble an egg.

Those files are gone gone gone. Linux, Windows, iOS, BeOS, CP/M, nada. The operating system does not matter.
I suppose if you threw them at a current Cray, and devoted a few decades to it, you might retrieve one file. Maybe.

A $50 external drive and free software would have gotten you 100% recovery.
Smart computer habits would have prevented it from happening in the first place.

 

[King_V]

I just did that, copied the important files in "D" and reinstalled the OS.. Still infected

Um, so, you copied infected files somewhere, then reformatted completely and did a clean OS install, then . . brought those copied those files back?

Unless I'm reading this wrong, you probably re-infected your system.

 

[King_V]

A $50 external drive and free software would have gotten you 100% recovery.
Smart computer habits would have prevented it from happening in the first place.

Not that I want to digress too much, but would having NAS, with mirroring, have avoided this, or would a virus typically migrate to the NAS (ie: is the data on the NAS seen as just more files on the system?)

 

[USAFRet]

Not that I want to digress too much, but would having NAS, with mirroring, have avoided this, or would a virus typically migrate to the NAS (ie: is the data on the NAS seen as just more files on the system?)

Mirrored data, accessible by the OS on the PC, is just as vulnerable. No matter what physical system it lives in, or what OS it is.

In my realm, part/most of the NAS box is seen by the PC's as just another drive letter. PC's are backed up to that every night. They might, in theory, be susceptible to a ransomware attack.

Other parts of the NAS are not seen by the Windows systems at all. Someone would have to compromise the NAS to see that. Not likely.

And still other parts are not even seen by the NAS box, unless and until I manually/physically reconnect it for a weekly backup. For all intents and purposes, they do not exist. Not to the NAS, and especially not to any Windows box.

 

[popatim]

Virus are smart these days and scan the local network looking to spread. A Nas is very vulnerable, esp if there is a drive letter mapped to it, which is why the drives on mine are read-only unless logged into with a non-standard user account. Network discovery is off so a simple network scan won't even show any other PC's. And I still make backups which are taken off-line when done.