HOW_DECRYPT malware prevents all my pics from being displayed

Posted on 2014-04-15
Medium Priority
Last Modified: 2014-04-20
All of a sudden, none of my pics (mostly jpg) in my picture folders display.  

An error message is generated which says, “Photo Gallery can’t open this picture or video.  This file format is not supported, or you don’t have the latest updates to Photo Gallery”.

In each of my pic folders now reside an icon identified as ‘HOW_DECRYPT’.  The http
address for this icon is:  https://rj2bocejarqnpuhm.browsetor.com/2d93.  The webpage
indicates it is a decrypt service.  I have never clicked ‘Enter’ to go further with it.  I can not
relate to any form of decryption service anyhow.

I have run a complete virus scan (ESET), a complete malware check (SpyHunter), a
complete register check (RegCure), and a maintenance run (Tuneup 1-Click Utilites),
all to no avail.  Oh, some errors were rectified, but nothing that relates to How_Decrypt
and displaying of all my pics.  The issue remains.  

I have the Vista operating system on a HP Pavilion dv9310us laptop.

With Easter coming up, and not being able to display any pics (mostly jpg), can anyone
help me ?  I have thousands of pics being stored and need to ‘free’ them for display,
printing, etc..

Thanks !
Question by:danhrmr
  • 2
  • 2
LVL 25

Accepted Solution

Tony Giangreco earned 600 total points
ID: 40002727
It sounds like you have been hit with CryptoLocker.  It's an encryption scheme hackers place on all your docs and pics of local and network folders.

There are multiple lines of defense before getting hit:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup
2. Pay the ransom and hope they unlock your files.

Assisted Solution

runleveltech earned 450 total points
ID: 40002729
This is a bad one,   Sorry to say that there is no current way to decrypt your files.

Bleeping computer has a program that will fix the previous HOW_Decrypt virus ( 512 & 1024 bit encryptions ) but this new varient has 2048bit encryption and cannot be undone.

 ( take this with a grain of salt,  the files are actually just corrupted in the headers not truly encrypted to Mil-spec cryptogrtaphy) But the result is the same, cant open the files.

Appearantly some people have paid the 300$ and got the decrytion key, but I wouldnt risk it.

This has all the info :  http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

There is a program for varients previous to April 1 2014,


can try it out anyway. It did not work for me I tried it on 4 different infected machines.

Best of luck
LVL 31

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 450 total points
ID: 40003965
I have yet to see recovery from cryptolocker but let me reiterate runleveltech's advice - check this page:  


Also the last I looked they were charging 10 bitcoins which translates to about 5053.00 (505.3 dollars/bitcoin) see the dynamic converter on preev.com.  So unless your pictures are worth over $5000 you will not be able to recover them (unless the above works for you).
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003974
As I mentioned in my advice above, there are only two ways to recover:

1. Pay the ransom
2. Restore from a backup.

Many people have been hit with this. Hope you understand.

Have I answered your question? Anything else?
LVL 31

Expert Comment

by:Thomas Zucker-Scharff
ID: 40003998
Also - although this a "close the barn door after the cow is gone" situation, I highly recommend, when you consider what backup to use, something that uses versioning.  This will allow you to go back several versions if you get hit by something like this and don't realize it immediately.  There are several cloud backup options that have the capabilities - you will need to match them to your needs and pocketbook.

Comodo - I don't have first hand knowledge of this backup option

Remember anything that is not backed up in at least 2 other places is not important.

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question