• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Virus has encrypted all my important files! help!

Recommended Posts

Agent_of_Knowledge    0
Convert the drive from NTFS to FAT (to remove the protection). This has saved my butt a few times.

I don't know if I'm ready to that risk. But I know it's worth a shot.

Cheers!

Share this post


Link to post
Share on other sites
Agent_of_Knowledge    0
get one of the file's properties. on the security tab, click advanced. on the owner tab, what does it say for the owner? a bit of a warning here: if you want any chance of getting your info back, don't change ANYTHING - this means click cancel whenever possible to close a window :yes:

Here's the properties for one of the files:

hmm.jpg

I also have a screen shot of the Recovery program I have been using:

welp.jpg

It seems like I can decrpyt all other keys but these. the 2 circled in black are ones that I can't seem to decrypt. I don't know why I can't. I use the same username and password on all my accounts and only have 1 each time. So I figured I'd have a look at the users tab on this program, for one the encrypted files and I get this:

again.gif

My password is the same one I use for everyting, so I figured the username might be different. Even though I've used the same username over and over. I tried entering that whole string under the tab "users" but it wouldn't unlock the keys needed to unlock the files. Maybe the string means something else and I'm reading it wrong? If anyone can check it out, please do.

I greatly appreciate everyone's help and input. Ya'll have been very helpful while I try to recover these files.

Cheers!

Share this post


Link to post
Share on other sites
John    7

i have no idea how that program works, so i can't help much more :/ sorry :pinch:

Share this post


Link to post
Share on other sites
pagal    0

you could try one of the file recovery programs and see if you can restore your Documents folder from before the format. I would say try Final Data Enterprise, it recovered files on my drive from months ago...

EDIT: just thought of this...they might work fine under linux.

Share this post


Link to post
Share on other sites
trix    1

thats very true i just thought of that aswell go get urself a copy of a live on cd linux i would recomend DSL (damn small linux) (50meg) if you wanna do this quickly just to test that it can open the encrypted files or you can use knoppix do a search on google for both of those and you should find them.

Share this post


Link to post
Share on other sites
Agent_of_Knowledge    0
thats very true i just thought of that aswell go get urself a copy of a live on cd linux i would recomend DSL (damn small linux) (50meg) if you wanna do this quickly just to test that it can open the encrypted files or you can use knoppix do a search on google for both of those and you should find them.

Sorry, I didn't get anything from what you typed. Could you please re-explain it all?

Thanks

Cheers!

Share this post


Link to post
Share on other sites
+BudMan    3,544

Exactly what part of these files are ENCRYPTED do people not understand?? ;) Yes booting from a linux CD would allow you access to files on a NTFS drive, but it does NOT get around the fact that they are ENCRYPTED to a CERTIFICATE that he no longer has access to.

Share this post


Link to post
Share on other sites
Trust    0
Virus has encrypted all my important files!

wtf?... hmmm

and what virus is that?

Share this post


Link to post
Share on other sites
Agent_of_Knowledge    0
ok...do this:

1) download the knoppix linux iso from http://linuxiso.org/distro.php?distro=44

2) burn the iso to a cd

3) boot from the cd and then browse your stuff

hopefully it'll work.

Burning now.......thanks....I'll keep ya'll posted!

Cheers!!

Share this post


Link to post
Share on other sites
+primortal    12,197

those files ARE LOST! Without the original key that was generated (initial install) to create those encrypted files there is no way to decrypt them without the original key. That is how encryption works.....

no matter what you boot into, those files are encrypted....

Share this post


Link to post
Share on other sites
pagal    0

chill man, we are just trying to help...

~Speed_Demon~: do you mind posting one of those files here? i think i may have another solution.

Share this post


Link to post
Share on other sites
JK1150    0

i too think you learned the hard way to install virus protection immediately after formatting the computer (when you first installed win2k) and to make immediate back ups. I think this only could have been stopped by active virus protection. sorry, but I dont' know what to say..

Share this post


Link to post
Share on other sites
Otis    0
wtf?... hmmm

and what virus is that?

Ouch sorry to hear this happened.

Please give us more info about this virus or whatever it was that did this to you so we can try to avoid it.

:unsure:

Share this post


Link to post
Share on other sites
Dallas    0

don't have any advice but good luck, i know how you feel about loosing things :(

Share this post


Link to post
Share on other sites
blik    1

I'm not sure I can help, but would unformatting/restoring the partition using software like Hard Drive Mechanic not work. Then you could access the data back it up then install XP again.

Share this post


Link to post
Share on other sites
Agent_of_Knowledge    0
chill man, we are just trying to help...

~Speed_Demon~: do you mind posting one of those files here? i think i may have another solution.

I don't mind at all.....but how would I go about doing so?

I did have norton active on my system....by then it was too late I had to reformat.

Cheers!

Share this post


Link to post
Share on other sites
insurektion    0

do you have another hard drive? if so I heard you can move ntfs to fat32 and it will lose the encryption. I never use encryption to avoid what ur problem is now. well it sux for ou hopefully someone can figure out something

Share this post


Link to post
Share on other sites
Agent_of_Knowledge    0
do you have another hard drive? if so I heard you can move ntfs to fat32 and it will lose the encryption. I never use encryption to avoid what ur problem is now. well it sux for ou hopefully someone can figure out something

Yes, That where it's all backed up, on drive number 2. Do ya'll think I should go ahead and try this and see if it works guys?

EDIT: Nevermind this wouldn't work because they data is encrpyted. And if I forced it to continue to convert, I would lose everything.

Thanks for the suggestion though.....I'm downloading linux right not...I'm going to try that idea now....I'll keep ya'll posted..THANK YOU ALL FOR YA'LL FAST REPLYS AND AGAIN I'M GREATLY HUMBLED BY YA'LLS HELP!

Cheers!

Edited by ~Speed_Demon~

Share this post


Link to post
Share on other sites
John    7
do you have another hard drive? if so I heard you can move ntfs to fat32 and it will lose the encryption. I never use encryption to avoid what ur problem is now. well it sux for ou hopefully someone can figure out something

this won't work because when windows moves the files, it decrypts them first, then encrypts them again if necessary on the destination drive. if he could move the files, he could decrypt them, and he wouldn't have made this thread...

from looking at this advaced EFS data recovery program, i don't think it will be of much use to you :/ i could be wrong, but it looks like you can only decrypt files/keys generated on your machine, and since you don't have your old installation of windows anymore, i think you're out lof luck :unsure:

Share this post


Link to post
Share on other sites
blik    1

As I said before, could you not use a tool to unformat the partition?

Share this post


Link to post
Share on other sites
John    7

unlikely you'd recover anything because the sectors have already been overwritten...

Share this post


Link to post
Share on other sites
CyberKewl    0

I haven't read this entire thread so i'm not sure if this was already mentioned or not but how about sending your comp to a place that provides data recovery services? They might be able to help. If the data is really important you might want to try that but it's gonna cost you a bit and takes time too.

Share this post


Link to post
Share on other sites
itsnotabigtruck    0

Perhaps you encrypted them on Windows 2000 and didn't realize until you put them on Windows XP, which displays encrypted files in green.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.