Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


HOW_DECRYPT malware prevents all my pics from being displayed

Posted on 2014-04-15
Medium Priority
Last Modified: 2014-04-20
All of a sudden, none of my pics (mostly jpg) in my picture folders display.  

An error message is generated which says, “Photo Gallery can’t open this picture or video.  This file format is not supported, or you don’t have the latest updates to Photo Gallery”.

In each of my pic folders now reside an icon identified as ‘HOW_DECRYPT’.  The http
address for this icon is:  https://rj2bocejarqnpuhm.browsetor.com/2d93.  The webpage
indicates it is a decrypt service.  I have never clicked ‘Enter’ to go further with it.  I can not
relate to any form of decryption service anyhow.

I have run a complete virus scan (ESET), a complete malware check (SpyHunter), a
complete register check (RegCure), and a maintenance run (Tuneup 1-Click Utilites),
all to no avail.  Oh, some errors were rectified, but nothing that relates to How_Decrypt
and displaying of all my pics.  The issue remains.  

I have the Vista operating system on a HP Pavilion dv9310us laptop.

With Easter coming up, and not being able to display any pics (mostly jpg), can anyone
help me ?  I have thousands of pics being stored and need to ‘free’ them for display,
printing, etc..

Thanks !
Question by:danhrmr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Accepted Solution

Tony Giangreco earned 600 total points
ID: 40002727
It sounds like you have been hit with CryptoLocker.  It's an encryption scheme hackers place on all your docs and pics of local and network folders.

There are multiple lines of defense before getting hit:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup
2. Pay the ransom and hope they unlock your files.

Assisted Solution

runleveltech earned 450 total points
ID: 40002729
This is a bad one,   Sorry to say that there is no current way to decrypt your files.

Bleeping computer has a program that will fix the previous HOW_Decrypt virus ( 512 & 1024 bit encryptions ) but this new varient has 2048bit encryption and cannot be undone.

 ( take this with a grain of salt,  the files are actually just corrupted in the headers not truly encrypted to Mil-spec cryptogrtaphy) But the result is the same, cant open the files.

Appearantly some people have paid the 300$ and got the decrytion key, but I wouldnt risk it.

This has all the info :  http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

There is a program for varients previous to April 1 2014,


can try it out anyway. It did not work for me I tried it on 4 different infected machines.

Best of luck
LVL 30

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 450 total points
ID: 40003965
I have yet to see recovery from cryptolocker but let me reiterate runleveltech's advice - check this page:  


Also the last I looked they were charging 10 bitcoins which translates to about 5053.00 (505.3 dollars/bitcoin) see the dynamic converter on preev.com.  So unless your pictures are worth over $5000 you will not be able to recover them (unless the above works for you).
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003974
As I mentioned in my advice above, there are only two ways to recover:

1. Pay the ransom
2. Restore from a backup.

Many people have been hit with this. Hope you understand.

Have I answered your question? Anything else?
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 40003998
Also - although this a "close the barn door after the cow is gone" situation, I highly recommend, when you consider what backup to use, something that uses versioning.  This will allow you to go back several versions if you get hit by something like this and don't realize it immediately.  There are several cloud backup options that have the capabilities - you will need to match them to your needs and pocketbook.

Comodo - I don't have first hand knowledge of this backup option

Remember anything that is not backed up in at least 2 other places is not important.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question