36 lines
1.5 KiB
Markdown
36 lines
1.5 KiB
Markdown
# cryptowallFileFinder
|
|
This program creates a txt for easy backup restoration of files infected with cryptowall. The program depends on the decrypt instrucitons left behind by cryptowall.
|
|
|
|
For example, if you have two folders on your desktop that contain the following files:
|
|
folder1
|
|
DECRYPT_INSTRUCITON.TXT
|
|
DECRYPT_INSTRUCTION.lnk
|
|
DECRYPT_INSTRUCTION.HTML
|
|
myfile.txt
|
|
myOtherFile.txt
|
|
folder2
|
|
DECRYPT_INSTRUCITON.TXT
|
|
DECRYPT_INSTRUCTION.lnk
|
|
DECRYPT_INSTRUCTION.HTML
|
|
myThirdFile.txt
|
|
myFourthFile.txt
|
|
|
|
The program will do the following:
|
|
1. It will create a txt containing:
|
|
folder1path\myfile.txt
|
|
folder1path\myOtherFile.txt
|
|
folder2path\myThirdFile.txt
|
|
folder2path\myFourthFile.txt
|
|
2. It will delete the following files:
|
|
folder1\DECRYPT_INSTRUCTION.TXT
|
|
folder1\DECRYPT_INSTRUCTION.lnk
|
|
folder1\DECRYPT_INSTRUCTION.HTML
|
|
folder2\DECRYPT_INSTRUCTION.TXT
|
|
folder2\DECRYPT_INSTRUCTION.lnk
|
|
folder2\DECRYPT_INSTRUCTION.HTML
|
|
|
|
Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (not usb or network drives). This functionality can be easily added if needed just ask me. It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
|
|
|
|
|
|
Download the whole repository with the ruby source code. Clicking start.bat will scan all local drives and place a txt in this directory.
|