Ransomware infection

[chilly55]

My kids, I am assuming, did something that allowed a ransomware program to infect our family computer. I've not seen this extension before and am looking for help on identifying it. All infected files are typical text or picture files. Each infected file now has the extension

 

.pqeyqzm

 

added to each file.

 

Files are now encrypted by CTB-Locker.

 

Below is the photo file that gives information to acquire a key.

 

 

Any help is appreciated.

 

Bill

Edited September 21, 2014 by chilly55

[securitybreach]

Perhaps: http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

[chilly55]

Thank you. I did a search but wasn't able to locate this particular link. Much more info in just this one link than all of the others I found.

 

Thanks again,

Bill

[securitybreach]

Not a problem Bill and good luck removing the garbage

[goretsky]

Hello,

 

Recommend checking with your anti-malware vendor's technical support department to see if they have a decryptor.

 

Regards,

 

Aryeh Goretsky

[chilly55]

I've been able to recover (backups) or rebuild files that were affected except for 2 important files. For some reason I never backed up an automotive program or my savings bond program. I can rebuild the savings bond file, but the automotive program file is a different story.

 

"Hello,

 

Recommend checking with your anti-malware vendor's technical support department to see if they have a decryptor.

 

Regards,

 

Aryeh Goretsky"

 

I use Malewarebytes to find and delete maleware, but I don't use an active scan program aside from NAV. You think Malewarebytes would have a decryptor? I'll give them a shout and see what they say. Never thought to do this.

 

Thanks again,

Bill

[Guest LilBambi]

What antivirus program are you using? Often they have some anti-malware components even if not as good as Malwarebytes Anti-Malware.

 

But you might want to read this article:

 

http://www.technibble.com/cryptolocker-update/