Hi,
I have tried a couple of times to post this.. After being connected to the internet for more than 20 min.. I get the dialog box that started all my problems.. Once, I clicked cancel for more times than I can recall, and the dialog boxes went to the back and I was able to keep typing. But they kept popping up in the background and the computer blue screened.. If I recall, it said the computer was out of memory.. I even posted this thread in the wrong section because I was trying to hurry.. I couldn't figure out how to delete the thread, so I changed it to solved under the General Computer Security.. If there is a way to delete that tread, please do so..
Anyway, on to the how the issue started and where things are at right now.. Yesterday I was on a web site looking at a part for my lawn mower.. When I the problems with my computer began. A dialog box popped up asking to install a Java Update.. Which looked more like an application wanting to install rather than a real Java Update. I clicked cancel about 30 times.. I couldn't do anything else because the dialog caused the screen to fade back and the dialog was the only thing I could click on. and then my antivirus went off.. MSE warned of a program that needed to be cleaned. I clicked clean and then the computer began to shot down.
I rebooted in safe mode, looked at MSE and it have found several files. One was listed as being clened, which was PWS:Win32/Zbot.gen!plock Category: Password Stealer.. The others were quarantined. I told MSE to remove everything and rebooted in to windows normally.
When windows started, I received an error dialog that a file (something).exe.vrs couldn't be found. I looked in the startup folder. Found the file and removed it.. I assume MSE cleaned it and it was just left over. I turned off Wi-Fi, so there was no internet connection and ran another MSE scan. It quarantined a couple more files. I told MSE to remove the files and then I came to this site and began downloading the pre-requisites.. While browsing to this site or any site, I get a dialog box that says Webpage Error.. Do you want to debug this webpage.. It gives a line number and the error on that line.. I click cancel a coupe of times then I am able to see the site.. On some sites, including this one, I see Chinese letters across the top of the pages.. Not all pages, but many.. While downloading DDS and GMER, the computer screen faded to the back, like windows was going to ask about running a program but nothing showed up and the screen was faded gray and I couldn't click on anything. So I tried to the ATL + TAB keys to see if I could see what was running and the computer blue screened. Something about memory..
When I rebooted it ran a scandisk and went back into windows.. I ran another MSE scan and it showed more quarantined files. I told MSE to remove them again and thought I would reboot.. When I clicked on Start Restart, the screen flashed back and forth between several adds, (one was Kroger) then others I couldn't make out, and my desktop.. This flashed back and fourth 3-4 times then the computer shot down..
When it rebooted, I tried running DDS.. It only produced the attached.txt file.. I ran it 5 times, same result, only 1 file.. I rebooted and tried several more times.. The results were the same, only the attached.txt file..
I then ran gmer.. It crashed several times.. It seems to always crash when it reaches MSE files in the Libraries section of the scan.. So I finally just ran it with the alternative options for when you have issues running the normal options.. I did, however, have a successful scan with all the normal options, except with Libraries unchecked.. I am not including this txt file with this post.. I can provide that file if needed..
While typing this.. Several pop ups came up.. Two web pages from C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML and two Notepad files called DECRYPT_INSTRUCTION.TXT..
The test files say:
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/p5ifNa
2.https://paytordmbdekmizq.pay2tor.com/p5ifNa
3.https://paytordmbdekmizq.tor2pay.com/p5ifNa
4.https://paytordmbdekmizq.pay4tor.com/p5ifNa
If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/p5ifNa
4.Follow the instructions on the site.
I'm kind of afraid to reboot my computer.. I have heard of some people getting locked out of their computers by some password that they don't know.. And you guys don't help with password issues like that.. So Looking forward to your help as soon as possible..
I have tried a couple of times to post this.. After being connected to the internet for more than 20 min.. I get the dialog box that started all my problems.. Once, I clicked cancel for more times than I can recall, and the dialog boxes went to the back and I was able to keep typing. But they kept popping up in the background and the computer blue screened.. If I recall, it said the computer was out of memory.. I even posted this thread in the wrong section because I was trying to hurry.. I couldn't figure out how to delete the thread, so I changed it to solved under the General Computer Security.. If there is a way to delete that tread, please do so..
Anyway, on to the how the issue started and where things are at right now.. Yesterday I was on a web site looking at a part for my lawn mower.. When I the problems with my computer began. A dialog box popped up asking to install a Java Update.. Which looked more like an application wanting to install rather than a real Java Update. I clicked cancel about 30 times.. I couldn't do anything else because the dialog caused the screen to fade back and the dialog was the only thing I could click on. and then my antivirus went off.. MSE warned of a program that needed to be cleaned. I clicked clean and then the computer began to shot down.
I rebooted in safe mode, looked at MSE and it have found several files. One was listed as being clened, which was PWS:Win32/Zbot.gen!plock Category: Password Stealer.. The others were quarantined. I told MSE to remove everything and rebooted in to windows normally.
When windows started, I received an error dialog that a file (something).exe.vrs couldn't be found. I looked in the startup folder. Found the file and removed it.. I assume MSE cleaned it and it was just left over. I turned off Wi-Fi, so there was no internet connection and ran another MSE scan. It quarantined a couple more files. I told MSE to remove the files and then I came to this site and began downloading the pre-requisites.. While browsing to this site or any site, I get a dialog box that says Webpage Error.. Do you want to debug this webpage.. It gives a line number and the error on that line.. I click cancel a coupe of times then I am able to see the site.. On some sites, including this one, I see Chinese letters across the top of the pages.. Not all pages, but many.. While downloading DDS and GMER, the computer screen faded to the back, like windows was going to ask about running a program but nothing showed up and the screen was faded gray and I couldn't click on anything. So I tried to the ATL + TAB keys to see if I could see what was running and the computer blue screened. Something about memory..
When I rebooted it ran a scandisk and went back into windows.. I ran another MSE scan and it showed more quarantined files. I told MSE to remove them again and thought I would reboot.. When I clicked on Start Restart, the screen flashed back and forth between several adds, (one was Kroger) then others I couldn't make out, and my desktop.. This flashed back and fourth 3-4 times then the computer shot down..
When it rebooted, I tried running DDS.. It only produced the attached.txt file.. I ran it 5 times, same result, only 1 file.. I rebooted and tried several more times.. The results were the same, only the attached.txt file..
I then ran gmer.. It crashed several times.. It seems to always crash when it reaches MSE files in the Libraries section of the scan.. So I finally just ran it with the alternative options for when you have issues running the normal options.. I did, however, have a successful scan with all the normal options, except with Libraries unchecked.. I am not including this txt file with this post.. I can provide that file if needed..
While typing this.. Several pop ups came up.. Two web pages from C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML and two Notepad files called DECRYPT_INSTRUCTION.TXT..
The test files say:
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/p5ifNa
2.https://paytordmbdekmizq.pay2tor.com/p5ifNa
3.https://paytordmbdekmizq.tor2pay.com/p5ifNa
4.https://paytordmbdekmizq.pay4tor.com/p5ifNa
If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/p5ifNa
4.Follow the instructions on the site.
I'm kind of afraid to reboot my computer.. I have heard of some people getting locked out of their computers by some password that they don't know.. And you guys don't help with password issues like that.. So Looking forward to your help as soon as possible..