FBI virus with encryption of MS docs

computercenterhanover · Oct 1, 2013

Hi Group: working on a buisness customer that has all his word & excel files encrypted by the FBI virus. I have removed the virus ok but still can not de-crypt his data. Any sugestions? thanks

Paiva · Oct 1, 2013

You need to login to view this posts content.

Myrrh · Oct 1, 2013

I had one of these a few days ago. As far as I have been able to determine, it's a strong encryption with the key stored on the server owned by the author of the virus.

Hope they have a good backup.

sid_16 · Oct 2, 2013

You need to login to view this posts content.

EFA11 · Oct 2, 2013

You need to login to view this posts content.

Myrrh · Oct 2, 2013

Before wiping my Customer's drive and reinstalling from the recovery media, I grabbed a copy of the partition just in case in the future a method of decryption is found.

So I will check out this new information and see if I might actually be able to retrieve anything.

EFA11 · Oct 2, 2013

Myrrh said: ↑

Before wiping my Customer's drive and reinstalling from the recovery media, I grabbed a copy of the partition just in case in the future a method of decryption is found.

So I will check out this new information and see if I might actually be able to retrieve anything.
Click to expand...

I am interested to hear the results. Good luck.

computercenterhanover · Oct 2, 2013

I have tried useing the decrypt_mblock.exe in the link above with no sucess. I did download spyhunter and that sucessfully removed the virus but not the encryption of the files. I sent them an email and they sent the same info in the above post. No sucess I have informed customer they are out of luck. I also saved the encrypted files if a future solutio comes out..

FBI virus with encryption of MS docs

computercenterhanover MDL Novice

Paiva MDL Developer

Myrrh MDL Expert

sid_16 MDL Giveaway Organiser

EFA11 Avatar Guru

Myrrh MDL Expert

EFA11 Avatar Guru

computercenterhanover MDL Novice