ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

How to decrypt the files/documents that are encrypted by locky virus/spyware?

user-image
تم إضافة السؤال من قبل Aadil Dedmari , IT Administrator & Programmer , Saudi Rubber Products Co.
تاريخ النشر: 2016/03/20
Muhammad adnan Qumar
من قبل Muhammad adnan Qumar , IT engineer , Synopsis Solutions Ltd

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the Ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.
  • Navigate to your %appdata%/roaming folder and delete the executable.
  • Then open your Windows Registry Editor and navigate to

HKEY_LOCAL_MACHINE\\Software\\Locky\\id HKEY_CURRENT_USER\\Software\\Locky\\pubkey HKEY_CURRENT_USER\\Software\\Locky\\paytext HKEY_CURRENT_USER\\Software\\Locky\\completed

The virus temporary creates an “svchost.exe” process with the Description “svchost.exe”. When the encryption of your files finishes it deletes itself from the system.

Remove CryptoLocker virus with Malwarebytes Anti-Malware Free

Emad Mohammed said abdalla
من قبل Emad Mohammed said abdalla , ERP & IT Software, operation general manager . , AL DOHA Company

i fully agree with the answers been added by experts..........thanks.

zakarya manchar
من قبل zakarya manchar , maintenance technician , المجمع الصناعي لاسمنت الجزائر

Take the drive to a data recovery specialist who should be able to use a hardware solution such as (Salvation Data) to remove the password or in the least be able to perform an extensive/intensive forward/reverse scan of your drive to recover the data.

Nikhil Agrawal
من قبل Nikhil Agrawal , Information Security Engineer , NT Global Solutions

Malwarebytes and HitmanPro can detect and remove this infection, but these programs cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.

Ahmed Mohamed Ayesh Sarkhi
من قبل Ahmed Mohamed Ayesh Sarkhi , Shared Services Supervisor , Saudi Musheera Co. Ltd.

agree with answer given by mr. Muhammad adnan Qumar 

 

المزيد من الأسئلة المماثلة