Hello ,

All excel/word/zip/pdf are changed as following
Doc1.DOCX.tvmpzfh
Eng..PDF.tvmpzfh
Expenses.XLSX.tvmpzfh

i tried changing extension but no use .File size seems ok like 1.2 MB .

Is this cryptowall virus? i tried uploading file to https://www.decryptcryptolocker.com/ but saying no encrypted file.
In pc3000 raw recovery dont show these files.

Any one faced similar issue or any solution

Thanks in advance

Information on malware known as Ransomware:
http://www.sophos.com/en-us/support/kno ... 19006.aspx

5 stages of crypto-ransomware staying safe:
http://www.sophos.com/en-us/medialibrar ... 000KbqSAAS

_________________
Phoenix Computer Forensic Laboratory
http://www.databack.ir

Had a client with similar issue, theirs was something like .mtvoish

Client was a dealer who eradicated the malware without noting what it was exactly. They said it was "crypto something or other" ... Helpful!

_________________
PC Image Data Recovery
http://www.pcimage.co.uk

New!! HDD-PCB.COM for all your PCB and donor HDD requirements!

Observed 2-3 more cases with same issue.
Virus get removed but Asking 500 or 1000usd to decrypt and asking deposit amount in given bank details which account is unknown .

I'm assuming that you are victim of ransomware called CTB-Locker. For now is no other way than brute force or pay the ransom.

Read this, it's a very helpful guide http://www.bleepingcomputer.com/virus-r ... nformation
and you can decrypt your files using https://www.decryptcryptolocker.com/

This is wrong, of course.

_________________
www.datasave.ro

This will only decrypt files encrypted with CRYPTOLOCKER, it will NOT WORK to decrypt files encrypted with CTB.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

Read this, it's a very helpful guide http://www.bleepingcomputer.com/virus-r ... nformation
and you can decrypt your files using https://www.decryptcryptolocker.com/

Saying sample file is not encrypted..........................................

I told you.
That site will only decrypt files encrypted with cryptolocker, it will not decrypt files encrypted by other ransomware.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.

So right now there's only cryptolocker and CTB?

_________________
Data Recovery in the Dominican Republic
https://www.recuperamidata.com/

And CryptoWall 2.0/3.0

_________________
www.datasave.ro

I think this is only matter of time when other new modification will appear. And I think this will be when CTB-Locker will be busted.