help.decrypt
#1
a friend mine told his laptop is attacked by a hacker by installing a virus named "help.decrypt"
and after it is affected his mails are marked as spam and all his potos documents files are gone and he is unable to recover it
any one help me in this regard mate
thanks and regards

he told me it is cryptowall 3.0 virus and he deleted it but his files are lost and he wants to recover it
help me please mates
Reply
#2
I don't want to hurt your feelings and throws you're hopes down
But
it's basically screwed bad
the virus is indeed can be destroyed and removed, but not the files..it's ruined
well at least that's what i know until these very moment some good souls with better brains are working to cure this...still working....still...working
Reply
#3
thanks for the kind reply mate
hope to see any more positive reply mate
Reply
#4
NOTE: Tell your friend to stop using the HDD, explained below.

Recovering files? Not possible (sort of), unless your friend pays, in most cases people do receive the decryption key, but sometimes they don't.

http://nabzsoftware.com/types-of-threats/cryptowall-3-0
(long reading, but might prove useful) http://www.bleepingcomputer.com/virus-re...nformation
https://malwaretips.com/blogs/remove-cry...3-0-virus/

Regarding the file decryption, according to some websites, including kaspersky lab, the crypyowall will actually make a copy of the targeted files encrypt the copy and delete the original ones, the articles mention that it's possible to recover the original files (the supposed copies) with a deleted file recovery tool. But of course, if new files have been written on the disk, the chances of recovering the deleted ones, are much lower.

System Restore - This can actually solve the problem, or use the Previous Version windows feature.

will update with some more stuff
Reply
#5
System Restore only works if...IF....you're created the restore point prior before the Infections..which is for some peoples tends to forget to.
as for now the method to recovering the files is mostly(if I cannot say all) a Bogus.
you can try to pays for it but seriously?

the attempt to decrypting the encryptions the ruined files is still in progress by ton's of peoples including the Big Companies R&D, unless there was an officials announcement about it..put a grain...no.. put a whole bag of salt into it.
Reply
#6
I also had a friend with the same problem. This is a virus wich modifies the files's binary (you have no guarantee that the files are encrypted, because the encryptation with a 512bit key would take a loong time and a lot of CPU). As about recovering the files... Less chances <0.00000001 Sad
DON'T even think to enter the websites provided in HELPDECRYPT.TXT as they are fake and they'll ask for money. Confused
Reply
#7
(Nov 17, 2015, 09:23 am)Picklock Wrote: System Restore only works if...IF....you're created the restore point prior before the Infections..which is for some peoples tends to forget to.
as for now the method to recovering the files is mostly(if I cannot say all) a Bogus.
you can try to pays for it but seriously?

the attempt to decrypting the encryptions the ruined files is still in progress by ton's of peoples including the Big Companies R&D, unless there was an officials announcement about it..put a grain...no.. put a whole bag of salt into it.

Please don't come here giving lectures, provide useful methods that can/may solve the problem. Plus, doesn't do any harm to try them.

"System Restore only works if...IF....you're created the restore point prior before the Infections..which is for some peoples tends to forget to." and by any chance you know if the "friend" actually forgot to create one? I'll presume you don't know, still, it's a method that works, if the conditions are favorable.

"as for now the method to recovering the files is mostly(if I cannot say all) a Bogus." this isn't a bogus, if the Cryptowall truly creates a copy, encrypts the copy BUT leaves the original ones intact, then it is possible to recover the deleted original files.
Reply
#8
cryptowall doesn't creates a copy
it modified the files it self, in how it do it in an instance when it infected, no one actually know for exactly how until this moment, lot's of theory and speculations out there and none can give any proof or examples how it have been done that's why the attempt to rectify it is still in progress.

System Restore may or may not became a method only if the precautions is made, what it's really need is a cure.

other peoples may throws that so called "useful methods that can/may solve the problem" to the thread and some sort of "Hopes" but I choose to give the reality of the case, it always need someone to give the glimpse about how Grim this problems actually was.

heck any body can give hopes but few that can actually Let It Go...
pun intended
Reply
#9
So let's put the theory to the test, and see the results.

I am not here to give hopes to anybody, I am here to give solutions, and that is what I'm trying to do, instead of just giving up on the subject and letting go.

And once again, we cannot live our lives based on theories, eventually we'll have to put them to the test and actually see if we manage to prove that indeed those theories were right.

Perhaps I should replicate the problem and test the theory myself? The results might be surprising.
Reply
#10
Well, in this case I can only assume the fact: there is no solution (at least, a certified one).
@Picklock, how will System Restore help? (I am asking because I don't know..)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [split] help.decrypt jamieross 1 10,346 Mar 02, 2016, 18:55 pm
Last Post: stormium



Users browsing this thread: 1 Guest(s)