Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer infected with Ransomeware virus


  • Please log in to reply
6 replies to this topic

#1 azharssm

azharssm

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 18 March 2014 - 05:41 AM

when i download a crack folder from internet, and i extracted it , and i double clicked crack .exe nothing happened, then next day i started my computer , a message was displayed

Your files are locked and encrypted with a
unique RSA-1024 key!
To regain access you have to obtain the
private key (password).
++++++++++++++++++++
To receive your private key (password):
Go to http://u5ubeuzamg54x5f3.onion.to
and follow the instructions.
You will receive your private key (password)
within 24 hours.
Your ID# is 28403489
If you can't find the page, install the Tor
browser (https://www.torproject.org/
projects/torbrowser.html.en ) and browse to
http://u5ubeuzamg54x5f3.onion
++++++++++++++++++++
BEWARE - this is NOT a virus.
The ONLY way to unlock your files/data is
to obtain your private key (password) or
you may consider all your data lost.
You have just 5 days before the private key
(password) is deleted from our server,
leaving your data irrevocably broken.
++++++++++++++++++++
LOCKED ON POSSESSION OF COPYRIGHTED
MATERIAL AND SUSPICION OF
(CHILD)PORNOGRAPHIC MATERIAL.



,,
now i cant access my files such as songs , videos, pictures, documents, text files, i am very afraid of this, because i have many important documents, all the files last name is now .LOCKED , example: my family.jpg.LOCKED,

please help me guid me, i am very afraid of this,

Edited by quietman7, 18 March 2014 - 10:10 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:18 AM

Posted 18 March 2014 - 10:08 AM

Most likely a variant of Cryptolocker or CryptorBit .

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack program.

A repository of all current knowledge regarding CryptorBit and HowDecrypt is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptorBit and HowDecrypt Information Guide and FAQ

There is also a lengthy ongoing discussion in this topic: HowDecrypt or CryptorBit Encrypting Ransomware - $500 USD Ransom Topic.

Since these infections are so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions or comments in one of those topic discussion.

Thanks
The BC Staff


BTW, the practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk which can turn a computer into a malware honeypot or zombie.

* File Sharing, Piracy, and Malware
* Software Cracks: A Great Way to Infect Your PC
* TrendMicro Warning
* Keygen and Crack Sites Distribute VIRUX and FakeAV
* University of Washington spyware study
* Bad Web Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Using these types of programs or the websites visited to get them is very likely how your computer got infected!!
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 26,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:18 AM

Posted 19 March 2014 - 01:48 PM

I see you solved the issue yourself but you're not sharing that information:

http://www.bleepingcomputer.com/forums/t/528030/i-found-the-way-to-decrypt-all-ransome-encrypted-files/

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#4 azharssm

azharssm
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 21 March 2014 - 07:06 AM

Finally got the solution for decrypt ransomeware encrypted files..!! (SORRY FOR MY ENGLISH)
There Are Two Softwares for it :   1:  Kaspersky Xorist decrypter ( it is did for me, it decrypted all .LOCKED files like  (doc,docx,jpeg,and video files and other all, )  download it from any website it is free, search in google and download, it is only 601 KB!!!!!!!  and open it and scan it will scan whole computer it takes about 45 minutes for me, and it will create  a new version of our file,  but .LOCKED files will not deleted ,  we need to delete all .LOCKED files from our computer, type .LOCKED in search bar. and delete it.
second software is 2: kaspersky rectordecryptor ( it did not work for me , i think it is for another type of ransomeware )
Sure it will decrypt all encrypted files!!!!!!!!!!!
 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:18 AM

Posted 21 March 2014 - 09:04 AM

There are various types of ransomware and different tools available to deal with specific infections only.

Kaspersky Virus-fighting utilities includes several fix tools for some types of ransomware such as:
  • XoristDecryptor is designed to deal with Trojan-Ransom.Win32.Xorist, Trojan-Ransom.MSIL.Vandev - XoristDecryptor ransomware which encrypts files with numerous extensions.
  • RectorDecryptor is designed to deal with Trojan-Ransom.Win32.Rector ransomware which encrypts files with extensions .jpg, .doc, .pdf, .rar.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 sakmsb123

sakmsb123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 18 June 2014 - 02:52 AM

XoristDecryptor -- this works for the error message:-- it decrypts and creates new files of all the locked files....

 

Your files are locked and encrypted with a
unique RSA-1024 key!
To regain access you have to obtain the
private key (password).
++++++++++++++++++++
To receive your private key (password):
Go to http://u5ubeuzamg54x5f3.onion.to
and follow the instructions.
You will receive your private key (password)
within 24 hours.
Your ID# is 28403489
If you can't find the page, install the Tor
browser (https://www.torproject.org/
projects/torbrowser.html.en ) and browse to
http://u5ubeuzamg54x5f3.onion
++++++++++++++++++++
BEWARE - this is NOT a virus.
The ONLY way to unlock your files/data is
to obtain your private key (password) or
you may consider all your data lost.
You have just 5 days before the private key
(password) is deleted from our server,
leaving your data irrevocably broken.
++++++++++++++++++++
LOCKED ON POSSESSION OF COPYRIGHTED
MATERIAL AND SUSPICION OF
(CHILD)PORNOGRAPHIC MATERIAL.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:18 AM

Posted 18 June 2014 - 12:41 PM

Are you posting that for information purposes or are you also having issues?
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users