Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with decrypt_mblblock.exe


  • This topic is locked This topic is locked
20 replies to this topic

#1 JackOfSomeTrades

JackOfSomeTrades

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 21 May 2013 - 06:48 PM

I've removed the mbl ransomware from my computer, and everything is fine except I'm still currently stuck with the encrypted files, which have .html added at the end. As far as I can tell, decrypt_mblblock.exe by Emsisoft is exactly what I need, yet when I go to run it, it just opens the window with the starting information and sits there without actually doing anything whatsoever. I've tried to research this as best I can, looked for multiple versions of directions on how to use the thing, yet I can't figure out how to make the thing function. Please help.

 

Thank You



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 22 May 2013 - 08:28 PM

Here's the most recent directions

Download decrypt_mblblock.exe to your desktop.
The complete usage instructions and video can be found here.
  • If you only have a single hard disk with one partition, then only thing you need to do is start the tool.
  • Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.
  • Now it will automatically scan your complete hard disk for encrypted files, when there are encrypted files present it will automatically decrypt those without deleting the encrypted originals.
  • After the decryption check that all of the decrypted files open properly.
  • Once you have verified that the files were decrypted properly you can delete the encrypted HTML files.
  • If you have more than one hard disk or partitions with encrypted files, things get slightly more complicated. To scan and decrypt files on those other hard disks or partitions do the following:
  • While holding down the Windows key now press the R key.5198943264916-Windows_key_R_system_infor The Run Box will now appear.
  • In the Run box Type in cmd.exe and press Enter.
  • The Windows Command Line prompt should show up.
  • You first need to switch into the directory where you downloaded the decryption tool to.
  • This can be done using the cd command: cd /d <path>
  • Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:
    cd /d C:\Users\Administrator\Downloads
  • If you did everything right you will see that the command prompt changed slightly and now references the download directory.
  • Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:
    decrypt_mblblock.exe C:\ D:\ E:\
  • Please be patient and refrain from using the computer for other tasks while the tool is running
5198944194f7c-decrypt_mblblock-cmd.png


Tell me how you get on
Posted Image
m0le is a proud member of UNITE

#3 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 24 May 2013 - 09:41 PM

Thank you for your response, I've tried all that but basically it opens the window and does everything up to where it actually starts decrypting and listing the files...I've run it with cmd.exe as well as double-clicked, as I only have one partition I need to scan, I just don't know what to do to make it run. It is Windows 7 home edition btw, 64 bit.



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 25 May 2013 - 06:21 PM

Please try this new version

http://tmp.emsisoft.com/fw/decmblblock.exe
Posted Image
m0le is a proud member of UNITE

#5 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 28 May 2013 - 11:20 AM

Thank you very much for your help, but the issue is still unresolved as of now. I have tried that newest version of your decrypter and all it told me was no active infection was found. As I understand it, I have already removed any "active infection," but I need the decrypting of the files I have left over. Can you tell me if there is anything I can do to get the decrypting program to run and decrypt the files that currently have ".html" added to the end?



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 28 May 2013 - 08:16 PM

I am going to contact the developer of the tool for some advice. Hold on
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 29 May 2013 - 05:56 PM

Can you send me one of the files which is failing to decrypt

Please click here

Copy/paste the topic URL and then browse to the file

Then click Send File.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 31 May 2013 - 09:02 PM

I have a member of the company who wrote the decrypt program who is happy to check one of your files to see why the decrypt is failing.

I will have to close this tomorrow if you do not reply.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 01 June 2013 - 08:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 04 June 2013 - 07:32 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#11 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 06 June 2013 - 01:36 PM

I have sent in a docx file that has .html added at the end, thank you so much for your assistance.



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 08 June 2013 - 07:53 PM

The file has been analysed and the updated version available here should work


Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 PM

Posted 11 June 2013 - 07:09 PM

Are you still with me, JackOfSomeTrades?
Posted Image
m0le is a proud member of UNITE

#14 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 12 June 2013 - 04:58 AM

I'm with you, sorry, was out of town yet again, thank you so much for your assistance. Will be able to try that new version shortly.



#15 JackOfSomeTrades

JackOfSomeTrades
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 12 June 2013 - 05:09 AM

It appears to be functioning. I have yet to be able to check any of the files but I'm very optimistic. Thank you so much for your diligent assistance! I will update you when I have the chance to go through and check the files. I appreciate your help so much.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users