Add-on It is possible to decrypt files encrypted with Trojan.Encoder.10465

Discussion in 'Dr Web' started by omidomi, Apr 15, 2017.

  1. omidomi

    omidomi Level 61
    Trusted AV Tester

    Apr 5, 2014
    Fallout New Vegas :D
    Windows 8.1
    Official Website:
    Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465.

    Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content:

    All your files are encrypted with AESalgorithm!
    For decrypt use this instructions:
    Download tor browser
    Run tor and go to: http://vejtqvliimdv66dh.onion
    Or you can use tor2web services
    in log panel enter your id (CRPTksrjghkrkwkrjthkewVM)
    follow next instructions
    if server is down, try connect later
    locker version 3.0.0
    The id parameter can assume various values on different infected computers.

    If you have fallen victim to this malicious program, follow the recommendations below:

    • do not remove any files from your computer or reinstall the operating system. It is also not recommended to use the infected computer until you get detailed instructions from Doctor Web’s technical support;
    • if you have run an anti-virus scan, do not try to cure or remove the threats that were detected—our technical support specialists may need them during their search for a decryption key;
    • try to remember as much about the circumstances of the infection as possible: this can involve receiving dubious email messages, downloading programs from the Web, or visiting websites;
    • if you have the email message containing the attachment that infected your computer after you opened it, do not remove it—our specialists may need it to identify which version of the Trojan is involved.
    To decrypt files corrupted by Trojan.Encoder.10465, use this special service page on the Doctor Web site.

    Once again, we would like to point out that our free decryption service is only available to users who have purchased commercial licenses for Dr.Web products. Doctor Web cannot guarantee that all of your files will be decrypted successfully. However, our specialists will do their best to recover the encrypted data.
    Danielx64, davisd, XhenEd and 5 others like this.
  2. Arequire

    Arequire Level 18

    Feb 10, 2017
    United Kingdom
    Windows 7
    When you've got organizations like No More Ransom and ID Ransomware giving consumers the ability to decrypt their files for free, forcing them to purchase a license for Dr.Web's products comes across as scummy to me.
    davisd and Danielx64 like this.
  3. Danielx64

    Danielx64 Level 8

    Mar 24, 2017
    Windows 10
    This 100%
    davisd and omidomi like this.
  4. Hanmin147

    Hanmin147 Level 28

    Jul 28, 2014
    Windows 10
    Have to agree that Dr Web seems to be in this for the money whereas other partners of No More Ransom like Kaspersky and more recently Avast provide the decryption for free in exchange for some publicity.
    Danielx64, davisd and omidomi like this.
  5. Amelith Nargothrond

    Mar 22, 2017
    Windows 10
    What's the difference between paying the ransom or paying Dr. Web? Might be the amount of money, but otherwise, no way ethical. This is marketing at the lowest level, something like negotiating with a "black marketer". Very disappointing Dr. Web.
Similar Threads Forum Date
AI Expert: ‘Terminator’ Entirely Possible Technology News Saturday at 4:19 PM
Possible Petya Malware Removal Assistance For Windows Jan 7, 2018
SOLVED Possible virus, please help Malware Removal Assistance For Windows Nov 4, 2017