05-31-2012 05:03 PM
I have Norton 360 and I cleaned a ransomware virus out of my computer using the program but now all my jpg, doc, txt, pdf files are .crypt files. What can I do? Someone please help? Is there a way to decrypt? The files are still in their place, but they cant be opened. Is there a program to decrypt? Has someone had this problem? I have many pdfs that are irreplaceable and jpgs of family and friends that have been crypted. I really need help with this.
05-31-2012 05:44 PM
Sorry to hear of your problem.
Wait for Quads to look at this. If you try anything else, he will not be able to help you.
05-31-2012 06:13 PM - edited 05-31-2012 06:14 PM
You did not mention the virus you removed.
You might want to check this thread that Quads looked into. You will note he was not successfull because the original poster had made changes on his own, making it impossible for Quads to help.
05-31-2012 07:02 PM
im not sure what the virus was called. the virus was a form of ransomware. it was a block window that said requested that I pay $150 using moneypak to get the pass to decrypt the files. in the taskbar the window was called setsyslog32 and there was a strange yellow symbol that looked either like a T in italics or 7 with a green dot beside it. once I did a scan with norton 360, the window disappeared. but the files are all .crypt files now. ive read that almost every file extension is affected, but for me music and video extensions were not affected at all. after norton worked, i test one or two pdfs and two jpg files.they are all named .jpg.crypt or .pdf.crypt by the way. i tried renaming the .crypt back to .pdf and .jpg but it didnt help. i tried to open these test files using adobe or windows picture gallery and the they said that the files are corrupt.
05-31-2012 07:19 PM
there was also an email given in the ransomeware window, the email was firstname.lastname@example.org.
i tried the two programs that quad mentioned in that post you referred me to but they didn't work.
05-31-2012 07:31 PM
I know it is hard to just wait, but please do. It can sometimes take Quads a day to get to things. He is a volunteer after all, just like most of us here.
05-31-2012 11:15 PM
I would say you may be very luck in the extreme to get your files back if it's the newest of one of the Ransom families that uses like AES256 to encrypt your files or password archive, For starters people usually need the ID on the top in this case.
I have not come accross someone who has run it yet to try and reverse what it does.