11-22-2016 , 05:44 PM
http://support.eset.com/kb6274/ How do I clean a Crysis infection using the ESET Crysis decryptor?
KB Solution ID: KB6274 |Document ID: 23429|Last Revised: November 22, 2016
Tweet
Issue
Your ESET product detects the infection Win32/Filecoder.Crysis
How to decrypt your files using the ESETCrysisDecryptor.exe tool
Your personal files are encrypted and the following information may be displayed in your computer Desktop background, or in a .txt, .html or .png file
Your files have been renamed using one of the extensions: .xbtl, .crysis, .crypt
You receive one of the following messages on your Desktop:
- "Attention! Your computer was attacked by virus-encoder.. bitcoin143@india.com"
- "Your data was encrypted... Do not try to decrypt it - data wil be lost... checksupport@163.com"
- "To restore information email technical support"
- "all your data was crypted to get it back write to helphomeless@india.com"
Figure 1-1
Click +Details to expand additional image related to this ransomware
Details
Solution
Download the tool and save the file to your Desktop.
Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
Type the command ESETCrysisDecryptor.exe and press Enter.
Read and agree to the end-user license agreement.
Type ESETCrysisDecryptor.exe C: and press Enter to scan the C drive. To scan a different drive replace C: with the applicable drive letter.
CrysisDecryptor Switches
In most cases, running the decryptor tool as shown in step 6 is the best choice. If you are familiar using command line switches, you can make use of the following switches available for the CrysisDecryptor tool:
/s— run the tool in silent mode
/d —run the tool in debug mode
/h or /?— show usage
The Crysis cleaner tool will run and the message "Looking for infected files..." will be displayed. If an infection is discovered, follow the prompts from the Crysis cleaner to clean your system.
Figure 1-2
Need Personalized Assistance in North America?
If you're not already an ESET customer, ESET Support Services are available to clean, optimize and secure your system. Call 866-944-3738 or click to schedule an appointment with ESET Support Services today!
Related:
Best practices to protect against Filecoder (ransomware) malware
How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter?
What can I do to minimize the risk of a malware attack?
Was this information helpful? 2008–2016 ESET North America.
KB Solution ID: KB6274 |Document ID: 23429|Last Revised: November 22, 2016
Tweet
Issue
Your ESET product detects the infection Win32/Filecoder.Crysis
How to decrypt your files using the ESETCrysisDecryptor.exe tool
Your personal files are encrypted and the following information may be displayed in your computer Desktop background, or in a .txt, .html or .png file
Your files have been renamed using one of the extensions: .xbtl, .crysis, .crypt
You receive one of the following messages on your Desktop:
- "Attention! Your computer was attacked by virus-encoder.. bitcoin143@india.com"
- "Your data was encrypted... Do not try to decrypt it - data wil be lost... checksupport@163.com"
- "To restore information email technical support"
- "all your data was crypted to get it back write to helphomeless@india.com"
Figure 1-1
Click +Details to expand additional image related to this ransomware
Details
Solution
Download the tool and save the file to your Desktop.
Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
Type the command ESETCrysisDecryptor.exe and press Enter.
Read and agree to the end-user license agreement.
Type ESETCrysisDecryptor.exe C: and press Enter to scan the C drive. To scan a different drive replace C: with the applicable drive letter.
CrysisDecryptor Switches
In most cases, running the decryptor tool as shown in step 6 is the best choice. If you are familiar using command line switches, you can make use of the following switches available for the CrysisDecryptor tool:
/s— run the tool in silent mode
/d —run the tool in debug mode
/h or /?— show usage
The Crysis cleaner tool will run and the message "Looking for infected files..." will be displayed. If an infection is discovered, follow the prompts from the Crysis cleaner to clean your system.
Figure 1-2
Need Personalized Assistance in North America?
If you're not already an ESET customer, ESET Support Services are available to clean, optimize and secure your system. Call 866-944-3738 or click to schedule an appointment with ESET Support Services today!
Related:
Best practices to protect against Filecoder (ransomware) malware
How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter?
What can I do to minimize the risk of a malware attack?
Was this information helpful? 2008–2016 ESET North America.