# Need Ur help guys... Badly ...asap removing Cryptorbit Ransom virus



## ksagar7up (Dec 31, 2013)

All my files videos, pdfs are encrypted and want to gain access to them again pls
help me asap.../
thanks/.



See the image in the link.//..


----------



## sksundram (Dec 31, 2013)

Windows Vista or Windows 7:
1. Restart your computer and start tapping F8 right away.
2.You are now on the Advanced Boot Menu. Using the arrow keys, select Safe Mode with Networking and press Enter.
3.Open your browser and download SpyHunter.
4. Install the security tool and launch a system scan.
5. Remove all found infections.

Windows 8:
1. Restart the PC.
2. When BIOS loads, hold Shift and repeatedly tap F8.
3. Click See Advanced Repair Options shown on the Recovery screen.
4. Go to Troubleshoot.
5. Open Advanced Options. After that, go to Windows Startup Settings.
6. Restart the computer again.
7. You will see the old the Advanced Boot Option screen.
8. Select Safe Mode with Networking and tap Enter.
9. Download SpyHunter and install it.
10. Launch the application and run a full system scan.
11. Remove all infections.


----------



## ksagar7up (Dec 31, 2013)

spyhunter did not work mate....
and also i formatted and installed fresh win7 ...
even then its not allowing to open and access my files....wat to do??


----------



## harshilsharma63 (Dec 31, 2013)

Try this: Remove Cryptorbit Ransom virus from PC [Removal Guide]!


----------



## rijinpk1 (Dec 31, 2013)

or see this How to Remove Cryptorbit Ransomware Effectively? - Tee Support Blog


----------



## ksagar7up (Dec 31, 2013)

thnks guys...but both of the above links did not help///


----------



## whitestar_999 (Jan 1, 2014)

once files are encrypted there is no way to recover.learn from this & for future start using a good antivirus & keep it regularly updated & keep a backup of your critical files in dvd/separate hard disk connected to main system only when taking backup.


----------



## bssunilreddy (Jan 1, 2014)

Use the MS Security Essentials and CCleaner and keep the PC optimised.



ksagar7up said:


> View attachment 13113
> 
> 
> All my files videos, pdfs are encrypted and want to gain access to them again pls
> ...



1st why do you need to encrypt your drives? These features are necessary for Data centers only.
Press F8 and enter into safe mode and do a system restore to the nearest restore point.If this does not work then you have to make a recovery disk in the safe mode with which you can recover your OS back.
Do a fresh clean Instal of the OS.

Instal and Run any good AV from this link:*www.filehippo.com/software/antimalware/ 
Also run Hijack this from this Link:*www.filehippo.com/download_hijackthis/


----------



## whitestar_999 (Jan 1, 2014)

*@bavusani,slow down & don't post just for the sake of posting.if you had read from the beginning you would know that drives are not encrypted but files are,by a ransomware.*


----------



## bssunilreddy (Jan 1, 2014)

whitestar_999 said:


> *@bavusani,slow down & don't post just for the sake of posting.if you had read from the beginning you would know that drives are not encrypted but files are,by a ransomware.*



Even if files are encrpted it can be de-crypted but if it is virus then a good AV is needed.Some windows updates also provide solutions to such files.

Please check this Link:*computervirusremovalcenter.blogspot.in/2013/12/my-files-are-encrypted-by-cryptorbit.html


----------



## harshilsharma63 (Jan 1, 2014)

bavusani said:


> Even if files are encrpted it can be de-crypted but if it is virus then a good AV is needed.Some windows updates also provide solutions to such files.



How will you decrypt the files which are encrypted by a malware? I agree with whitestar_999; you have been posting irrelevant and absolutely unhelpful posts these days. Take a break buddy. Post count is not gonna take you anywhere.


----------



## bssunilreddy (Jan 1, 2014)

harshilsharma63 said:


> How will you decrypt the files which are encrypted by a malware? I agree with whitestar_999; you have been posting irrelevant and absolutely unhelpful posts these days. Take a break buddy. Post count is not gonna take you anywhere.



