Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dirty Decrypt


  • This topic is locked This topic is locked
4 replies to this topic

#1 AnarchistRebel

AnarchistRebel

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 July 2013 - 10:36 AM

I've seen a topic on here about it (http://www.bleepingcomputer.com/forums/t/493322/dirtydecryptexe/) but I don't know where to start and I urgently need direct help.

I was trying to watch a video, and then it told me I needed to download a version of Java Flash or something, and I thought it was an message to "allow" or "deny" using it, and it downloaded to my downloads.  I didn't open it then, but after a bit I opened it after scanning it with Malwarebytes Anti-Malware and IObit Malware Fighter and it said it was clean.  I didn't go along with installing it, but just opened it (I think).  Then a white process type thing popped up and with the words "Dirty Decrypt" or something like that and then disappeared and my whole laptop screen went white.  I restarted the laptop, and I clicked on opening things as soon as the computer started like I usually do, and then the thing flashed again and the screen went white.  This time I went to "Safe Mode" (not with the network) and I seen one of the pictures (I don't have many) with the "Dirty Decrypt" stuff all over it, I didn't read it, but just deleted it.

The program that I downloaded, I'm not sure if it was legit or not, is in the C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup directory along with the "Dropbox", and I deleted it, dragged it to the trash bin, and even used the "shred file" that comes with the Advanced System Care6, and it reappears not even a few seconds afterwards in the same place.

The application name is "YrHXGxkN".  In the property details it says "Copyright © 2013", Application T, T.EXE, Product version 1,0,0,1, 267 KB, French (France) and the last modified time.  So that makes me think it was a legit Java download, I'm just not sure.

Maybe this Dirty Decrypt was caused from all of the music I've downloaded from Piratebay, but it just became apparent after downloading this "application", so I think it is this.

Anyway, while I was in the "Safe Mode", I ran a full system scan with Advanced System Care6 (it also defragged the system), Malwarebytes Anti-Malware, IObit Malware Fighter, and CCleaner which cleaned the registry also.

I then saw a "Read Before" notepad thing with "Dirty Decrypt" in it (I searched it and that showed), so I deleted it.  This was before I knew what was going on, but the name looked suspicious.

I also deleted files in the programs like Conduit and safee and other random files that downloaded with other things that I haven't gotten to (I searched these things on Google to make sure I could delete them).

The scans showed that it fixed and deleted files.

Now when I search "Dirty Decrypt" I don't find anything.

But I just found out about the "regedit" thing, and I tried opening it to see if there were any programs with "Dirty Decrypt" and it opened and instantly closed.  I tried it multiple times.  Also I tried to open the Task Manager, which always worked for me before, and it closed instantly.  Internet Explorer stopped working for me after awhile (it instantly closed), even after redownloading it, so that's not new.  Also my Tor Browser stopped working a few weeks ago (screen is black).  We just got the internet back two days ago, I really hope I could fix this "Dirty Decrypt" thing.  I downloaded the http://housecall.antivirus.com/ thing and the program was just white after download until I closed it.

I run Windows 7 on 64x.

Skype just logged me in as if I was a new member (tutorial).  I guess that's because I tried logging in when I didn't have internet connection on "Safe Mode".  Also it told me to update it, which I did and the screen is just white (with "skype", "home", and "help" at the top).

 

I also looked at these: 

http://www.tomshardware.com/forum/20965-45-help-regedit-opens-immediately-closes

http://blog.teesupport.com/remove-dirtydecrypt-exe-a-lock-down-virus-that-encrypts-files/

 

I can't figure out what to do exactly, if anybody could help me get rid of this "Dirty Decrypt" thing, I would be thankful.

Thank you.


Edited by AnarchistRebel, 25 July 2013 - 10:43 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:17 PM

Posted 25 July 2013 - 11:25 AM

Hello ,can you create a new post with a DDS log per this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 AnarchistRebel

AnarchistRebel
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 25 July 2013 - 04:06 PM

http://www.bleepingcomputer.com/forums/t/502216/infected-with-dirty-decrypt-possibly-more/



#4 Stephen_D

Stephen_D

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 16 August 2013 - 10:35 PM

Hey everyone!

 

So my dad  got hit hard by this virus and lost all of his files. I am atempting to understand how this virus works but since he has deleted the virus from his computer. What I would like to do is infect a virtual machine on my PC so I can understand the encryption algorythm and attemp to break it. Am I allowed to request a copy of the virus VIA pm in a Encrypted RAR file so I can study it? Up to now what I understood from it is that no one can use any tools to decrypt. I would like to try to manually decrypt it see what I can do.

 

Thanks

 

Stephen_D

 

(B.T.W., No thread hijack intended lol)



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,643 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:17 PM

Posted 17 August 2013 - 10:36 AM

Topic Closed new topic was started in MRL and picked up.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users