"Police" variant: how do I decrypt text and jpeg files?

[vandy]

Um ... Am I supposed to recap all the stuff you asked for above?

I had my computer cleaned of a version of the Police malware by third-party Office Depot. They were unable to decrypt my tampered files, whose extensions have been appended with .POLICE (example.jpg.POLICE).

Now that the computer is safe, I want to recover my text and photo files. I know this could take a long time, but not all my photos and text files were encrypted. Those that were all have .POLICE on the filenames.

How can I decrypt and rename these (potentially) thousands of files?

 

[Jack]

Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Lets run the below tool and see if we can get your files back:

<span style="color: green; font-size: small;"><>How to disinfect a system</></span>
<ul>
<li>Download<> <a href="http://support.kaspersky.com/downloads/utils/rannohdecryptor.exe">RannohDecryptor.exe</a></>;</li>
<li>Run <>RannohDecryptor.exe</> on the infected host;</li>
<li>A reboot may be required once the utility completes the disinfection.</li>
</ul>
&nbsp;

<><span style="color: green;">How to use the utility</span></>
<ol>
<li>Run <>RannohDecryptor.exe</>.</li>
<li>Click <>Start scan</> to begin the process.

To start the decryption, the utility will ask to indicate path to at least one encrypted file.

<img src="http://support.kaspersky.com/images/support_new/8547-1-en.png" alt="" width="488" height="446" border="0" />

The utility searches for and decrypts encrypted files.

The utility can decrypt files using a single pair – one encrypted file and one decrypted.</li>
<li>By default, the utility log is saved on system disk (the one with the operating system installed).
Log file name is <>UtilityName.Version_Date_Time_log.txt</>.
For example,<> C:\RannohDecryptor.1.1.0.0_02.05.2012_15.31.43_log.txt</></li>
</ol>
Please post this log in your next reply and let me know how is your machine running.

 

[vandy]

Failure. Unable to find uncorrupted copies of encrypted files. I even tried copying from photo cards, but RannohDecrpytor determined they were of unequal file size. Will attempt again tomorrow. Thanks for the initial suggestions, and I hope some other decription option still exists.

 

[Jack]

Lets change the tool and see how this goes.Please follow the instructions from this article: http://www.pandasecurity.com/homeusers/support/card?id=1675&IdIdioma=1
Let me know the results.