IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Working On A Windows 7 64-BIT OS Computer, where I had a client that had an Encryption Virus (RSA 4096 .ONION Source?), that encrypted all of his files, with the .CRYPT extension on most of his Files. I believe I completely removed all forms of the Virus from his computer. But still as for his files, they are still encrypted and He cannot open them. I tried to use System Restore/Shadow Copy, And A Program that would take me back to previous restore points when the files were not infected, However the restore dates are not helping because they are all post the infection, there are no other restore points.. From My research I don't really see a clear remedy on how to decrypt these files, and restore their original functionality other than extremely expensive decryption DATA recovery services, Any suggestions?
I am Marie Curie and will gladly help you with any malware-related problems.
The .crypt extension may be caused by several different ransomware families. We need to identify the ransomware, before I can estimate if those files can be decrypted.
Please send me a ransom note, an encrypted file and possible malware files.
I suspect that this is a CryptXXX infection. That also means that the affected computer is seriously infected with another malware called Bedep, which delivers CryptXXX.
For decryption of the encrypted files, you may be lucky by using Kaspersky's tool.
Open Settings and choose drive types (removable, network or hard drive) for scanning. Don't check the "Delete crypted files after decryption" option until you are 100% that decrypted files open properly.
Click the Start scan link. You may have to choose and encrypted .crypt file and its original counterpart (depending on the CryptXXX version). If that's the case, try to find a file pair that is big in size.
After that RannohDecryptor starts searching for all other files with .crypt extension and tries to decrypt all files.
Curie!! IT WORKED, IT DECRYPTED EVERY ONE OF THEM!; Me, and my Friends Can't Thank You enough!!;; THANK YOU, THANK YOU, THANK YOU , THANK YOU, THANK YOU , THANK YOU!!!!!
I truly appreciate your Effort 1000000% I only hope I can help others in the way you helped us! THANK YOU!!
You are welcome, JoeyG. I am very happy that your files could be rescued, because this is not possible with the majority of ransomware infections. You were lucky that this family has a flaw in their encryption procedure, which my colleagues could use to create a decrypter.
The computer is most likely still infected. Let me know if you want a cleanup as well (I would recommend to reformat, though, considering the nature of infection).
Wow, that's what I kept hearing, "You'll never get them back"
I've done multiple Full Complete Root Scans with Malwarebytes, And Norton Power Eraser and they did find multiple viruses on the first three scans, the last three scans have been totally clean.
I agree with you about the reformat, however the gentleman's who's computer it is has so many various programs and data, and Outlook mail (Grrrr) program, that a OS And Program complete Reinstall would be possibly multiple days down.. My next plan was to back up his clean data, and then remove all if the .CRYPT files, and then install Carbonite or another online back up program..
The backup plan is definitely a good plan. I think you should get the system checked for remnants of the malware. It wouldn't hurt.
It is up to you and the owner of the computer.
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!