Jump to content

can I decrypt my files on USB pen drive (encrypted by AutoIT trojan)

m0tte

By m0tte,
in AutoIt Technical Discussion

 Share

Recommended Posts

m0tte Seeker

m0tte

Posted
Posted

hello,

today I lost many hours of work when I tried to backup the newly created and modified files and folders on an PC which is infected by so sort of Autoit trojan.

I put in my pen drive and my files were gone into some kind of shortcut looking symbol (at lest I think so because the size of used space did not change)

I am not able to make use of kaspersky "RannohDecryptor" since it reqieres me to link to a copy of original file.

Can You please tell me whether my files are lost permanentely?

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted

m0tte,

Welcome to the AutoIt forums and I am sorry that you are here because of such unpleasant circumstances.

Why do you say that it is an "AutoIt Trojan" that has done this?

M23

 

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
m0tte Seeker

m0tte

Posted
  • Author
Posted

hello Melba,

because I saw that "Found" by AVIRA when I 1st run a scan in OS (Win 10). It has not been removed after restart (found 2nd time). 3rd time I run the scan with "Avira Rescure System". I should have written down the exact name of it but I'm pretty sure it is that kind of trojan infection because the symptoms fit.

is there any hope to convert my files and folder back to normal?

Link to comment
Share on other sites
  • Moderators
Melba23 Universalist

Melba23

Posted
  • Moderators
Posted

m0tte,

I am afraid I have no idea. The malware might well have been written in AutoIt, but that does not mean that we have any "magic potion" to decrypt your files. Sorry.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

We would need the actual script to see what it actually does to determine whether it is easy to decrypt or not.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
m0tte Seeker

m0tte

Posted
  • Author
Posted

I just figured out that the detected Trojan (whaever it was exactly) did NOT encrypt my files and folders.

It just moved it to a hidden folder wich has no name.

 

SOLUTION is:

1) open the pen drive in file explorer

2) go to "View"

3) go to "Options" -> "View"

4) uncheck "hide system files"

5) press "ok" or "apply" button

now you should see the hidden a tranparent symbol and find your files and folders in it.

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...