Jump to content
m0tte

can I decrypt my files on USB pen drive (encrypted by AutoIT trojan)

Recommended Posts

m0tte

hello,

today I lost many hours of work when I tried to backup the newly created and modified files and folders on an PC which is infected by so sort of Autoit trojan.

I put in my pen drive and my files were gone into some kind of shortcut looking symbol (at lest I think so because the size of used space did not change)

I am not able to make use of kaspersky "RannohDecryptor" since it reqieres me to link to a copy of original file.

Can You please tell me whether my files are lost permanentely?

Share this post


Link to post
Share on other sites
Melba23

m0tte,

Welcome to the AutoIt forums and I am sorry that you are here because of such unpleasant circumstances.

Why do you say that it is an "AutoIt Trojan" that has done this?

M23

 


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
m0tte

hello Melba,

because I saw that "Found" by AVIRA when I 1st run a scan in OS (Win 10). It has not been removed after restart (found 2nd time). 3rd time I run the scan with "Avira Rescure System". I should have written down the exact name of it but I'm pretty sure it is that kind of trojan infection because the symptoms fit.

is there any hope to convert my files and folder back to normal?

Share this post


Link to post
Share on other sites
Melba23

m0tte,

I am afraid I have no idea. The malware might well have been written in AutoIt, but that does not mean that we have any "magic potion" to decrypt your files. Sorry.

M23


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
m0tte

oh, I see.

Thank You

anyway

Share this post


Link to post
Share on other sites
InunoTaishou

You could try a hard disk recovery tool on the pen drive and you may be able to recover some older files. Try EaseUS, I've used it in the past with success.

Share this post


Link to post
Share on other sites
m0tte

I just figured out that the detected Trojan (whaever it was exactly) did NOT encrypt my files and folders.

It just moved it to a hidden folder wich has no name.

 

SOLUTION is:

1) open the pen drive in file explorer

2) go to "View"

3) go to "Options" -> "View"

4) uncheck "hide system files"

5) press "ok" or "apply" button

now you should see the hidden a tranparent symbol and find your files and folders in it.

 

 

 

Share this post


Link to post
Share on other sites
TheDcoder

This might be relevant:

 


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Spoiler

My contributions to the AutoIt Community

If I have hurt or offended you in anyway, Please accept my apologies, I never (regardless of the situation) mean to do that to anybody!!!

3fHNZJ.gif

PLEASE JOIN ##AutoIt AND HELP THE IRC AUTOIT COMMUNITY!

Share this post


Link to post
Share on other sites
m0tte

No permission

Sorry, we can't show this content because you do not have permission to see it.

thats what it shows to me

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×