HOW_DECRYPT malware prevents all my pics from being displayed

Posted on 2014-04-15
Last Modified: 2014-04-20
All of a sudden, none of my pics (mostly jpg) in my picture folders display.  

An error message is generated which says, “Photo Gallery can’t open this picture or video.  This file format is not supported, or you don’t have the latest updates to Photo Gallery”.

In each of my pic folders now reside an icon identified as ‘HOW_DECRYPT’.  The http
address for this icon is:  The webpage
indicates it is a decrypt service.  I have never clicked ‘Enter’ to go further with it.  I can not
relate to any form of decryption service anyhow.

I have run a complete virus scan (ESET), a complete malware check (SpyHunter), a
complete register check (RegCure), and a maintenance run (Tuneup 1-Click Utilites),
all to no avail.  Oh, some errors were rectified, but nothing that relates to How_Decrypt
and displaying of all my pics.  The issue remains.  

I have the Vista operating system on a HP Pavilion dv9310us laptop.

With Easter coming up, and not being able to display any pics (mostly jpg), can anyone
help me ?  I have thousands of pics being stored and need to ‘free’ them for display,
printing, etc..

Thanks !
Question by:danhrmr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 25

Accepted Solution

Tony Giangreco earned 200 total points
ID: 40002727
It sounds like you have been hit with CryptoLocker.  It's an encryption scheme hackers place on all your docs and pics of local and network folders.

There are multiple lines of defense before getting hit:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup
2. Pay the ransom and hope they unlock your files.

Assisted Solution

runleveltech earned 150 total points
ID: 40002729
This is a bad one,   Sorry to say that there is no current way to decrypt your files.

Bleeping computer has a program that will fix the previous HOW_Decrypt virus ( 512 & 1024 bit encryptions ) but this new varient has 2048bit encryption and cannot be undone.

 ( take this with a grain of salt,  the files are actually just corrupted in the headers not truly encrypted to Mil-spec cryptogrtaphy) But the result is the same, cant open the files.

Appearantly some people have paid the 300$ and got the decrytion key, but I wouldnt risk it.

This has all the info :

There is a program for varients previous to April 1 2014,

can try it out anyway. It did not work for me I tried it on 4 different infected machines.

Best of luck
LVL 27

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 150 total points
ID: 40003965
I have yet to see recovery from cryptolocker but let me reiterate runleveltech's advice - check this page:

Also the last I looked they were charging 10 bitcoins which translates to about 5053.00 (505.3 dollars/bitcoin) see the dynamic converter on  So unless your pictures are worth over $5000 you will not be able to recover them (unless the above works for you).
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40003974
As I mentioned in my advice above, there are only two ways to recover:

1. Pay the ransom
2. Restore from a backup.

Many people have been hit with this. Hope you understand.

Have I answered your question? Anything else?
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40003998
Also - although this a "close the barn door after the cow is gone" situation, I highly recommend, when you consider what backup to use, something that uses versioning.  This will allow you to go back several versions if you get hit by something like this and don't realize it immediately.  There are several cloud backup options that have the capabilities - you will need to match them to your needs and pocketbook.

Comodo - I don't have first hand knowledge of this backup option

Remember anything that is not backed up in at least 2 other places is not important.

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question