Hi. After using DBAN on my PC, how do I reinstall my OS? Do I set BIOS to boot from CD to reinstall? or do i just pop the CD in and the rest happens automatically?
Needing to use DBAN now…here is what happened…
I was infected at 11:20 am on December 26, 2018 with GandCrab 5.0.4 with extension QXFCEHV. Many files got encrypted and some files not.
I cleaned/killed the virus with scans from Malwarebytes and Avast, however, I noticed that there appears to be something that tends to return with every restart or boot because I have removed the same file over and over again. Now I see I am not removing it, yet I haven’t restarted either.
Right now I am going through every file to see and a QXFCEHV-DECRYPT.txt file or the ransom note. Prior to understanding this crap a little better, I attempted to reinstall my OS and guess what? I could not as it stated things such as my user profile was missing. I tried to boot into safe mode and I couldn’t, it kept giving me a wrong password message when I would go into safe mode and sign in.
So, right now at this moment, I am trying to recover anything that I can recover. My first recovery run was sort of a test to see if I could do it since it seems that there are things I cannot do. I used Disk Drill once and now I am using EaseUS recovery once. I am going to get an external drive and recover all I can to this drive to hold. Afterward, I am going to contact the PC manufacturer–talk to them–then I’m taking it to be professionally wiped clean and have the OS reinstalled since I cannot do it.
I am praying for a new decryptor soon and until then I have kept those encrypted files so I can decrypt them later. One thing I do know is, no matter how bad something is, there is always someone that can find something to defeat that bad something. Nothing is original, better manipulated and mixed up, but not original. A working decryptor will be released. Reply with anything you’d like to tell me or add.
P.S: I kept all encrypted files and I kept the ransom notes. I did manipulate one file to see what it does and what would happen. It was an encrypted .jpg file of some weeds in a garden I didn’t mean to take. I changed the extensions back and forth. It still not a normal .jpg file and I cannot see the thumbnail but when I open the file I can see the picture just as it was.
If you have the CD, try resetting your system from it. If nothing happens, check the Hard disk boot priority order. The primary configuration should be CD. You can also look for other settings, like the USB HDD, USB key, etc.
Note that you are dealing with notorious ransomware that is not decryptable at the moment. While some versions of GandCrab 5.0.4 are decryptable, numerous people have declared that the decrypter fails to work. It means that they are dealing with the updated version.
To try the decrypter, find it here: this article.
Sincerely, 2-spyware team