salazar_fix

[Jd_bouque]

I have a computer that is infected with malware that has encrypted the files. Malwarebytes detected it as salazar_fix.exe but searching in google finds nothing on it and even searching this forum found nothing.

Any idea about this?

[Aura]

Hi Jd_bouque

Can you upload an encrypted file and a ransom note to ID-Ransomware, and copy/paste the results it returns below?

https://id-ransomware.malwarehunterteam.com/

[Jd_bouque]

Cryakl

This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

• ransomnote_email: salazar_slytherin10@yahoo.com
• sample_bytes: [0x183B7 - 0x183C5] 0x7B454E4352595054454E4445447D

 

Click here for more information about Cryakl

[Aura]

The good news is that Kaspersky have a tool to decrypt files encrypted with Cryakl. The bad one is that it might not work in all situations.

http://media.kaspersky.com/utilities/VirusUtilities/RU/rannohdecryptor.zip?_ga=1.69588624.1814211149.1453294100

What I suggest you to do is back-up a few files, then try to decrypt them with Kaspersky's RannohDecrypter. If it works, then decrypt the other files. If it doesn't and the files ends up corrupted, then you'll have the back ups (even if they are encrypted). Let me know how it goes.

Also see:

https://www.bleepingcomputer.com/forums/t/632234/cryakl-decryption-support/

[Jd_bouque]

I'm trying the kaspersky scanner and it doesn't seem to be working but before I give up on it here is the log

10:50:52.0474 0x0da0  Initialize success
10:51:07.0142 0x1344  Can't get encrypted file path
10:51:07.0142 0x1344  Can't init decryptor
10:51:09.0371 0x0908  Deinitialize success

As soon as I click scan it asks for an encrypted file. I select one that I have the original from a backup and then it asks for the original. I select that and the scanner just stops.

[Aura]

Can you copy/paste the name of an encrypted file (including the extension) here?

[Jd_bouque]

email-salazar_slytherin10@yahoo.com.ver-CL 1.3.1.0.id-@@@@@768B-7001.randomname-QSSUBBDEFGHIKKLNOOQRSTTVWXXZAB.CDE

[Aura]

Let me consult my colleagues which are experts in Ransomware and get back to you  

[Aura]

Well that was quick. Unfortunately, Cryakl hasn't been decryptable for a while now, so it is normal in that case that Kaspersky's decrypter doesn't work.

[Jd_bouque]

thanks for trying

[Aura]

No problem Jd_bouque, you're welcome.

What I suggest you to do is back up your encrypted files somewhere safe, just in case a free decryption solution gets releasted in the future. I would also monitor BleepingComputer's thread on Cryakl and their News Articles as if a decrypter for it is found, you can be sure that it'll be posted over there.

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!