I have Norton 360 and I cleaned a ransomware virus out of my computer using the program but now all my jpg, doc, txt, pdf files are .crypt files. What can I do? Someone please help? Is there a way to decrypt? The files are still in their place, but they cant be opened. Is there a program to decrypt? Has someone had this problem? I have many pdfs that are irreplaceable and jpgs of family and friends that have been crypted. I really need help with this.
I have Norton 360 and I cleaned a ransomware virus out of my computer using the program but now all my jpg, doc, txt, pdf files are .crypt files. What can I do? Someone please help? Is there a way to decrypt? The files are still in their place, but they cant be opened. Is there a program to decrypt? Has someone had this problem? I have many pdfs that are irreplaceable and jpgs of family and friends that have been crypted. I really need help with this.
thank you for responding. i really hope there's something to change the files back to normal. theres has to be something.
You did not mention the virus you removed.
You might want to check this thread that Quads looked into. You will note he was not successfull because the original poster had made changes on his own, making it impossible for Quads to help.
im not sure what the virus was called. the virus was a form of ransomware. it was a block window that said requested that I pay $150 using moneypak to get the pass to decrypt the files. in the taskbar the window was called setsyslog32 and there was a strange yellow symbol that looked either like a T in italics or 7 with a green dot beside it. once I did a scan with norton 360, the window disappeared. but the files are all .crypt files now. ive read that almost every file extension is affected, but for me music and video extensions were not affected at all. after norton worked, i test one or two pdfs and two jpg files.they are all named .jpg.crypt or .pdf.crypt by the way. i tried renaming the .crypt back to .pdf and .jpg but it didnt help. i tried to open these test files using adobe or windows picture gallery and the they said that the files are corrupt.
there was also an email given in the ransomeware window, the email was decryptmeplease@yahoo.com.
i tried the two programs that quad mentioned in that post you referred me to but they didn't work.
I know it is hard to just wait, but please do. It can sometimes take Quads a day to get to things. He is a volunteer after all, just like most of us here.
Quads
YES, it was exactly this window that appeared on my computer. i wish there was a way to fix the files.
I would say you may be very luck in the extreme to get your files back if it's the newest of one of the Ransom families that uses like AES256 to encrypt your files or password archive, For starters people usually need the ID on the top in this case.
I have not come accross someone who has run it yet to try and reverse what it does.
Quads
time will tell?how will i know when a solution is found?
No one I know yet has run the file that installs it (yet) can't find one, but here is another thread http://www.bleepingcomputer.com/forums/topic455347.html
If it turns out to be based on the later ACCDFISA versions or the GPcode(r) series next to no show, or with GPcode(r) No chance, it would take approx 35 to 40 years for a PC to brute force the encryption.
If another family all togeter or based on a earlier ACCDFISA variant ypu have a better chance.
That is why people should have a backup set of the likes of photos and other personal files.
Quads
i really hope someone finds a solution. i will be waiting and checking this forum and the site you listed. i will make sure to keep all those files in the meantime. thank you. if you find out anything eventually, please let me know.
Quads
The OP noted that a virus had been detected and removed. Does the removal cause the encryption to take place? ie if the virus had not been removed would the files still be intact ?
[Edit] After a little bit of research, it looks like someone has almost completely reversed the threat. I'll try to get ahold of him and see if I can work with him. Creating a public decryption tool for this threat would be a great.
Quads wrote:That is why people should have a backup set of the likes of photos and other personal files.
I would just like to second this. Stuff happens. Malware, hard drive failures, power surges, fires, floods and Quads' favorite: earthquakes. If the data on your PC is important, back it up and store the backups on media that is not connected to the PC.
I will now always back up my data. I am also really excited about the recent positive message. I really hope the affects of the virus can be reversed. I will be checking back here for any updates. It seems like this particular virus is becoming common in May. I just told a friend and they said they had the same problem but they just gave up and deleted all of their encrypted files. Thank you to all the posters. I really appreciate it and am looking forward to your updates.
SendOfJive wrote:
Quads wrote:That is why people should have a backup set of the likes of photos and other personal files.
I would just like to second this. Stuff happens. Malware, hard drive failures, power surges, fires, floods and Quads' favorite: earthquakes. If the data on your PC is important, back it up and store the backups on media that is not connected to the PC.
And it would help to be off site. Give an external drive with the backup to your parents or trusted friend. That way if there is a fire, the backup does not get destroyed with the originals.
Online backup can also be an option.
peterweb wrote:Quads
The OP noted that a virus had been detected and removed. Does the removal cause the encryption to take place? ie if the virus had not been removed would the files still be intact ?
Basically as soon as you see the message like the screenshot I posted you files are then encryped seperately or inside an archive.
Quads
Quads wrote:
Basically as soon as you see the message like the screenshot I posted you files are then encryped seperately or inside an archive.
Quads
Thanks for the clarification.