Need Ur help guys... Badly ...asap removing Cryptorbit Ransom virus

Discussion in 'Windows 7' started by ksagar7up, Dec 31, 2013.

  1. ksagar7up

    ksagar7up MDL Novice

    Dec 31, 2013
    2
    0
    0
    HOWDECRYPT.GIF


    All my files videos, pdfs are encrypted and want to gain access to them again pls

    just installed fresh copy of win7.....but still no filei s opening

    help me asap.../

    thanks/./
     
  2. dareckibmw

    dareckibmw MDL Expert

    Jun 16, 2009
    1,172
    1,181
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tnx

    tnx MDL Expert

    Sep 2, 2008
    1,595
    225
    60
    Never seen owt like that before. Looks nasty.

    You say you did a fresh install and it's still the same ?
    This confuses me.
    Are we talking lappy or desktop PC.

    To get my files back I would remove the infected drive.
    Install a new install of Win 7 onto a totally different drive.
    Once up and running plug in your original drive via a hard drive caddy, e-SATA or SATA to usb cable.
    Save all the files you want to the new install.

    Once I knew all my files were safe , using DISKPART I would erase all partitions,volumes etc etc from the original drive.
    Make new ones and format the drive.

    I would then burn my files to DVD-r .

    Do another fresh install onto the original drive.

    Then carefully test my saved files to see if any were at fault.

    You let the virus in, be carefull not to let it in again.

    Sure it's long winded. Couple of hours work but you will have a clean machine back.
     
  4. tnx

    tnx MDL Expert

    Sep 2, 2008
    1,595
    225
    60
    Just read another thread on about this.

    Wow. This is a bad un !!

    I wonder if once the virus hits your files thats it ?
     
  5. tnx

    tnx MDL Expert

    Sep 2, 2008
    1,595
    225
    60
    Tn thinks a bit more about this.

    Surely a virus needs a OS to attach itself to.
    If that OS was not there that virus could not take control of the files.
     
  6. tonto11

    tonto11 MDL Addicted

    Jun 18, 2012
    532
    222
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. tnx

    tnx MDL Expert

    Sep 2, 2008
    1,595
    225
    60
    These tools in my opinion are a total waste of time.

    Sure they will detect a fist full of problems but wont be able to mend then till you buy the full version. By then you think it's a good idea.
     
  8. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,448
    278
    60
    #8 PhaseDoubt, Dec 31, 2013
    Last edited: Dec 31, 2013
    What exactly did you do? A repair install or a complete, full reinstall of the OS? If you wiped the system partition everything would be gone including your user data assuming you accepted the default and store all your user files on C:.

    If your user data is kept on a different partition or drive other than C:, it would not be touched by either a repair install or wipe and reinstall. Again what type of "install" did you do?
     
  9. tonto11

    tonto11 MDL Addicted

    Jun 18, 2012
    532
    222
    30
    #9 tonto11, Dec 31, 2013
    Last edited: Dec 31, 2013
    On reading things over, I now think the approach recommended by dareckibmw , the manual technique is best.
    It's very similar to the one I was forced to use to get rid of the "do searches" malware.
    http://forums.mydigitallife.net/thr...ser-hijacker-through-isafe-virus-removal-tool

    Furthermore it would be interesting to run Hiren's Boot CD, and using it's windows explorer try to extract some of the data files in question.
    to see if they are still intact, or in fact have been encripted

    ...T
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. OldMX

    OldMX MDL Senior Member

    Jul 30, 2009
    416
    137
    10
    If your files are already encrypted then you're screwed, pay for the decrypt key or deal with it and next time get a proper antivirus. Theres no solution for this ransom/encryptionware because you dont have the processing power or the time to break the encryption.
     
  11. tnx

    tnx MDL Expert

    Sep 2, 2008
    1,595
    225
    60
    Here's a thought. Pick one of your files, and see if you can rar it up. See if you can then copy that rar file to a usb stick.

    Do you have a spare hard drive you can install a new OS onto ?

    If so do a fresh install, dont think of this as a perminant install.
    Then copy this rar file into your new test OS and see if it will un rar and open normally.

    If you dont have a spare drive. Rar a file up and upload it to a free share site, give me the link.

    I have a test rig. I will download the file and see what happens when one of your files is on a different system.

    What do you recon ?
     
  12. jabberwocky

    jabberwocky MDL Member

    Aug 28, 2009
    201
    15
    10
    cryptovirus is no ordinary virus ,its evolving every day , it will encrypt alll of your videos, photo , documents , in fact just about every type of media ,and zip.rar files , not only that, it will invade any other pc or storage device you have connected ,the later versions of this "nasty" can even find a way to access and encrypt your online files, (cloud etc.) if you dont believe me just "look it up " , this is possibly the most dangerous virus ever, and its spreading and evolving , there are things you can do to stop it initially ,but once its accessed your pc ,it will be too late . format ,everything and start from scratch , or pay up for the encryption key , be aware the cost of the key goes up tenfold afer a fixed period .
    for a start ,anything you value "backup" then disconnect ,never browse online or open emails with attachments with backup storage connected or you will be f?+*ed.
     
  13. Mutagen

    Mutagen MDL Addicted

    Feb 18, 2013
    579
    121
    30
    Wow, this is scary stuff. So much so that I am now implementing a fourth and offline drive to maintain backup images.

    OP - sorry for your horrible misfortune. As a service to the community, could you tell us how you got this? It appears that opening an email attachment is the most likely method.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. leebo_28

    leebo_28 MDL Senior Member

    Jun 12, 2011
    456
    168
    10
    I use a program called HotSwap! for my "storage/scratch disk" one click in the taskbar and it disconnects/connects it like a hotswap drive. I only enable the drive when i need access to it. doesn't help with your current situation , but may help prevent it in the future