CryptXXX.ransomware virus ,windows 7..need help

G

Guest001

New Member
Thread author
May 23, 2016
7
i first noticed the infection on 16th may,2016...My wallpaper got changed along with the message ...(All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: ...). Later i tried to decrypt the files by using three removal process described in the forum. I tried kasper key RannohDecryptor.exe but it provided me the message that 'this type of file is not supported..' though I got the same meesage which is similar to 'CryptXXX ransowmare'..
Please help me regarding decrypting my files as all of my file is alreday encrypted by them. They lef the publich documents only. I have tried 'shadow explorer',file recovery software but failed.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
G

Guest001

New Member
Thread author
May 23, 2016
7
TwinHeadedEagle said:
Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Click to expand...
Thanks..i will do the same and provide you both the file today evening as i do not have the affected laptop with me now. It will be really helpful if something comes up,they are aksing for 1080 USD ..
 
G

Guest001

New Member
Thread author
May 23, 2016
7
TwinHeadedEagle said:
Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Click to expand...
Hi Expert,

Please find the attach file for your reference, I did the way you guided. Problem is that,i am trying to download anything from internet (for exp the tool you refered)those then extra internet page automatically opened and it is creating problem to proceed further. Even install java. flash player etc alos coming,are those coming from virus itself ? Thanks a lot for ypur heling hand as i am really in helpless condition... Plesae let me know if i need to provide any motre details to you. As per the hacker, they are going to delete my ID file after 15th june so decryption will not be possible after that.
 

Attachments

  • FRST.txt
    42.8 KB · Views: 4
  • Addition.txt
    39.7 KB · Views: 4
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, your PC is really heavily infected. Let's gather some information first:

FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


When you finish with fix, you will find Upload.zip archive on your Desktop. Please upload it here and give me download linke:

Free large file hosting. Send big files the easy way!
 

Attachments

  • fixlist.txt
    71 bytes · Views: 5
G

Guest001

New Member
Thread author
May 23, 2016
7
Hi,

Please find the file but it did not found the pdf file what i saw from the log.
Only a small file with that personnel id generated message which i am getting in my very folder is being generated
Upload.zip (2.06KB) - SendSpace.com

do you need a file which is being encrypted then i can also send that across to you ?
I am also attaching the message which i am geeting with every affected folder (irecovery).

Thanks again..
 

Attachments

  • Fixlog.txt
    688 bytes · Views: 2
  • !Recovery_11122BD8C45D.txt
    1.7 KB · Views: 5
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, that would be great to send this file to me. This way I can be sure if there is a cure right now for your infected files.
 
G

Guest001

New Member
Thread author
May 23, 2016
7
TwinHeadedEagle said:
Yes, that would be great to send this file to me. This way I can be sure if there is a cure right now for your infected files.
Click to expand...

Hi,

Thanks..I will send a encrypted file to you, please let me know if you need anything else so that i can send that also.
I
 
G

Guest001

New Member
Thread author
May 23, 2016
7
TwinHeadedEagle said:
Unfortunately for this variant there is no solution at the moment.
Click to expand...

No solution..you mean there is no way so that even i can retrieve at least few documents.Any more suggestions please, will it help if provide you one encrypted and the original file before encryption ?

so , should i run the anti malware software and start scanning as no way is there to retrieve files.

I
 

Similar threads

duma
  • Locked
Help to clean my PC after BHGR ransomware
Replies
2
Views
621
Windows Malware Removal Help & Support
nasdaq
nasdaq
blackmonkey445
  • Locked
I tried factory resetting and reinstalling windows using media creation tool and i have no clue what to do
Replies
2
Views
351
Windows Malware Removal Help & Support
nasdaq
nasdaq
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
727
Windows Malware Removal Help & Support
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top