Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


help_decrypt laptop infected. Another Win 7 Ultimate installed

  • This topic is locked This topic is locked
1 reply to this topic

#1 Hizuuuu


  • Members
  • 3 posts
  • Local time:02:52 AM

Posted 09 December 2015 - 04:17 PM

Hello all of you masters and non-masters in domain.


My name is Bogdan, and I'm from Romania. For almost a month now I'm trying to undo this nasty situation with the help_decrypt virus.


The story "sounds" like this: I'm an amateur in dealing with others PC's or laptops either reinstalling Windows, helping them to get rid of malwares, trojans, easy or medium viruses, so on and so forth (I guess you got the idea). I've managed to "repair" some friends laptop, and now they gave me this task: to fix a laptop of one of their relative. I was informed it it is encrypted, but who knew what it meant?!? Now I know: every single folder with a picture, song, text file and who knows what else grew in size with 4 new files named help_decrypt, but different extension.


I began with uninstalling unnecessary applications, then I went through regedit, and like an amateur, I've deleted registries including Windows drivers. These actions lead to entering in a repetitive step of loading Windows 7 Ultimate and stuck in that phase. I thought to enter in Safe Mode, and again, it needed to enter, practically in Windows encountering the same situation as the one mentioned before. I found a way to enter in the list of solutions from Windows such as Windows Repair, System Restore at a previous time or from a CD/DVD, cmd, and one or two more solutions. Loosing myself in my actions, I thought radically and decided to install a new version of the same Windows 7 Ultimate. By doing so, I've later on discovered that I lost the opportunity to repair the laptop and remove the virus and establishing "order" in the files.


I've read, lately a lot of websites, but 99% of all them have the same information: Spy Hunter 4, Malwarebytes, and system restore with Shadow Explorer, which was not possible due to the fact that this laptop doesn't had it activated or the virus eliminated it. Later on, I found out that it may be a chance for me by accessing the page decryptcryptolocker.com, where FireEye and Fox IT made a coalition in helping others like me by giving the opportunity of uploading an infected file and typing an e-mail address, and in return to offer a solution. In fact, they may have had that but not anymore.


This long story ends with me begging for help, an advice, something to save those approx. 100 GB of pictures with a 1 and a half years old daughter, one of a kind pictures, and important documents.


Looking forward to hearing from you!



Bogdan (Hizuuuu)

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,771 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:52 PM

Posted 10 December 2015 - 08:09 AM

Please read this topic for important information about SpyHunter.

There are several variants of Cryptowall. CryptoWall 3.0 leaves files (ransom notes) named HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, and HELP_DECRYPT.PNG.

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0, CryptoWall 3.0 & CryptoWall 4.0 is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

There are ongoing discussions in these topics where you can ask questions and seek further assistance.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users