My PC was infected with moneypak virus which i was able to remove.
However, all of my pics extensions changed to jpg.crypt instead of jpg and wold not open so far.
Is there any way to recover my pics?
This must be another new variant of the ransomware that we've seen over the past few months. The encoding seems to be a fixture now, but the encryption method may have changed. We can't assume they're still using the same method as in the West Yorkshire Police variant -
This trojan uses RC4 encryption and derives encryption key from md5 hash of random string with fixed prefix. It doesn't store decryption key on the PC after encryption.
- although it would make things a lot easier if they were.
You say you got rid of the infection but you don't say how. I see a number of websites claiming to offer a solution to this infection but they don't mention - any of them - that your files have been encrypted. Which doesn't say much for their thoroughness or reliability. Which method did you use and where did you find the instructions for removal? Let me know and I'll put a user review into SiteAdvisor and WOT for that website saying just how much use they are ("chocolate kettle" springs to mind).
Removal : Dr. Web specialise in this sort of thing and so do Kaspersky, a little behind the curve. McAfee ought to offer something, it really should, but so far I've not been able to interest them in setting up a team to handle this sort of thing. Perhaps they're not interested in earning goodwill and brownie points. So Dr. Web gets all the praise and kudos instead.
If you have an unencrypted copy of a file, any file at all, that has been encrypted, then you should be able to get your files back. The process is explained in the thread about the West Yorkshire Police variant - read some of the posts starting at https://community.mcafee.com/message/238874#238874, where you will find the Dr Web download details and email addresses.
I used combofix and rkill to remove moneypak. No, I don't have any original files.
Hope you can give me any suggesion to recover all these pics.
Have you got any installation CDs for Windows or any other software that you've installed? Those will have original unencrypted copies of jpg files that the infection has encrypted.
Edit - If any of the files were downloaded you might be able to find them again; that'll give you a before- and after-encryption pair.
Also, is it only jpg files that have been encrypted or are any other file types affected?
rkill and combofix are the tools used by the malware removal pros at places like BleepingComputer. Did you go there for help dealing with this, or somewhere else? The experts shouldn't have missed the encryption, they'll have seen it on other variants of the ransomware.Message was edited by: Hayton on 01/07/12 03:02:20 IST
The best and easiest instrctions to remove Moneypak are from this site: http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/
I was going crazy before i got rid of it! omg!