Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Troyan win32/tescrypt.H Waiting for solution to decrypt files


  • This topic is locked This topic is locked
6 replies to this topic

#1 willy1978

willy1978

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Argentina
  • Local time:03:14 AM

Posted 03 March 2016 - 03:56 PM

Hello, I need help please. all my files were encrypted to .MP3

I have a laptop HP DV6 Pavilion, Windows 7 home Premium.

i copy and paste all encrypted files to an external hard disk.

Then i used de Recovery Manager to bring my PC to Original Settings.

And i run the Windows live essentials antivirus on PC and on External Hard disk and Removed the Troyan Virus, as shown on the attached file, is a print screen of the antivirus report.

I cant open any of the encrypted files.

Please somebody help me to recover my files.

Thank you very much.

Sory my english, i m from Argentina.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 03 March 2016 - 05:31 PM

Hello

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.
 

 

 

 

Currently, there is no way of decrypting TeslaCrypt 3.0 .xxx, .ttt, .micro, or .mp3 variants since they use a different protection/key exchange algorithm, a different method of key storage and the key for them cannot be recovered. The .xxx, .ttt, micro and .mp3 variants do not have a SharedSecret*PrivateKey so they are not supported by the current version of TeslaViewer....see Post #751 by BloodDolly.

 

@All
The current state of decryption of TeslaCrypt 3 (.xxx, .ttt, .micro) is still the same, we can't recover any of the 7 private keys right now.
...
I have to ask you to stop sending me PMs with a link to encrypted files by TeslaCrypt 3. I am still working on this problem and I will be working on it.
 
For the future decryption of your files you need only encrypted files, so you can format your system, etc. because everything important is already in the header of encrypted files.

If infected with any of these extensions, backup all your encrypted files and wait for solution.

 

If a solution becomes available it will be in this topic:

http://www.bleepingcomputer.com/forums/t/605185/teslacrypt-30-xxx-ttt-micro-mp3-support-topic/


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 willy1978

willy1978
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Argentina
  • Local time:03:14 AM

Posted 03 March 2016 - 06:34 PM

Hi fireman4it, thank you for your answer. I understand that i have to follow your instructions until you say we finish, its all clean. So i m ready to it.

i ll be waiting for your next answer, and i hope with steps to start to fixing my problem.

i have allready backup all my encrypted files in an external hard drive.

Thank you again for your help.

Willy



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 06 March 2016 - 10:36 AM

You realize at this time there is no fix for those encrypted files?  I can take a look at your computer now and make sure there is no further infection still left on your computer if you would like me to do so?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 willy1978

willy1978
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Argentina
  • Local time:03:14 AM

Posted 06 March 2016 - 11:29 AM

I realized that there is no solution. So if in the future it apears, please let me know. Thanks you anyway, but i format my PC. And will wait for solution with my encrypted files on a backup. For your time and your atention, thank you very much.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 06 March 2016 - 12:07 PM

Make sure you check this topic. If a solution becomes available it will be posted here.
http://www.bleepingcomputer.com/forums/t/605185/teslacrypt-30-xxx-ttt-micro-mp3-support-topic/

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:14 AM

Posted 07 March 2016 - 10:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users