If it has been encrypted legitimately then decryption is possible or if it is done by a malware then a good AV is necessary.


----------



## harshilsharma63 (Jan 1, 2014)

bavusani said:


> If it has been encrypted legitimately then decryption is possible or if it is done by a malware then a good AV is necessary.



How exactly will you decrypt the files if ther are encrypted legitimately?


----------



## bssunilreddy (Jan 1, 2014)

harshilsharma63 said:


> How exactly will you decrypt the files if ther are encrypted legitimately?



If OP used any 3rd party software to encrypt and now he cannot decrypt them or delete them was my 1st thought.What did you think it was?


----------



## ksagar7up (Jan 1, 2014)

ohh...but it can be deleted but the encryption is really bad and not been able remove it by avast or by quick heal...
i dont knw if the malware is still present or not..
i've reinstalled win7 by formatting the primary drive but leaving the other data drives untouched ....
so i m not able to decrypt it or open the file...


----------



## whitestar_999 (Jan 1, 2014)

no one can decrypt data without correct encryption key which in this case is with malware writers so forget about your data.


----------



## gagan_kumar (Jan 1, 2014)

actually files can be decrypted if u try to restore the files what this amlware does it copies ur data and encrypts them and once they are encrypted it deletes them so if u can recover the files and simultaneously take the encrpted version of the file u can actually detect the encryption ........

there was some tool also for this i forgot abt it google it, otherwise best u can do is recover whatever u can and do a clean sweep of ur hard drive as to detect the encrytion we need huge processing power ..........


----------



## harshilsharma63 (Jan 1, 2014)

whitestar_999 said:


> no one can decrypt data without correct encryption key which in this case is with malware writers so forget about your data.



Actually I was think that if the malware actually encrypted all data, would it not have took too much time or slowed down the PC too much?


----------



## gagan_kumar (Jan 1, 2014)

whitestar_999 said:


> no one can decrypt data without correct encryption key which in this case is with malware writers so forget about your data.



its not that it can't be decyrpted (hell nothing is impossible even if it 10 layer encryption) but it will take very huge time to do it and real professional expertise..........

best thing op can do is to recover whatever data he can using a recovery tool and then do a clean swipe of hard disk.........



harshilsharma63 said:


> Actually I was think that if the malware actually encrypted all data, would it not have took too much time or slowed down the PC too much?



ya when tat type of malware is at work the lag shld hav become noticable.......... 

also @op what all u accesed from ur pc so ur comp got infected just asking so as others can avoid it..........


----------



## ASHISH65 (Jan 1, 2014)

Try this


How To Remove Cryptorbit Ransom Virus , Easy Remove Cryptorbit Ransom Virus From PC | EasyRemoveVirus.com

Download Virus Removal Tool | EasyRemoveVirus.com


----------



## whitestar_999 (Jan 1, 2014)

@gta0gagan,i said nothing incorrect.you do need correct encryption key to decrypt data even if it involves brute forcing using various tools.

@harshilsharma63,i just encrypted a 54mb avi file using winrar which uses AES encryption & it took just 22 sec & ~89% cpu usage on my pentium G620 system.on a quad core/core i system this will take even less not to mention documents like pdf,office documents etc are smaller in size & malware probably encrypted most of these files during idle time when system was on but user was not there(indicated by very low cpu usage) or doing something which would hardly use 3-4% cpu leaving rest for encryption.


----------



## gagan_kumar (Jan 1, 2014)

whitestar_999 said:


> @gta0gagan,i said nothing incorrect.you do need correct encryption key to decrypt data even if it involves brute forcing using various tools.
> 
> @harshilsharma63,i just encrypted a 54mb avi file using winrar which uses AES encryption & it took just 22 sec & ~89% cpu usage on my pentium G620 system.on a quad core/core i system this will take even less not to mention documents like pdf,office documents etc are smaller in size & malware probably encrypted most of these files during idle time when system was on but user was not there(indicated by very low cpu usage) or doing something which would hardly use 3-4% cpu leaving rest for encryption.



ya tats what i meant but even tat key can be obtained by brute force na........
tats why i said it will take really long time.............
but its not impossible XD


