Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

How to fix this virus

Nov 15, 2016 6:54AM PST

Hello !
Can somebody help me with this:

What happened to your files ?
All of your files protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 24 hours.
For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.

Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
So right now You have a chance to buy your individual private SoftWare with a low price!

E-MAIL1: rscl@dr.com
E-MAIL2: rscl@usa.com

Please, please!!!!

Discussion is locked

- Collapse -
Answer
All PC users should have read this by now.
Nov 15, 2016 7:02AM PST

"We only lose what we don't backup."

This is why you never go without backups of what you can't lose. I'd factory reset the PC and restore from backups.

You seem to have done prior research so I'll not duplicate the web about possible other recovery.

HOWEVER you didn't name the exact version of this RANSOMWARE. It's not a virus but I understand folk today lump all malware into the term virus even when it's not. There are now dozens of versions of ransomware and without a name (RSA is not the name) you and I can't look for solutions other than a factory reset and restore from backup.

- Collapse -
Ransomware version
Nov 16, 2016 2:10AM PST

How to find out this name? Where I should search or whatever I should do?

- Collapse -
Re: name of ransomware
Nov 16, 2016 2:19AM PST
http://sensorstechforum.com/remove-zeta-ransomware-and-restore-zetadr-com-scl-encrypted-files/ shows it's sometimes shown in the filename of the encrypted files. But, just as well, it can be that it isn't with you.

What to do:
1. Pay (and pray they do what they promise).
2. Accept your loss, go back to factory conditions and accept you lost the data you forgot to backup.
3. Once you know the exact ransomware, use google and such to find out if there might be a way to recover your data yourself (after you removed the malware).
- Collapse -
name of ransomware
Nov 17, 2016 2:48AM PST
- Collapse -
That's not a name I found with google.
Nov 17, 2016 7:50AM PST

That looks more like a mangled email address.

Try posting at bleepingcomputer as well. Read their posting rules and be aware many of these are booby trapped so you know to clone that drive so you can work on the clone.