How to reinstall Cryptolocker?

[MobileGeeks]

Hi guys,

I got a call from a new company today that has been infected with the cryptolocker virus

There backups are not so fantastic and shadow copy was not enabled. I think they will have to pay the $300 to get everything back.

I did removed the virus to begin with, Is there a place where i can re download and infect the same machine again? That way i can get them to pay and problem solved.

Thanks,

 

[NYJimbo]

Before you do that image the drive. It might not work that you just "reinstall" the virus and call them with the $300. It might be a different version of the infection or it might see a remnant of itself and not go through the infection->encryption->ransom process or the install might fail and you will totally corrupt everything.

 

[FoolishTech]

The folks at Kernelmode.info seem to think that reinfecting won't work as it will use a different key. This has been asked there several times with the same answer.

 

[donte10]

Hi guys,

I got a call from a new company today that has been infected with the cryptolocker virus

There backups are not so fantastic and shadow copy was not enabled. I think they will have to pay the $300 to get everything back.

I did removed the virus to begin with, Is there a place where i can re download and infect the same machine again? That way i can get them to pay and problem solved.

Thanks,

How did you initially remove the virus? I had this same problem... The client used malwarebytes to remove the virus but the files remained encrypted. Shadow copy was off and they didn't have any backups. So I had to 'restore' the infected objects using the restore option in malwarebytes and then paid the ransome. This worked in decrypting the files. Then I ran cleaners and removers to remove the infection. Added the crypto preventer tool by foolish tech. Then backed up.

Try restoring the infection with the program you used to remove it.

 

[MobileGeeks]

Thanks for the reply's guys.

The client was so freeked out she called the police because she was being held for ransom.

I managed to get some stuff back from backup, and currently now doing a full reinstall of SBS 2011, backup and format of 5 desktops at her request.

A lot of work against my advice, however the client is the boss!


Thanks for the reply's.

 

[cypress]

Thanks for the reply's guys.

The client was so freeked out she called the police because she was being held for ransom.

I managed to get some stuff back from backup, and currently now doing a full reinstall of SBS 2011, backup and format of 5 desktops at her request.

A lot of work against my advice, however the client is the boss!


Thanks for the reply's.

I can imagine she must have been scared when she first saw. But you're right in the end She pays the bills!

 

[johnrobert]

I hope they made an arrest
I guess this one comes from Russia

 

[JustInspired]

Hi guys,

I got a call from a new company today that has been infected with the cryptolocker virus

There backups are not so fantastic and shadow copy was not enabled. I think they will have to pay the $300 to get everything back.

I did removed the virus to begin with, Is there a place where i can re download and infect the same machine again? That way i can get them to pay and problem solved.

Thanks,

Look for the image file that CryptoLocker set as the default wallpaper. This usually has a URL on it that will direct you to the file you need.

Check out my pic here:
http://www.technibble.com/forums/attachment.php?attachmentid=3433&d=1382015878

 

[HFultzjr]

Read this thread:

http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/

Very Looooong! But well worth the read. They seem to be the leader in cryptolocker info.

+ it's interesting to follow.

 

[FremontPC]

As I understand it, even if you get the original .exe, if you've exceeded the initial countdown, you're boned.