Using Win7 Home Primium.
On December 2 2019 5:00PM. Attempted to download ImgBurn, looking for open source software to rip an old DVD home movie into an mp4. Had been using MagicISO to convert audio CD files into mp3's and this seemed a natural progression.
As soon as "I decline" on one of the installation options was clicked, the taskbar icon became a weird little 'pixel phone'. No donwload status and all these strange HUD appeared in Italian.
Killed those apps in taskbar but that was too late. Almost every file in documents, downloads and desktop has a .hets extention now. Cannot be accessed. I am hit with a HETS ransomware attack. Thankfully, the public and shared folder files remained untouched.
Have spent all night and day seeking to use Vipre and Malwarebytes to combat the browser hijack popoups and unauthorized installations. The PC seems stable now.
I'm to blame for no backup and malware protection for over 10 days but Shadow Explorer salvaged C: drive files from the 22nd and 30th November. I can take losing a few days work.
The biggest loss is the thumbdrive files which were not backed up.
Is there anyway to retrive them? Performed a command prompt attrib -s -h /s /d *.* but that changed nothing.
I also applied Rescueit to a few HETS txt files but when opened they only displayed oriental characters, not english text. Pictures will not display.
What am I doing wrong (other than not backing up and installing dodgy software) and what can I do to retrieve these thumbdrive files?
Talked to the folks at Paretologic Data Protection Pro which every ransomware page insist will do the job. But they say : "No, unfortunately reports online we can be of assistance with these troubles are False and Unaffiliated with ParetoLogic.
As well, we have seen no indication that Data Recovery programs will be of assistance in these matters unfortunately. These claims are based on the original versions on the Ransomware viruses created a copy of the files, encrypted the copy and deleted the original; deleting the original means it was able to be recovered depending on how the virus was removed.
Unfortunately, new iterations of these viruses do not seem to function in these ways. "
So is this true? Is this the latest data retrieval Holy Grail? Can ransomed files be rescued? Has anyone ever done it and how? Do you know someone who knows someone or is this just another sad love song?
I do seem to have an offline ID that ends in t1.
Thanks for any input.