Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

decrypt my files


  • Please log in to reply
9 replies to this topic

#1 mitunath

mitunath

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 04 June 2016 - 05:15 AM

my computer attach to viruse . all jpeg and other file hide . then i formate my pc but not solve my problem.

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:24 AM

Posted 04 June 2016 - 08:36 AM

How did you determine that this is a virus?

 

Have you received any demands of payment to release your files?

 

If there are any message associated with this please post the exact message.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 marjustix

marjustix

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 18 June 2016 - 04:20 AM

I should buy bitcoin to free my file

#4 marjustix

marjustix

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 18 June 2016 - 04:21 AM

How I get back my file or decrypt my files

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:24 AM

Posted 18 June 2016 - 09:08 AM

Please answer my questions.  I can't help you if you don't provide me with the requested information.  I'm trying to determine if you have Ransomware on this computer.  If it is, we need to determine which one it is.  

 

Edit:  Please post any message you have received regarding any demands for payment to have your files decrypted.


Edited by dc3, 18 June 2016 - 09:25 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 cybercynic

cybercynic

  • Members
  • 560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:09:24 AM

Posted 18 June 2016 - 02:06 PM

@mitunath

@marjustix

 

As @dc3 indicated, without more information, we cannot help you in this forum.

 

I suggest that each of you upload an encrypted file and the ransom note here: https://id-ransomware.malwarehunterteam.com/

 

This website will help you indentify your ransomware and give you guidance on what to do next.


Edited by cybercynic, 18 June 2016 - 02:09 PM.

We are drowning in information - and starving for wisdom.


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:24 AM

Posted 18 June 2016 - 02:18 PM

@cybercynic

 

Once we determine that they have ransomeware I will have the topics moved to the Ransomeware Tech Support forum here at Bleeping Computer.  Demonslay335 is the creator of the ID Ransomware website, they are also one of our Security Colleagues here at Bleeping Computer.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 cybercynic

cybercynic

  • Members
  • 560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:09:24 AM

Posted 18 June 2016 - 02:21 PM

OK, I'll leave this in your hands. Please note that this ALREADY appears in the Ransomware Tech Support forum (on my computer). That's why I posted. 


Edited by cybercynic, 18 June 2016 - 02:32 PM.

We are drowning in information - and starving for wisdom.


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:24 AM

Posted 18 June 2016 - 03:16 PM

It was not posted there this morning.  But I did send a PM to one of our members of the ransomeware tech support members earlier today, so they may have moved these.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:24 AM

Posted 18 June 2016 - 04:20 PM


Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .mp3, .enc, .enigma, .encrypted, .encrypt, .ded, .lock, .locked, .css, .zyklon, .bloccato, .kimcilware, .crypto, _crypt, .crypt, .cryp1, .crypz, .crypted, .crypt38, .crinf, .pzdc, .good, .R16M01D05, .cerber, .fun, .kkk, .btc, .gws, .porno, .payransom, .payms, .paymst, .AFD, .paybtcs, .epic, .eclr, .sshxkej, .73i87A, .p5tkjw, PoAr2w, .6FKR8d, .rtyrtyrty, .surprise, .tzu, .coverton, .krypted, .r5a, .XTBL, .YTBL, .LOL!, .OMG!, .RDM, .RRK, .RAD, .encedRSA, .encryptedRSA, .encryptedAES, .justbtcwillhelpyou, .canihelpyou, .btc-help-you, .only-we_can-help_you, .crjoker, .cRh8, .CODE, .EnCiPhErEd, .fileiscryptedhard, .KEYZ, .KEYH0LES, .silent, .zcrypt, .akaibvn, .8lock8, .777, .Z81928819, .umbrecrypt_ID_[victim_id], .LeChiffre, .keybtc@inbox_com, ._cryptcryptcrypt.@.gmail.com_, .id_<victim_id>_email_zeta@dr.com.scl, .<id-number>.<email>.CrySiS, .odcodc, .0x0, .1999, .H3LL, .bleep, .fu*k (f**k), .vault, .HA3, .frtrss, .toxcrypt, .magic, .locky, _sq.<filename>, .k2p, .Sanction, .SUPERCRYPT, .SPORT, .cwgoqia, .trun, .xrtn, .Remind, .CTBL, .CTB2, or 7 length extension consisting of random characters such as .uogltic, .rpyxhhm, .mtrsxox, .phszfud?

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. They typically are found in every directory where data was encrypted. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file.

