Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware - .encrypted file extension


  • Please log in to reply
4 replies to this topic

#1 Rodjon

Rodjon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 20 August 2014 - 09:03 AM

Hi All,

 

I hope I'm posting my ransomware problem in the right place.  I stupidly opened an email with a ziped file which contained an .exe file (which looked credible from our local postal authority) and now all my user files have been encrypted and all have ".encrypted" file extensions. In the task manager I can see a program runnig called CryptoLocker hower I have not seen the ransom demand screen as other victims have.

 

I suspect that the ransom demand is being blocked from opening by the Trend Micro AV. Additonally when I tried t upload an infected file into the FireEye CryptUnlocker it returned a message saying "The file does not seem to be infected by CryptoLocker. Please submit a CryptoLocker infected file."

 

I would be most gratful for any assitance in decrypting my files as it has also infected my back-up  storage drive files and contains both business and personal files.

 

Thanks



BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 AM

Posted 20 August 2014 - 10:30 AM

You may be infected with this:

http://www.bleepingcomputer.com/forums/t/544555/zerolocker-a-new-destructive-encrypting-ransomware/

Do you have a C:\ZeroLocker folder?

#3 Rodjon

Rodjon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 20 August 2014 - 05:53 PM

I've checked the C: drive and I don't have a C:\ZeroLocker folder.



#4 jongar38

jongar38

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 24 September 2014 - 10:33 PM

I have the same infection.  All personal files have extension of .encrypt.  I've scoured the web and have not found anything that will decrypt them, yet.  If/when I find one, I'll followup with you.  Please let me know if you find a decrypter that works for you.  It appears Fire eye has the technology to create one, but hasn't gotten around to it yet. Good luck.  
 
~jon
 
P.s.  HitmanPro was able to remove the virus for me, but did not decrypt files. Link to the article here:
hxxp://malwaretips.com/blogs/remove-police-trojan

Edited by quietman7, 25 September 2014 - 05:47 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:23 AM

Posted 25 September 2014 - 05:49 PM

@ jongar38

Instructions for posting advice in Am I Infected

Posting referral links to non-Bleeping Computer malware removal guides is NOT permitted with the exception of well known security vendors like Kaspersky, Symantec, etc which sometimes release specialized fix tools with instructional documentation. This is because there are far too many untrustworthy and scam sites which mis-classify detections or provide misleading information and poor removal advice. It is impractical for our staff to monitor and review all such guides for accuracy, therefore, we will not permit members helping others to refer to any of them.


For this reason your link has been disabled.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users