Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected by virus. Encrypted Files

  • This topic is locked This topic is locked
1 reply to this topic

#1 hoiskarC


  • Members
  • 1 posts
  • Local time:07:22 PM

Posted 06 March 2017 - 06:19 AM


I am infected, and I have lost a lot of my work.

The virus is killed, but how do I get back my files?


Here  is the massage I got from the makers:


vi har kryptert filene dine med Crypt0L0cker virus
Viktige filer (inkludert de på nettverksdisker, USB, etc): bilder, videoer, dokumenter, osv ble kryptert med vår Crypt0L0cker virus. Den eneste måten å få filene tilbake er å betale oss. Ellers vil filene bli slettet.
Forsiktig: Fjerning av Crypt0L0cker vil ikke gjenopprette tilgang til krypterte filer.
For å gjenopprette filene du må betale
For å gjenopprette filene åpne vår hjemmeside http://x5sbb5gesp6kzwsh.mailteam.pl/z7ltf2ve.php?user_code=2vq38m9&user_pass=7503 og følg instruksjonene.
Hvis nettsiden ikke er tilgjengelig kan du følge disse trinnene:
1. Last ned og installer TOR-leseren fra denne linken: https://www.torproject.org/download/download-easy.html.en
2. Etter installasjon starter nettleseren og skriver inn adressen: http://xiodc6dmizahhijj.onion/z7ltf2ve.php?user_code=2vq38m9&user_pass=7503
3. Følg instruksjonene på nettstedet.
Here is an example of a file:
24Fitcampoverskrift_n.jpg.upekeh  (upekeh) is added by the virus
Regard hoiskarC

Edited by hamluis, 06 March 2017 - 11:31 AM.
Added Encryped Files to title - Hamluis.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,051 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 08 March 2017 - 08:40 AM

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with and a variety of factors. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck.

Any files that are encrypted with Crypt0L0cker (TorrentLocker) will have the .encrypted or .enc extension appended to the end of the encrypted data filename and leave files (ransom notes) named DECRYPT_INSTRUCTIONS.TXT, DECRYPT_INSTRUCTIONS.HTML, INSTRUCCIONES_DESCIFRADO.HTML, How_To_Recover_Files.txt, How_To_Restore_Files.txt as explained here. The newest variant of Crypt0L0cker appends a random 6 lower alphabetic character extension (i.e. ,pzekaq, .ixopyw, .izozyn) and leave files (ransom notes) named COMO_RESTAURAR_ARCHIVOS.txt, COMO_RESTAURAR_ARCHIVOS.html, HOW_TO_RESTORE_FILES.HTML as noted here and The Week in Ransomware.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation.

Unfortunately, there is no free solution for decrypting your files. Many victims have reported that Dr.Web was able to assist them with decrypting files...see here.

Policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infectionIf you're not a licensed user for a Dr.Web product you will have to pay for their services (Rescue Pack). Fees may vary depending on the infection and amount of data to be decrypted.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users