How to unlock files from encrypted Malware

I have been on a computer that has been infected by an encrypted malware. All the documents and photos I can not access.. The extension on the files are . EnCrypter.

I have gone to decryptcryptolocker.com and uploaded a file and it said that the file was not infected with cryptolocker. Malwarebytes did not remove the malware.

Does anyone have any suggestions on how I may unlock the files.

Thank you in advance.
delacruz84Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I think your files HAVE been encrypted by the cryptolock virus. The only solution is to rebuild the system (to clear out the virus) and restore from backup.
0
Thomas Zucker-ScharffSolution GuideCommented:
Cryptolocker would be easiest.  You can check out my article on ransomware here:

http://www.experts-exchange.com/Security/Encryption/A_18086-Ransomware-Prevention-is-the-only-solution.html

As you can guess from the title,  the only real solution is prevention. Once you have been encrypted,  the solution is restore from backup, or if you have previous versions enabled  you can restore.
0
akbCommented:
You may also be able to use undelete software to recover your files.
You said Malwarebytes did not remove the malware. You must be sure the malware has been removed before you do anything.
0
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

andreasSystem AdminCommented:
As others above said, remove malware first. Or remove harddrive and do the dat recovery on another PC. You might use
shadow explorer to extract versions from shadow copies if it was enabled and not turned off by the malware.

Furthermore try photorec to scan for deleted files, it may dig out one or 2 files of use for you. But all the methods above will not give you full recovery. The shadow copies usually dont have all files inside especially if you have many files and the shadow copy would exceed the configured maximum on that drive, then older files will make space for newer modified files. Sme for recovery of deleted files, if the space on harddisc was used again from the system either by new encrypted files or other things, the original content cannot be retrived.
Undelete tools also fail when the file was fragmented, the larger the file the larger the chance its not continuos on the HDD.
0
Thomas Zucker-ScharffSolution GuideCommented:
All the suggestions made are good ones and should be tried.  But if the files have been encrypted with ransomware,  the chance of file recovery is nil and restore is highly unlikely. Ransomware encrypts the files and then securely erases the originals. By the time you see the ransom demand this has all been done.  Many of the newer ransomware variants also make sure that you are unable to use shadow copies or previous versions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
andreasSystem AdminCommented:
Yes correct very most of all recent ramson cryptors turn off the shadow copies and overwrite the originals. But you still may be able to recover some content from former shadow copy files and former regular files that were deleted before the cryptor started its work and couldnt get the file handles to remove/encrypt them.

But I'm not sure if newer cryptor variants also wipe out unused space on the drives then you will have totally no chance to get back anything.
0
Alessandro ScafariaInfrastructure Premier Field AdministratorCommented:
As experts said, there's no way (at the moment and for most variants of this malware) to recover your files, but please, take a look at this site too:

https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!! :-)

Best luck!
0
Michael LakeFounderCommented:
Are you able to restore shadowcopies if enabled?
0
JohnBusiness Consultant (Owner)Commented:
I think my answer (40653120 ) and also Thomas' answer (40653588 ) have answered this question.
0
akbCommented:
Plenty of good advice given which may be useful to others. Please do not delete the question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.