----------



## ksagar7up (Jan 1, 2014)

Although I got some new development on this matter...
1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
2. That how I found that the files can be copied, moved or even deleted for that matter,.
3. His Anti-virus did not detect any malware or infection in those files.
4.Also the files could not be opened there.
5. I've tried scanning it by Q-heal, Avast anti virus soft, but cud
not decrypt the files..
6. I really dont knw wher it came from.
7. AFAIK my cousin was in town few days back and he handled my pc for few days and he downloaded "san andreas game" from kat and few sites he must have visited...game worked fine,.dont knw if it has malware in its setup or not...
8. I installed win7 fresh copy and not upgraded i assure you on my primary drive but infected data on drive D and E are left out...
fresh installation done after formatting the primary drive...


----------



## gagan_kumar (Jan 1, 2014)

now the only action op can take is to salvage whatever he can and move on......



ksagar7up said:


> Although I got some new development on this matter...
> 1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
> 2. That how I found that the files can be copied, moved or even deleted for that matter,.
> 3. His Anti-virus did not detect any malware or infection in those files.
> ...



u could have salvaged some data using recovery........ dude!!!
atleast something is better than nothing and ya u won't detect any virus in those files as there is none cause they are just encrypted..........

btw try contacting cyberpolice they might hav actually contacted the culprits and would hav know the server in which that private key would be present.........

IDK about spreading viruses but demanding ransom is a crime right??


----------



## ksagar7up (Jan 1, 2014)

i dont knw if  thats a good idea to contact to cyberpolice for a data thats been downloaded from torrents....


----------



## ankush28 (Jan 1, 2014)

Learn something from this.... Take daily cloud backups of important files... If possible switch to linux(ubuntu or mint)... FY windows


----------



## ksagar7up (Jan 1, 2014)

will that help by linux to protect file in the future>??


----------



## whitestar_999 (Jan 1, 2014)

we live in India & unless it involves politicians or lakhs/crores of rupees forget about any meaningful assistance from cyber cell of police.also even western countries failed to catch these criminals because servers are usually located in countries like russia,hongkong etc where it is very difficult for western/any foreign security agency to track these people unless it involves some issue of international importance.

even linux won't help if you are careless about security but it does have lesser chances of infection compared to windows.if you had been running some good AV with regular updates then you wouldn't have faced this issue.also next time you give your pc to someone give them guest account not admin account & use your admin account to scan & install any thing they downloaded.


----------



## rijinpk1 (Jan 1, 2014)

ksagar7up said:


> Although I got some new development on this matter...
> 1. I took a few file to anothr clean PC of my frined who has updated Anti-virus and Marware Preventive soft.s
> 2. That how I found that the files can be copied, moved or even deleted for that matter,.
> 3. His Anti-virus did not detect any malware or infection in those files.
> ...



you really found where it came from.
1) do visit trusted sites only.
2)dont download anything from unknown sources or websites.
3)dont install pirated softwares. you have freewares around you to do your job.
4)dont try to execute the file if you dont know the source from where the files came.
5)use filehippo to download your softwares. it is my favourite.
you dont even need antivirus if you know what you are doing. but for your own sake, i am telling you to install bitdefender antivirus/internet security. 
decrypting an encrypted data is not a good idea as most explained. brute force is not a good idea. eve if you have tho most powerful system to date, you may not be able to decrypt file even after years.


----------



## arijitsinha (Jan 2, 2014)

I was hearing about some ransomeware for past few days, this is sad that you get affected by it. I search some sites, and I think all the process mentioned is to avoid the spreading of the virus. The files which have been encrypted are encrypted. The way to get them back is to decrypt it, which is nearly impossible if you dont know the algo used as well as private-key. 

People telling files can be decrypted, think what is the use of encryption then? If it is possible,your gmail/tdf password all will be visible to others. Anyway, perform a clean format of the system and forget about the files you have. Or copy all the personal files to a different storage then perform the format. Wait for some days, May be there will be ways security experts will find out to decrypt. And dont touch the copied files. Who knows where and how the virus is residing.


----------

