OpenStudy (swag):
Anyone good with computers???? A while back I was hit with a Ransomware virus called "DirtyDecrypt". This virus locked my computer and encrypted 100's of photos and many of my school documents. I have removed the virus itself but all my documents and images remain LOCKED. I have searched for months a way to unlock my files but I am having no luck, I have heard there is a way to manually do it with a Hex Editor but I have no knowledge of how to use one. I really need help because I need to recover all these files. Please let me know if you can help, your assistance would be appreciated.
OpenStudy (swag):
Here is an image of what it looks like when I open a file.
OpenStudy (swag):
OpenStudy (swag):
AGAIN, I DO NOT NEED TO REMOVE THE VIRUS, I ALREADY DID THAT. I just need to find a way to decrypt the files.
OpenStudy (ashleyisakitty):
@Opcode
OpenStudy (swag):
Thanks Ashley
OpenStudy (anonymous):
@thomaster
OpenStudy (anonymous):
i heard thomaster was good with computers
OpenStudy (anonymous):
now wheres my thanks
OpenStudy (anonymous):
give me a medal papi
OpenStudy (anonymous):
lol
OpenStudy (anonymous):
grasias mami
OpenStudy (anonymous):
llama me
OpenStudy (anonymous):
si papi
OpenStudy (anonymous):
claro que si ; p
OpenStudy (anonymous):
que es tu numero?
OpenStudy (dumbsearch2):
I'm also good with computers. I feel for you, bro. It appears that the program overwrited EVERY picture of yours, with that stupid message. It's not real encryption: it's just the virus has corrupted your stuff. I seriously doubt you can restore it, unless if you have backed up your computer. If it was real encryption, you should be able to decrypt it using http://windows.microsoft.com/en-us/windows-vista/encrypt-or-decrypt-a-folder-or-file but I doubt it :| Sorry bro. Try to bring you computer at a place like Staples and see if they can do anything to restore the corrupted files.
OpenStudy (anonymous):
Right-click the folder or file you want to encrypt, and then click Properties. Click the General tab, and then click Advanced. Select the Encrypt contents to secure data check box, and then click OK
OpenStudy (anonymous):
Short version: All your pictures and documents are permanently gone, there is no way to retrieve them without a backup. In-depth version: @dumbsearch2 you are thinking of EFS (Encrypting File System). DirtyDecrypt does actually encrypt the file and overwrite the file as well. You can check if the file you have is encrypted by EFS by running CIPHER.EXE /U /N in command prompt. In this case DirtyDecrypt does not use EFS but instead uses RSA, if you wanted to truly get your files back @SWAG you would need the RSA key, that encrypted the files. According to malware analysts DirtyDecrypt obtains RSA keys from a server and then uses those keys to encrypt the file, it also infects the file's headers with a custom one hence the message. A Hex Editor editor would be of no use since the file is encrypted (and like Sean wrote probably overwritten), unless you have the private key for the RSA but that is stored on a server some where in the world. If anyone is interested in the technically details using ollydbg you can see how the structure of the malware works, including what it type encryption you are working with and such. (There are many different variants of this malware on the internet I would release my finding but they would most likely be irreverent.)
OpenStudy (swag):
@Apprentice So to make a long story short I am screwed?
OpenStudy (anonymous):
Yes, I honestly wish more anti-virus companies paid more attention to this malware, it is quite interesting how it works. Also I am just going to say if people think of this idea a system restore will not help, as far as I know that does not back up any data like documents or pictures. Sorry, @SWAG I hope what you lost was not too valuable.
OpenStudy (swag):
It sort of was. I just wish I could figure out what the user in the video did. they seemed to fix their stuff with the hex editor. but the video is such bad quality that I can not see.
OpenStudy (anonymous):
@dumbsearch2 I do not believe staples could help fix his problem, as far as I know they can remove the malware but any data damage is not fixable by them, I would not spend the money on something you know has little to no chance of working. Personally I believe @SWAG should invest money into a external drive so he can backup his files so this does not happen to him again. I just want to mention this again but the files are not overwritten... They actual data is still in there just that it is now encrypted (RSA). The message when you open the image are a result of the custom header that the malware puts into the file. If you look on MBAM forums you will see that there have been discussions on decrypting the files. (Some successful stories, some not.)
OpenStudy (dumbsearch2):
Good luck @SWAG :)
Join our real-time social learning platform and learn together with your friends!
Bounty:
guys I'm losing all my motivation for school work how can I motivate myself to stop being lazy because even while I'm being on my work it still piles up and
albert14ring:
Can you give me suggestions on the fastest and most organized way to be ready early in the morning to go to school without any confusion or delay? The impor
Twaylor:
how to make good breakfast food ingredients : 1 mother flat bread bananas peanut
lovelove1700:
u00bfA quu00e9 hora es tu clase?Fill in the blanks Activity unlimited attempts left Completa.
glomore600:
find someone says that that one person your talking to doesn't really like you should I take their advice and leave or should I ask the person i'm talking t
Addif9911:
Him I dimmed the light that once felt mine, a glow I never meant to lose. I over-read the shadows, let voices crowd the room where only two hearts shouldu20
EdwinJsHispanic:
Poem to my mom who proved my point "You proved my point, I am a failure. but I kinda wish, you were my savior.