Dirty Decrypt Virus has encrypted all my files!!

[hotboxdp]

I was infected with the FBI & Dirty Decrypt virus. I was able to clean my computer of the virus but am left with almost all my files encrypted (word/excel/pdf/jpg etc.). I tried several online decryption tools without any luck. I see someone else had started a thread to this problem but looks to be abandoned. Please, can anyone help me decrypt and recover all my files?:(

[Starbuck]

Hi hotboxdp and welcome to FPCH.

 

I tried several online decryption tools without any luck.

So that we don't go over old ground...... what decrypting tools have you tried?

[hotboxdp]

Dirty Decrypt

 

First I used Kapersky Rescue Disk Boot CD to clean my computer of the actual FBI/Dirty Decrypt virus. Then I tried Kapersky rannohdecryptor.exe & pandaunransom.exe. Neither worked. Kapersky, when trying to compare a good file to a bad, kept saying the two files were different sizes! Well one is encrypted, the other clean. I would really just settle with paying the bad guys to decrypt my files, but I don't know how to get in touch with them...

[Starbuck]

Hi hotboxdp

 

I would really just settle with paying the bad guys to decrypt my files,

Do you really think that once they have your credit card details, they'd only take the one payment??

 

Let's try this first:

 

Please reboot your computer in Safe Mode with Networking by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  You will need to use the 'keyboard arrow keys' to navigate on this menu.
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Then choose your usual account.
  

 

Now:

Download and save Emsisoft Decrypter to your Desktop.

 

Once the file has been downloaded, double-click on the decrypt_harasom.exe icon to start the program.

If requested, allow the program to run.

 

When the program opens, Click the Decrypt button.

 

If it detects any encrypted files it will decrypt them and save them in their original location.

 

When it has finished, click the Save Log button.

 

Please copy and paste this report in your next post.

 

Thanks.

[hotboxdp]

Looking for active infection ...

No active infection was found!

 

Scanning 1 folder(s):

C:\TEMP

 

Finished!

 

 

BTW: here is what I found posted on Norton's forums:

At the moment the personal files encrypted on the drive(s) seem to be encrypted with RSA , so without the private encryption key decryption by a tool is not available and at this point and not fesible.

Edited July 18, 2013 by hotboxdp

[Starbuck]

Hi hotboxdp

 

At the moment the personal files encrypted on the drive(s) seem to be encrypted with RSA

There are different types of encryption, so obviously different programs to remove them.

Unfortunately with RSA there is a big problem.

I haven't yet found a decrypter that will rectify this problem.

So at the moment it seems the files may be lost.

 

Did you not save a backup of your files?

 

We can check your system and make sure that all of the malware has been removed, but i doubt we can get your files back.

 

I'll keep looking, but don't hold your breath.

Sorry.

Edited July 18, 2013 by Starbuck

[hotboxdp]

Do you think there will ever be a way to decrypt them? It got to every drive on the computer, even my external backup! Thank g-d I remembered that I had a backup disk that I made in January. The newer stuff will be lost until someone comes up with a fix but at least Ive got 90% backup. Thanks for your help. If you come across anything helpful please let me know.

 

 

Edited by Plastic Nev. to remove E mail address to prevent scammers using it.

 

Nev.

[Armageddon]

Hi hotboxdp am sorry you got hit with this I am the one that started the last thread on this ,my friends system got hit with this too and up to now I have not been able to decrypt the files , I think its just hope and wait till someone breaks this

[hotboxdp]

Wait & see...

[Plastic Nev]

Hi hotboxdp I have removed your e mail address from the previous post for your safety, scammers and spammers would use it to target you with all sorts of rubbish.

All you need do is click on "Thread Tools" at the top of this page, then select "Subscribe to this thread" You will then get an e mail notification of any further replies, should there be a useful answer regarding a decrypting tool.

 

Nev.

[hotboxdp]

OK, thanks.