These are some examples of ransom note names:
HELP_DECRYPT.TXT, DECRYPT_INSTRUCTION.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt, HELP_YOUR_FILES.TXT
HELP_FILE_[random number/letter].HTML, install_tor.url, ATTENTION.RTF, !!!-WARNING-!!!.html
READ_IF_YOU_WANT_YOUR_FILES.html, README_FOR_DECRYPT.txt, READ!!!!!!!!!!.ME.txt, README!!.TXT
ReadMe.txt, Read.txt, Read_it.txt, READ_IT.txt, README1.txt-README10.txt, README_IMPORTANT.TXT
IMPORTANT READ ME.txt, File Decrypt Help.html. ReadDecryptFilesHere.txt, Coin.Locker.txt 
YOUR_FILES.HTML, YOUR_FILES.url, encryptor_raas_readme_liesmich.txt, Help_Decrypt.txt, CRIPTOSO.KEY
HELP_RESTORE_FILES.txt, HELP_RECOVER_FILES.txt, HELP_TO_SAVE_FILES.txt, ABOUT_FILES!.txt
HOW_TO_DECRYPT_FILES.TXT, HOW TO DECRYPT FILES.TXT, RECOVERY_KEY.TXT, READ TO DECRYPTIONS_.txt
_secret_code.txt, DECRYPT_ReadMe.TXT, BLEEPEDFILES.TXT, AllFilesAreLocked_.bmp, WHAT IS SQ_.txt
FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, IHAVEYOURSECRET.KEY
SECRET.KEY, SECRETIDHERE.KEY, HELP_DECYPRT_YOUR_FILES.HTML, README_DECRYPT_UMBRE_ID_[victim_id].txt
help_decrypt_your_files.html, RECOVERY_FILES.TXT, RECOVERY_FILE.TXT, RECOVERY_FILE_[random].txt
Howto_RESTORE_FILES_.txt, Howto_Restore_FILES.TXT, howto_recover_file_.txt, HELP_TO_SAVE_FILES.txt
how_recover+[random].txt, _how_recover_.txt, restore_files_.txt, recover_file_[random].txt
recover_files_[random].txt, recovery_file_[random].txt, help_recover_instructions+[3-random].txt
_H_e_l_p_RECOVER_INSTRUCTIONS+[3-random].txt, help recover files.txt, Recovery+[5-random].txt
_ReCoVeRy_+[5-random].txt, _recovery_+cryptolocker, Recovery_[5-random].txt, RECOVERY.TXT 
RECOVER+[random].TXT, RECOVER[5-random].TXT, _rEcOvEr_[5-random].txt, +REcovER+[5-random]+.txt
+-HELP-RECOVER-+[5-random]-+.txt, {RecOveR}-[5-random]__.txt, -!RecOveR!-[5-random]++.txt, 
-!recover!-!file!-.txt, How_To_Recover_Files.txt, How_To_Restore_Files.txt, HOW_TO_RESTORE_FILES.txt
DECRYPTION_HOWTO.Notepad, Encrypted_Files.Notepad, _DECRYPT_INFO_[random].html, DECRYPT.TXT
WHATHAPPENDTOYOURFILES.TXT, DecryptAllFiles_.txt, DecryptAllFiles.txt, README_FOR_UNLOCK.txt
HELP_YOUR_FILES.HTML, HELP_YOUR_FILES.TXT, YOUR_FILES_ARE_LOCKED.txt, Readme.txt, MENSAGEM.txt
Comment débloquer mes fichiers .txt (How to unlock my files.txt), HELP_DECRYPT_YOUR_FILES.HTML
HOW_TO_DECRYPT_FILES.HTML, HELP_FOR_DECRYPT_FILE.HTML, README_HOW_TO_UNLOCK.txt, encryped_list.txt
de_crypt_readme.txt, !(hex-id).html, !Recovery_<id-number>.html, _Locky_recover_instructions.txt
Read Me (How Decrypt) !!!!.txt, [infction date]-INFECTION.TXT, enigma.hta, enigma_encr.txt
YOUR_FILES_ARE_ENCRYPTED.TXT, READ_IT.txt, READ_THIS_TO_DECRYPT.html, Decrypt All Files akaibvn.txt 
UNLOCK_FILES_INSTRUCTIONS.html, _HELP_INSTRUCTIONS.txt, DECRYPT_INSTRUCTIONS.TXT, Help Decrypt.html
LEGGI QUESTO FILE.txt, UNLOCK_FILES_README.txt, How_to_decrypt_your_data.txt, READ_THIS_FILE.txt
readthis.txt, How to decrypt files.html, DECRYPT MY FILES#.txt, Hacked.txt, YourID.txt, README.html
cryptinfo.txt, filename.extension.encrypted.How_To_Decrypt.txt, !!!README!!!<ID>.rtf, ATTENTION.url

Note: The [random] represents random characters which some ransom notes names may include.
As already noted by cybercynic, you can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users