Zurück   Trojaner-Board > Malware entfernen > Anleitungen, FAQs & Links

Anleitungen, FAQs & Links: Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen

Windows 7 Hilfreiche Anleitungen um Trojaner zu entfernen. Viele FAQs & Links zum Thema Sicherheit, Malware und Viren. Die Schritt für Schritt Anleitungen zum Trojaner entfernen sind auch für nicht versierte Benutzer leicht durchführbar. Bei Problemen, einfach im Trojaner-Board nachfragen - unsere Experten helfen kostenlos. Weitere Anleitungen zu Hardware, Trojaner und Malware sind hier zu finden.

Antwort
Alt 25.04.2012, 18:21   #1
Da GuRu
Administrator
/// technical service
 

Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen - Standard

Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen



Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen


Neuer Decrypter: DecryptHelper


----^^^---ZUERST AUSPROBIEREN ------^^^---



F-Secure hat für die Entschlüsselung der Dateien ein Python-Script erstellt (Meldung).

Zitat:
Our analysts have created a decryption script, written in Python, for our support team. Fortunately, we've only seen a small number of customer cases. The decryption script works with two variants of Ransomcrypt.

• Trojan:W32/RansomCrypt.A, SHA1: b8f60c64c70f03c263bf9e9261aa157a73864aaf
• Trojan:W32/RansomCrypt.B, SHA1: 1e41e641e54bb6fb26b5706e39b90c93165bcb0b

Zitat:
License Agreement
Please read the following license agreement carefully
This application is an F-Secure Labs support tool. It is provided "as is", without warranty or product support. Redistribution of this tool is prohibited.

This tool will search and decrypt files encrypted by Trojan:W32/RansomCrypt.

USAGE
- Give the location of the encrypted files as a parameter, that folder will be scanned recursively (ie. all sub-folders and their sub-folders etc. will be inspected for encrypted files).
- For example: fs_randec.py c:\ will decrypt all files on the c-drive
- For example: fs_randec.py c:\encrypted_files will decrypt files in that particular folder and all of its sub-folders.

THINGS TO NOTE BEFORE RUNNING THIS TOOL
- This tool does not remove the trojan or the registry changes it has made, please make sure the trojan has been removed before running this tool so the files are not re-encrypted.
- A variant specific fs_randec_conf.ini is required and must be in the same folder as this tool. Using the wrong configuration file will result in incorrectly decrypted files.
- The encrypted files must not have been renamed after they were encrypted.
- The encrypted files are not deleted after decryption.
- A decrypted file will be created with its original file name in the same folder where the decrypted file is, if a file with the original name already exists in the folder, decryption is not performed.

REQUIRED FILES
- The following files need to be in the same folder as fs_randec.py: EULT.txt and fs_randec_conf.ini
- Python is required for running this tool, if it is not already installed on the system please download and install the appropriate version from http://www.python.org/download/releases/2.7.3/
TIPS
- If you have a lot of large files that have been encrypted you may want to first copy a few of them to a new folder and decrypt the content of that folder to get an idea how long it would take to decrypt the whole hard drive.
- For optimal use collect just the files you wish to have decrypted to the same folder and only decrypt the content of that folder.
- Once you have confirmed that all the files you wanted to restore have been successfully decrypted you can remove the encrypted files for example by using the built-in Windows search to find all files that have the file extension added by the trojan, selecting all found files and deleting them.
- Do not delete the encrypted files until you are absolutely sure all the files you wish to restore have been successully decrypted.
- You can find and delete the text files notifying of the encryption with the same method as the encrypted files. You may also want to consider storing all of the encrypted files on a separate drive in case you later realise some file was not decrypted correctly.
- The encrypted files cause no danger to the system except taking up disc space so it is not imperative to delete them.
- Pressing Ctrl-C will abort the decryption process.

PLEASE NOTE:
We will attempt to decrypt the files encrypted by Trojan:W32/RansomCrypt to their original content and their original filenames but at your own responsibility and at your own risk.
Angehängte Dateien
Dateityp: zip fs_randec.zip (38,6 KB, 1890x aufgerufen)

Alt 25.04.2012, 18:28   #2
Da GuRu
Administrator
/// technical service
 

Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen - Standard

Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen



Nach Anwendung des Skriptes, erstelle ein Thema hier im Forum: http://www.trojaner-board.de/69886-a...-beachten.html

Kein Erfolg?
http://www.trojaner-board.de/114116-...n-encoder.html
__________________


Antwort

Themen zu Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen
decrypter, decrypthelper, entferne, entfernen, required, troja, trojan, trojan:w32/ransomcrypt, verschlüsselungs-trojaner




Ähnliche Themen: Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen


  1. Trojan.Ransomcrypt.F in c:\users\XXX\appdata\roaming\{112c4a02-1112-2f13-0e22-00181b0b15df}.exe: Wiederherstellung verschlüsselter Dateien
    Plagegeister aller Art und deren Bekämpfung - 21.09.2013 (5)
  2. Trojan.Matsnu.1 - Tool für Verschlüsselungs-Trojaner
    Diskussionsforum - 18.02.2013 (45)
  3. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  4. Verschlüsselungs Trojaner und warscheinlich noch mehr: Trojan.Win32.Inject.efnl
    Log-Analyse und Auswertung - 03.07.2012 (5)
  5. windows verschlüsselungs trojaner wie entfernen?
    Log-Analyse und Auswertung - 29.06.2012 (1)
  6. windows verschlüsselungs trojaner wie entfernen?
    Log-Analyse und Auswertung - 19.06.2012 (1)
  7. (2x) windows verschlüsselungs trojaner wie entfernen?
    Mülltonne - 19.06.2012 (1)
  8. Verschlüsselungs Trojaner entfernen!
    Log-Analyse und Auswertung - 15.06.2012 (13)
  9. Verschlüsselungs-Trojaner Trojan.Ransomlock.P durch Anhang einer Email-Mahnung
    Log-Analyse und Auswertung - 14.06.2012 (4)
  10. Wie das Tool zum Entfernen des Verschlüsselungs-Trojaner auf den infizierten PC?
    Log-Analyse und Auswertung - 13.06.2012 (1)
  11. Trojan.Agent.RNSGen (Verschlüsselungs-Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  12. Neue Verschlüsselungs-Trojaner Trojan.Matsnu.10, Packer.ModifiedUPX
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (1)
  13. RannohDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Rannoh
    Diskussionsforum - 07.05.2012 (3)
  14. Windows - Verschlüsselungs Trojaner trojan.matsnu.1
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (1)
  15. Windows-Verschlüsselungs-Trojaner Schritt 3 (Trojan.Matsnu.1)
    Log-Analyse und Auswertung - 03.05.2012 (6)
  16. Verschlüsselungs-Trojaner Trojan.Encoder
    Log-Analyse und Auswertung - 01.05.2012 (4)
  17. XoristDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Xorist
    Anleitungen, FAQs & Links - 28.02.2012 (0)

Zum Thema Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen - Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen Neuer Decrypter: DecryptHelper ----^^^---ZUERST AUSPROBIEREN ------^^^--- F-Secure hat für die Entschlüsselung der Dateien ein Python-Script erstellt ( Meldung ). Zitat: Our analysts have created a decryption script, - Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen...
Archiv
Du betrachtest: Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.