Jump to content

RSA4096 .crypt ransomware virus infection on windows 7


BTDhero
 Share

Recommended Posts

Hi, I'm new to this forum and I hope I'm doing it right. 

A few months ago, after returning home I found the message from prt.png file on my screen, without being able to do anything. I realised I was hijacked by a ransomware virus and that all my files were encrypted. I got rid of the virus in a few hours,  but my files were still encrypted. Tried some decryptors (from kapersky, tesla, and god knows what other adware I might have installed) but no good results were received. No data recovery company was able to help me. Here are some pairs of files (crypted and original), together with a html document that spawned in every and each folder in my PC.

I found malwarebytes.org, and this solution, and I decided to go for your solution, as I always used Malware antibytes when I was in trouble and this little app got me out of trouble. I will be waiting for some advices, solutions or opinions on this.

Thank you in advance, and sorry if I'm not such a good writer.

Best regards,

BTDhero

Addition.txt

FRST.txt

prt.png

Link to post
Share on other sites

Hello BTDHero.

The ransomware removes itself after they have done their dirty deed.

We have no decryptor.   But I believe others have one or two that you may try.
But first, be sure you make SAVE Backup copies of these documents onto external storage before trying the decryptor.

If you saw *.crypt* in the filename extensions, then this falls under the classification of a CryptXXX ransomware.

Go slow and careful and see if this writeup matches what you are looking at.
and before doing anything, Copy off all your messed-up user files to a clean USB-external-flash drive for safety before you do anything.

Check out articles at Bleepingcomputer
http://www.bleepingcomputer.com/news/security/gomasom-crypt-ransomware-decrypted/

Also check out  
http://support.kaspersky.com/11333#block1

and this  https://support.kaspersky.com/viruses/disinfection/8547

at Kaspersky, see if that fits your situation.

If it happens that what this is, is a version 3 of cryptxxx, there is no known decryptor that I know of.

plus
http://www.bleepingcomputer.com/forums/t/597512/uniquekeydrcom-ransomware-support-topic-adds-crypt-extension-to-files/page-3#entry3895897

I always regret to see anyone be a victim to these types of malicious destructive infections.  The news is never good.
This infection is not a normal type of infection. It is very vicious and has done all the damage already before it even gives you the first clue.
By the time you see the first warning, it is all done & has damaged your personal documents.
If your computer is on a network, physically disconnect it from the network.
There is nothing we can do to restore *the files you did not backup.*

However, I think Kaspersky had a decryptor that may help you out.

 
This infection relies mostly on user execution via opening an attachment from an unknown email source.
We can remove the infection but can't cure or resurrect the corrupted /encrypted documents & files.

 

Note: These ransomwares do disable Windows System Restore and do get all restore points deleted.  They also disable the Volume Shadow Copy service.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.