Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decrypt.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 Pavan V Prabhu

Pavan V Prabhu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 17 July 2013 - 01:33 PM

Hello,

 

This is Pavan and this is the first post in this forum.

 

I have gone through various tools from bleeping computers and have resolved many issues by myself from helpful links in this forum.

Today I need your expertise help.

 

My computer is not infected with Virus. Recently my friend's computer got infected with Virus, he took it to a local shop and they were unable to fix the issue. They reformatted the hard drive and installed windows 7 once again. Later when the tech from local shop reinstated all the backed up data he was unable to open any of the files. All the doc files, pdf files cannot be opened. It comes up with a message "File is encrypted. It can decrypted using only dirtydecrpt.exe".

 

Please povide us the input. Is it he cannot use any of those pdf, doc and jpeg files henceforth.

Is there anytool which will help us in decrypting the files.

 

Your valuable suggestions are needed as some important documents needs to be recovered.

 

I'm not attaching the log as my computer is not infected with virus and even his computer is no more infected as he reformatted the hard drive.

 

Have we lost the file or can it be decrypted?

 

Regards,

Pavan



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 17 July 2013 - 07:43 PM

Hi Pavan,

 

It is highly unlikely that the files can be decrypted at this point.  You can try this:

 

Download decrypt_mblblock.exe to your desktop.
The complete usage instructions and video can be found here.

 

  • If you only have a single hard disk with one partition, the only thing you need to start the tool.
  • Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.
  • Now it will automatically scan your complete hard disk for decrypt the files, when there are encryptes files present it will automatically decrypt those without deleting the encrypted originals.
  • After the decryption check all of the decrypted files if they open properly.
  • Once you verified the files were decrypted properly you can delete the encrypted HTML files.

If you have more than one hard disk or partitions with encrypted files, things a slightly more complicated. To scan and decrypt files on those other hard disks or partitions you will have to pass the additional drives as a command line parameter:

  • While holding down the Windows key now press the R key.5198943264916-Windows_key_R_system_infor The “Run Box” will now appear.
  • In the “Run box” Type in “cmd.exe” and press Enter.
  • The Windows Command Line prompt should show up.
  • You first need to switch into the directory where you downloaded the decryption tool to.
  • This can be done using the cd command: cd /d “<path>”
  • Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:
  • cd /d “C:\Users\Administrator\Downloads”
  • If you did everything right you will see that the command prompt changed slightly and now references the download directory.
  • Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:
  • decrypt_mblblock.exe C:\ D:\ E:\
  • Please be patient while the tool is running, and you may better not use the computer before the tool is ready.

5198944194f7c-decrypt_mblblock-cmd.png

 

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Pavan V Prabhu

Pavan V Prabhu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 18 July 2013 - 12:16 AM

Hi Etavares,

 

Thank you for the response. I have run this tool and it says no active infections found

 

 tqbNNwol.jpg

 

 

This is the image which I get if we open any files. Please let me know if there are any other tools

 

Regards


Edited by Pavan V Prabhu, 18 July 2013 - 12:16 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 18 July 2013 - 08:13 PM

It was worth a shot.  Each key is unique to the computer so there's no way to do it short of restoring from a backup.

 

Sorry about your friend's luck.  I suggest regular backups as the ultimate safety net.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Pavan V Prabhu

Pavan V Prabhu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 20 July 2013 - 02:07 PM

Thanks for the reply Etavares.

 

Surely a lesson learnt. Thanks for helping out here

 

Regards



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 AM

Posted 25 July 2013 - 07:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users