Ransomware PLEASE HELP

ap123456 · ‎05-31-2012

I have Norton 360 and I cleaned a ransomware virus out of my computer using the program but now all my jpg, doc, txt, pdf files are .crypt files. What can I do? Someone please help? Is there a way to decrypt? The files are still in their place, but they cant be opened. Is there a program to decrypt? Has someone had this problem? I have many pdfs that are irreplaceable and jpgs of family and friends that have been crypted. I really need help with this.

peterweb · ‎04-17-2008

Welcome

Sorry to hear of your problem.

Wait for Quads to look at this. If you try anything else, he will not be able to help you.

Things happen. Export/Backup your Identity Safe data.

ap123456 · ‎05-31-2012

thank you for responding. i really hope there's something to change the files back to normal. theres has to be something.

peterweb · ‎04-17-2008

You did not mention the virus you removed.

You might want to check this thread that Quads looked into. You will note he was not successfull because the original poster had made changes on his own, making it impossible for Quads to help.

http://community.norton.com/t5/Norton-Internet-Security-Norton/locked-files-west-yorkshire-police-vi...

Things happen. Export/Backup your Identity Safe data.

ap123456 · ‎05-31-2012

im not sure what the virus was called. the virus was a form of ransomware. it was a block window that said requested that I pay $150 using moneypak to get the pass to decrypt the files. in the taskbar the window was called setsyslog32 and there was a strange yellow symbol that looked either like a T in italics or 7 with a green dot beside it. once I did a scan with norton 360, the window disappeared. but the files are all .crypt files now. ive read that almost every file extension is affected, but for me music and video extensions were not affected at all. after norton worked, i test one or two pdfs and two jpg files.they are all named .jpg.crypt or .pdf.crypt by the way. i tried renaming the .crypt back to .pdf and .jpg but it didnt help. i tried to open these test files using adobe or windows picture gallery and the they said that the files are corrupt.

ap123456 · ‎05-31-2012

there was also an email given in the ransomeware window, the email was decryptmeplease@yahoo.com.

i tried the two programs that quad mentioned in that post you referred me to but they didn't work.

peterweb · ‎04-17-2008

I know it is hard to just wait, but please do. It can sometimes take Quads a day to get to things. He is a volunteer after all, just like most of us here.

Things happen. Export/Backup your Identity Safe data.

Quads · ‎07-21-2008

Quads

ap123456 · ‎05-31-2012

YES, it was exactly this window that appeared on my computer. i wish there was a way to fix the files.

Quads · ‎07-21-2008

I would say you may be very luck in the extreme to get your files back if it's the newest of one of the Ransom families that uses like AES256 to encrypt your files or password archive, For starters people usually need the ID on the top in this case.

I have not come accross someone who has run it yet to try and reverse what it does.

Quads