Malware dirtydecrypt help needed

demetrie6

demetrie6

Member ++
Joined
Oct 22, 2008
Messages
145
Reaction score
3
hi guys and gurls really needing your help ive searched through google looking for a solution to no sucess thought i'd ask here since i know this is the site where all the gurus are "and yes i'm really trying to butter you all up but with good reason":licka: but i dont know where i got it from but ive ended up with this dirtydecrypt on my pc it has taken over all my fotos .JPG .PNG .PDF .DOCS and i cant restore them ive read plenty of palces that they cant be retrieved but befor i make the harsh decision to format my pc and loose all my pics and documents and probably half my programs cause i cant remember what i got lmao is there any help out there at all i know the digitalworldz guru like to get there teeth stuck in to things but any info or help would be great cheers
 
Sort by date Sort by votes
try running the likes of malwarebytes spybot search & destroy combofix etc

see if that helps you
 
Upvote 0 Downvote
cheers for your reply bud but i have run malwarebites, spybot, avast and nothing seems to work its apparently something to do with it changing the hex or something a lot of people are looking at it but with no results there is a web page i found in german regarding it but im no programmer i look at hexedit and see numbers and letters that mean heehaw lol
 
Upvote 0 Downvote
didnt realise was that bad

not looking good for recovery
best of luck mate
 
Upvote 0 Downvote
Some interesting stuff in that thread:

Code: 
You don't have permission to view the code content. Log in or register now.
@demetrie6 what OS are you using and do you know if you have any shadowing services or previous version type things running? I see that some people have recovered some files using these.
 
Last edited by a moderator:
Upvote 0 Downvote
hi spectre im running vista and can u elaberate on shadowing service and version type lol think of me as a "dummy" lmao once u describe i might know what u mean lol and cheers bhoywonder think im gonna need it
 
Upvote 0 Downvote
demetrie6 said:
hi spectre im running vista and can u elaberate on shadowing service and version type lol think of me as a "dummy" lmao once u describe i might know what u mean lol and cheers bhoywonder think im gonna need it
Click to expand...

Sorry, I'm not much of a Vista user but someone else might know.

Those services run in the background and keep backups of files so that you can revert back if needed. CAn you see properties if you right click on a file?
 
Upvote 0 Downvote
yes bud i can see properties but i found this by googling it


translate.google.co.uk/translate?hl=en&sl=de&u=http://forum.avira.com/wbb/index.php%3Fpage%3DThread%26threadID%3D153816&prev=/search%3Fq%3Dupdate%2Bvor%2Bdirtydecrypt%2Bremoval%26client%3Dfirefox-a%26hs%3DP5t%26rls%3Dorg.mozilla:en-GB:eek:fficial%26channel%3Dfflb


thats if the link works apparently it is encrypted by rsa but when you open the picture in hexedit the code FF D8 FF E1 should be the start but the .JPG has been changed to .PNG but if u can see the page you might understand it better than me lol
 
Upvote 0 Downvote
I think that might be another virus pretending to be DirtyDecrypt, I did read something in the above links about injecting a .PNG into a .JPG.

Have you installed a hex editor to have a look in the file?

Ah, apparently it's an earlier version or different virus:

"Sorry! - You've been very lucky and have come with the first generation of this malware in contact.
I do not hope that you choke now offered in the PM you will help the new cases can not solve -
Moreover, PM help not so much wanted here because this is a forum for solutions to please
everything should be public"
 
Upvote 0 Downvote
yeah i thought that cause everything they say about removing it from regedit isnt there lol think im screwed lol
 
Upvote 0 Downvote
Consensus seems to be it's RSA for which there is no reverse without the private key. Check the drive for hidden/system files just in case then remove the Ransomware in Safe Mode with Networking. Backup all files on the disk in case a decryption tool becomes available.

Before you reinstall you need to look at how it got in - what ports have you opened to the Internet?
 
Upvote 0 Downvote
i believe i did a noob mistake i think i tried to update flash player my avast told me it needed updated but i ignored it till i went on to a site to view a video and no before ya all jump to conclutions it wasnt a porn site lol wish it was cause i wouldnt have pressed the up date button lol
 
Upvote 0 Downvote
Take a backup and check your files anyway because I did read that it doesn't encrypt files with the "File is ready for archiving" attribute. Not sure how true it is though.
 
Upvote 0 Downvote
cheers for that spectre it certainly isnt looking good for me i have backed up the c: but the pics are still encrypted id love to get my hands on who ever is behind the malware thats for sure
 
Upvote 0 Downvote
There is probably more ransomware on its way. I'd install a virtual machine and run Linux on it for casual browsing.
 
Upvote 0 Downvote
What i would do is reinstall windows 7 on a different drive if you have one and use EASUS data recovery.
Or if you dont have another drive, just reinstall it on this drive by formatting then run EASUS. pretty sure you will recover your files.
It should be pretty straightforward.
Give me a shout if you need more help.
 
Upvote 0 Downvote
TBF - ransomware has been around for a while but only latterly filtered down to home users. It reared its head first (arguable) when smaller Companies started opening firewall port 3389 to allow remote support using Terminal Services.

Encryption tools are readily available in Open Source land as are password crackers to allow administrator access. It's not a massive leap to wrap this up into a Windows executable.

Basically, I think the OP is stuffed, sorry :(
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

melttc
    • Wow
Sensible Topic Email Hacked
Replies
19
Views
788
silverdale
silverdale
bilabonic
New TV -What do i get, 65" -Time for the 20 year Plasma to go!
2
Replies
24
Views
1K
gez
gez
silverdale
Derby County how the F**K are they getting away with it ??
Replies
0
Views
188
silverdale
silverdale
saj1985
whats satellite scene currently like atm?
Replies
6
Views
809
Ferret
Ferret
G
    • Like
  • Question
Site hacked
Replies
5
Views
749
goalseeker
G
Back
Top