Need Ur help guys... Badly ...asap removing Cryptorbit Ransom virus

W

whitestar_999

Super Moderator
Staff member
@gta0gagan,i said nothing incorrect.you do need correct encryption key to decrypt data even if it involves brute forcing using various tools.:)

@harshilsharma63,i just encrypted a 54mb avi file using winrar which uses AES encryption & it took just 22 sec & ~89% cpu usage on my pentium G620 system.on a quad core/core i system this will take even less not to mention documents like pdf,office documents etc are smaller in size & malware probably encrypted most of these files during idle time when system was on but user was not there(indicated by very low cpu usage) or doing something which would hardly use 3-4% cpu leaving rest for encryption.:)
 
gagan_kumar

gagan_kumar

Wise Old Owl
whitestar_999 said:
@gta0gagan,i said nothing incorrect.you do need correct encryption key to decrypt data even if it involves brute forcing using various tools.:)

@harshilsharma63,i just encrypted a 54mb avi file using winrar which uses AES encryption & it took just 22 sec & ~89% cpu usage on my pentium G620 system.on a quad core/core i system this will take even less not to mention documents like pdf,office documents etc are smaller in size & malware probably encrypted most of these files during idle time when system was on but user was not there(indicated by very low cpu usage) or doing something which would hardly use 3-4% cpu leaving rest for encryption.:)
Click to expand...

ya tats what i meant but even tat key can be obtained by brute force na........
tats why i said it will take really long time.............
but its not impossible XD:-D
 
OP
K

ksagar7up

Broken In
Although I got some new development on this matter...
1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
2. That how I found that the files can be copied, moved or even deleted for that matter,.
3. His Anti-virus did not detect any malware or infection in those files.
4.Also the files could not be opened there.
5. I've tried scanning it by Q-heal, Avast anti virus soft, but cud
not decrypt the files..
6. I really dont knw wher it came from.
7. AFAIK my cousin was in town few days back and he handled my pc for few days and he downloaded "san andreas game" from kat and few sites he must have visited...game worked fine,.dont knw if it has malware in its setup or not...
8. I installed win7 fresh copy and not upgraded i assure you on my primary drive but infected data on drive D and E are left out...
fresh installation done after formatting the primary drive...
 
gagan_kumar

gagan_kumar

Wise Old Owl
now the only action op can take is to salvage whatever he can and move on......

ksagar7up said:
Although I got some new development on this matter...
1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
2. That how I found that the files can be copied, moved or even deleted for that matter,.
3. His Anti-virus did not detect any malware or infection in those files.
4.Also the files could not be opened there.
5. I've tried scanning it by Q-heal, Avast anti virus soft, but cud
not decrypt the files..
6. I really dont knw wher it came from.
7. AFAIK my cousin was in town few days back and he handled my pc for few days and he downloaded "san andreas game" from kat and few sites he must have visited...game worked fine,.dont knw if it has malware in its setup or not...
8. I installed win7 fresh copy and not upgraded i assure you on my primary drive but infected data on drive D and E are left out...
fresh installation done after formatting the primary drive...
Click to expand...

u could have salvaged some data using recovery........ dude!!!
atleast something is better than nothing and ya u won't detect any virus in those files as there is none cause they are just encrypted..........

btw try contacting cyberpolice they might hav actually contacted the culprits and would hav know the server in which that private key would be present.........

IDK about spreading viruses but demanding ransom is a crime right??
 
ankush28

ankush28

Bazinga
Learn something from this.... Take daily cloud backups of important files... If possible switch to linux(ubuntu or mint)... FY windows
 
W

whitestar_999

Super Moderator
Staff member
we live in India & unless it involves politicians or lakhs/crores of rupees forget about any meaningful assistance from cyber cell of police.also even western countries failed to catch these criminals because servers are usually located in countries like russia,hongkong etc where it is very difficult for western/any foreign security agency to track these people unless it involves some issue of international importance.

even linux won't help if you are careless about security but it does have lesser chances of infection compared to windows.if you had been running some good AV with regular updates then you wouldn't have faced this issue.also next time you give your pc to someone give them guest account not admin account & use your admin account to scan & install any thing they downloaded.
 
rijinpk1

rijinpk1

Aspiring Novelist
ksagar7up said:
Although I got some new development on this matter...
1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
2. That how I found that the files can be copied, moved or even deleted for that matter,.
3. His Anti-virus did not detect any malware or infection in those files.
4.Also the files could not be opened there.
5. I've tried scanning it by Q-heal, Avast anti virus soft, but cud
not decrypt the files..
6. I really dont knw wher it came from.
7. AFAIK my cousin was in town few days back and he handled my pc for few days and he downloaded "san andreas game" from kat and few sites he must have visited...game worked fine,.dont knw if it has malware in its setup or not...
8. I installed win7 fresh copy and not upgraded i assure you on my primary drive but infected data on drive D and E are left out...
fresh installation done after formatting the primary drive...
Click to expand...

you really found where it came from.
1) do visit trusted sites only.
2)dont download anything from unknown sources or websites.
3)dont install pirated softwares. you have freewares around you to do your job.
4)dont try to execute the file if you dont know the source from where the files came.
5)use filehippo to download your softwares. it is my favourite.
you dont even need antivirus if you know what you are doing. but for your own sake, i am telling you to install bitdefender antivirus/internet security.
decrypting an encrypted data is not a good idea as most explained. brute force is not a good idea. eve if you have tho most powerful system to date, you may not be able to decrypt file even after years.
 
A

arijitsinha

﴾͡๏̯͡๏﴿ O'RLY?
I was hearing about some ransomeware for past few days, this is sad that you get affected by it. I search some sites, and I think all the process mentioned is to avoid the spreading of the virus. The files which have been encrypted are encrypted. The way to get them back is to decrypt it, which is nearly impossible if you dont know the algo used as well as private-key.

People telling files can be decrypted, think what is the use of encryption then? If it is possible,your gmail/tdf password all will be visible to others. Anyway, perform a clean format of the system and forget about the files you have. Or copy all the personal files to a different storage then perform the format. Wait for some days, May be there will be ways security experts will find out to decrypt. And dont touch the copied files. Who knows where and how the virus is residing.
 
You must log in or register to reply here.
Top Bottom