Solved

HOW_DECRYPT malware prevents all my pics from being displayed

Posted on 2014-04-15
5
935 Views
Last Modified: 2014-04-20
All of a sudden, none of my pics (mostly jpg) in my picture folders display.  

An error message is generated which says, “Photo Gallery can’t open this picture or video.  This file format is not supported, or you don’t have the latest updates to Photo Gallery”.

In each of my pic folders now reside an icon identified as ‘HOW_DECRYPT’.  The http
address for this icon is:  https://rj2bocejarqnpuhm.browsetor.com/2d93.  The webpage
indicates it is a decrypt service.  I have never clicked ‘Enter’ to go further with it.  I can not
relate to any form of decryption service anyhow.

I have run a complete virus scan (ESET), a complete malware check (SpyHunter), a
complete register check (RegCure), and a maintenance run (Tuneup 1-Click Utilites),
all to no avail.  Oh, some errors were rectified, but nothing that relates to How_Decrypt
and displaying of all my pics.  The issue remains.  

I have the Vista operating system on a HP Pavilion dv9310us laptop.

With Easter coming up, and not being able to display any pics (mostly jpg), can anyone
help me ?  I have thousands of pics being stored and need to ‘free’ them for display,
printing, etc..

Thanks !
0
Comment
Question by:danhrmr
  • 2
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 200 total points
Comment Utility
It sounds like you have been hit with CryptoLocker.  It's an encryption scheme hackers place on all your docs and pics of local and network folders.

There are multiple lines of defense before getting hit:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup
2. Pay the ransom and hope they unlock your files.
0
 
LVL 2

Assisted Solution

by:runleveltech
runleveltech earned 150 total points
Comment Utility
This is a bad one,   Sorry to say that there is no current way to decrypt your files.

Bleeping computer has a program that will fix the previous HOW_Decrypt virus ( 512 & 1024 bit encryptions ) but this new varient has 2048bit encryption and cannot be undone.

 ( take this with a grain of salt,  the files are actually just corrupted in the headers not truly encrypted to Mil-spec cryptogrtaphy) But the result is the same, cant open the files.

Appearantly some people have paid the 300$ and got the decrytion key, but I wouldnt risk it.

This has all the info :  http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

There is a program for varients previous to April 1 2014,

http://www.malwarekillers.com/how-to-decrypt-cryptodefense-files/

can try it out anyway. It did not work for me I tried it on 4 different infected machines.

Best of luck
0
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 150 total points
Comment Utility
I have yet to see recovery from cryptolocker but let me reiterate runleveltech's advice - check this page:  

http://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information

Also the last I looked they were charging 10 bitcoins which translates to about 5053.00 (505.3 dollars/bitcoin) see the dynamic converter on preev.com.  So unless your pictures are worth over $5000 you will not be able to recover them (unless the above works for you).
0
 
LVL 25

Expert Comment

by:Tony Giangreco
Comment Utility
As I mentioned in my advice above, there are only two ways to recover:

1. Pay the ransom
2. Restore from a backup.

Many people have been hit with this. Hope you understand.

Have I answered your question? Anything else?
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Also - although this a "close the barn door after the cow is gone" situation, I highly recommend, when you consider what backup to use, something that uses versioning.  This will allow you to go back several versions if you get hit by something like this and don't realize it immediately.  There are several cloud backup options that have the capabilities - you will need to match them to your needs and pocketbook.

Spideroak
Crashplan
Comodo - I don't have first hand knowledge of this backup option
etc.

Remember anything that is not backed up in at least 2 other places is not important.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now