Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptowall 3 question about decrypting files


  • Please log in to reply
2 replies to this topic

#1 the_Flinx

the_Flinx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 31 March 2015 - 07:31 PM

My Dad got Cryptowall 3 recently maybe about a week ago from an email (my guess).

 

I brought his computer home and was able to shutdown most of the virus to allow me to copy off the files he needs from it.

 

Most are infected some are not.

 

I have old copies of some of his files and in at least one case I have a copy of a file that is encrypted and the same file not encrypted. Dates match.

 

I have copies of the EXE and associated files that I could find that infected his computer or are part of the infection. I am not interested in cleaning the computer, as I will be redoing the computer. Combofix caused the computer to blue screen anyways. Yes I know I'm not supposed to use it, I have been using it to clean computers for years now (part of my job).

 

his computer was windows XP Pro, and I have removed the hard drive, I am installing Windows 7 now on another hard drive.

 

My question is, does anyone know if it is possible to obtain a decryption key if I have a copy of an encrypted file and the same file not encrypted?

 

If anyone wants copies of the suspected infecting files I can provide them.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 AM

Posted 01 April 2015 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq.
===

I do not think that your files can be restored.

Read about it.

CryptoWall and HELP_DECRYPT Ransomware Information Guide
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

#3 the_Flinx

the_Flinx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 01 April 2015 - 08:29 AM

I had read an article about someone that had crypto locker and that they were able to get the key because they had an encrypted and unencrypted file. I cannot find the article again and am wondering if someone know how to do this.

 

I have already read that link.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users