m0tte Posted March 11, 2017 Posted March 11, 2017 hello, today I lost many hours of work when I tried to backup the newly created and modified files and folders on an PC which is infected by so sort of Autoit trojan. I put in my pen drive and my files were gone into some kind of shortcut looking symbol (at lest I think so because the size of used space did not change) I am not able to make use of kaspersky "RannohDecryptor" since it reqieres me to link to a copy of original file. Can You please tell me whether my files are lost permanentely?
Moderators Melba23 Posted March 11, 2017 Moderators Posted March 11, 2017 m0tte, Welcome to the AutoIt forums and I am sorry that you are here because of such unpleasant circumstances. Why do you say that it is an "AutoIt Trojan" that has done this? M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
m0tte Posted March 11, 2017 Author Posted March 11, 2017 hello Melba, because I saw that "Found" by AVIRA when I 1st run a scan in OS (Win 10). It has not been removed after restart (found 2nd time). 3rd time I run the scan with "Avira Rescure System". I should have written down the exact name of it but I'm pretty sure it is that kind of trojan infection because the symptoms fit. is there any hope to convert my files and folder back to normal?
Moderators Melba23 Posted March 11, 2017 Moderators Posted March 11, 2017 m0tte, I am afraid I have no idea. The malware might well have been written in AutoIt, but that does not mean that we have any "magic potion" to decrypt your files. Sorry. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
InunoTaishou Posted March 11, 2017 Posted March 11, 2017 You could try a hard disk recovery tool on the pen drive and you may be able to recover some older files. Try EaseUS, I've used it in the past with success.
Developers Jos Posted March 11, 2017 Developers Posted March 11, 2017 We would need the actual script to see what it actually does to determine whether it is easy to decrypt or not. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
m0tte Posted March 11, 2017 Author Posted March 11, 2017 I just figured out that the detected Trojan (whaever it was exactly) did NOT encrypt my files and folders. It just moved it to a hidden folder wich has no name. SOLUTION is: 1) open the pen drive in file explorer 2) go to "View" 3) go to "Options" -> "View" 4) uncheck "hide system files" 5) press "ok" or "apply" button now you should see the hidden a tranparent symbol and find your files and folders in it.
TheDcoder Posted March 11, 2017 Posted March 11, 2017 This might be relevant: EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion
m0tte Posted March 11, 2017 Author Posted March 11, 2017 No permission Sorry, we can't show this content because you do not have permission to see it. thats what it shows to me
Developers Jos Posted March 11, 2017 Developers Posted March 11, 2017 28 minutes ago, m0tte said: No permission Try again. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now