Jump to content

My pc ecriptado by cryptorlocker , .encrypted extension


Recommended Posts

I am a victim of this evil , all my files are encrypted with the extension ( .encrypted ) . I have removed all possible sources of infection not being more vulnerable . But I want to recover my files.

 

is attached files requested

I have removed all possible sources of infection not being more vulnerable . But I want to recover my files

Addition.txt

FRST.txt

scan_160528-063558.txt

Link to post
Share on other sites

Hello,

It may not be possible to decrypt the encrypted files.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
SearchScopes: HKU\S-1-5-21-157887246-1380453022-816234722-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Sem Nome -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Nenhum Arquivo
2016-05-26 13:12 - 2016-05-28 06:57 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\1
2016-05-25 14:17 - 2016-05-25 14:17 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\iss3961.tmp
2016-05-25 14:17 - 2015-07-04 22:43 - 00116880 _____ (InstallShield Software Corporation) C:\Users\Administrador\AppData\Local\Temp\set3819.tmp
2016-05-25 13:55 - 2016-05-25 13:55 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\{b1f82be2-a679-4588-a99e-c7c5a89d3ce1}
2016-05-24 01:56 - 2016-05-26 13:38 - 26754499 _____ C:\Users\Administrador\AppData\Local\Temp\~GDBSAVE.ST2
2016-05-24 01:56 - 2016-05-26 13:38 - 26751973 _____ C:\Users\Administrador\AppData\Local\Temp\~GDBSAVE.ST1
2016-05-24 01:00 - 2016-05-26 10:42 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\7773178
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Downloads\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Documents\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Desktop\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\ntuser.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Documents\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Documents\Default.rdp.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Desktop\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\chrome_installer.log.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\B57E.tmp.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\AV-10772-11-0.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\AdobeSFX.log.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\A74B.tmp.How_To_Decrypt.txt
2016-05-22 18:47 - 2016-05-22 18:47 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\24C5.tmp.How_To_Decrypt.txt
2016-05-22 18:43 - 2016-05-22 18:43 - 00000610 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:42 - 2016-05-22 18:42 - 00000610 _____ C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:32 - 2016-05-22 18:32 - 00000610 _____ C:\Program Files (x86)\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:31 - 2016-05-22 18:31 - 00000610 _____ C:\Program Files\desktop.ini.How_To_Decrypt.txt
2016-05-17 00:07 - 2016-05-26 00:26 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\4
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...