Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


DirtyDecrypt : how to decrypt the encrypted images

  • Please log in to reply
2 replies to this topic

#1 mihaiciubotaru


  • Members
  • 2 posts
  • Gender:Male
  • Location:Romania
  • Local time:07:21 PM

Posted 22 July 2013 - 02:52 AM

   Hi, I've been attacked by DirtyDecrypt virus but finally I "killed" it. Unfortunately alll my JPG and PDF files are ecrypted now!!!!!!

   Interesting fact: sometimes when I look inside a folder using Windows Explorer with "Medium Icons" some pictures show their content! This means that the image is still inside and can be seen!

   On the other hand when I try to open it using all the available possible programs all I get the virus picture telling me:


           File is encrypted

          This file can be decrypted using the DirtyDecrypt.exe

           Press CTRL+ALT+D to run DirtyDecrypt.exe


          Check the paths:


I tried decrypt_mblblock.exe but all I get is a message telling me that no encrypted file can be found.

What could/should I do next!


BC AdBot (Login to Remove)


#2 mihaiciubotaru

  • Topic Starter

  • Members
  • 2 posts
  • Gender:Male
  • Location:Romania
  • Local time:07:21 PM

Posted 22 July 2013 - 02:57 AM

Forgot to mention: using a hex editor I discovered that the header of the JPG files is corrupt. I tried to use another JPG file's header but it didn't work.

#3 Aaflac


    Doin' Dis 'n Dat...

  • Malware Response Team
  • 2,307 posts
  • Gender:Not Telling
  • Location:USA
  • Local time:11:21 AM

Posted 24 July 2013 - 10:35 PM


Although it is possible to remove the DirtyDecrypt ransomware, there does not appear to be a tool that decrypts the affected files at this time.

If you have a backup, you can restore your files from it.

Be aware that, if you consider paying the ransom, this action is not recommended. When you provide your credit card, or agree to a method of payment, you are at the mercy of whatever amount the malware creators decide on, with the option of assessing additional fees, etc. Also, paying the ransom does not guarantee you will get your files decrypted!!

Old duck...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users