Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

I got a virus and my files were infected with Gandcrab

Last week I was trying to download a patcher to pirate the new 2019 versions of creative cloud since the zerocode one was taken down. I ended up getting a virus and erased the hard drive on my PC and reinstalled windows right away. I forgot I had a couple external drives plugged in. The next day I plugged one of them into my Mac to go do some photo editing and I checked finder and half the files on there were infected with Gandcrab version 5.0.4. I got home and the 4 terabyte external drive I had plugged in when I got the virus and it was partially infected as well. I'm planning to try the Gandcrab decrypter from bit defender when that comes out. My questions are is there anything else I can try that may work to decrypt my files and is it even possible since I erased the drive on my PC.  Also if I erased the drives on my PC and Mac again after I hopefully get the files decrypted would those computers be completely virus free and would the external drives be safe to use if I just decrypted them.

IMG_20181126_131911.jpg

Link to comment
Share on other sites

Link to post
Share on other sites

I wouldn't trust your PC to be safe if you decrypt them, once they are decrypted, I'd defenitly do a virus scanner sweep and then reinstall your OS again.

 

Decryption is pretty secure, so there is not much you can do to crack it. There are some decrypter tools that just try a bunch of passcodes, but I don't know what they are called.(Google it, but ask here before trying them, incase of Viruses)

 

Link to comment
Share on other sites

Link to post
Share on other sites

well, turn off the system and wait for a proper fix from for example bitdefender. Grandcrab has the ability to activate itsself with the worse programs

Link to comment
Share on other sites

Link to post
Share on other sites

I don't think there's anything you can do to decrypt your files without a decrypter. So you could just leave it encrypted and wait for bitdefender to release a decrypter, or just give up on the data, back up the not encrypted stuff and format the drive.

Specs: CPU: AMD Ryzen R7 3700X @4.4Ghz, GPU: Gigabyte RX 5700 XT, RAM: 32 GB (2x 8GB Trident Z Royal + 2x 8GB TForce Vulkan Z) @3000Mhz, Motherboard: ASRock B550m Steel Legend, Storage: 1x WD Black 1Tb NVMe (boot) + 1x Samsung 860 QVO 1Tb SSD (storage), Case: Thermaltake Core V21, Cooler: Noctua NH-D15

Link to comment
Share on other sites

Link to post
Share on other sites

Lol

 

Tough luck mate, shouldn't be pirating without knowing how in the first place, google for 'cracks' and what not will 90% of the time lead you to malicious bullshit like this, it's not the correct way to get "genuine pirated stuff".

 

If you're not savvy enough to learn the correct way, just buy the official license, the way it is now I doubt any free solution will manage to decrypt the files and it is highly likely that the system isn't corrupted for good.

Personal Desktop":

CPU: Intel Core i7 8700 @4.45ghz |~| Cooling: Cooler Master Hyper 212X |~| MOBO: Gigabyte Z370M D3H mATX|~| RAM: 16gb DDR4 3333mhzCL16 G.Skill Trident Z |~| GPU: nVidia Founders Edition GTX 1080 Ti |~| PSU: Corsair TX650M 80Plus Gold |~| Boot:  SSD WD Green M.2 2280 240GB |~| Storage: 1x3TB HDD 7200rpm Seagate Barracuda + SanDisk Ultra 3D 1TB |~| Case: Fractal Design Meshify C Mini |~| Display: Toshiba UL7A 4K/60hz |~| OS: Windows 10 Pro.

Luna, the temporary Desktop:

CPU: Intel Core i7 10700KF @ 5.0Ghz (5.1Ghz 4-core) |~| Cooling: bq! Dark Rock 4 Pro |~| MOBO: Gigabyte Z490 UD |~| RAM: 32G Kingston HyperX @ 2666Mhz CL13 |~| GPU: AMD Radeon RX 6800 (Reference) |~| PSU: Corsair HX1000 80+ Platinum |~| Windows Boot Drive: 2x 512GB (1TB total) Plextor SATA SSD (RAID0 volume) |~| Linux Boot Drive: 500GB Kingston A2000 |~| Storage: 4TB WD Black HDD |~| Case: Cooler Master Silencio S600 |~| Display 1 (leftmost): Eizo (unknown model) 1920x1080 IPS @ 60Hz|~| Display 2 (center): BenQ ZOWIE XL2540 1920x1080 TN @ 240Hz |~| Display 3 (rightmost): Wacom Cintiq Pro 24 3840x2160 IPS @ 60Hz 10-bit |~| OS: Windows 10 Pro (games / art) + Linux (distro: NixOS; programming and daily driver)
Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, Mad153 said:

Well,

I guess you should pay for software.

 

Yup I'm in high school and creative cloud is a good chunk of money for me but I'm going to find a way to pay for it and whenever I need to pirate software in the future I'm going to use a VM or an old machine without any drives plugged in.

Link to comment
Share on other sites

Link to post
Share on other sites

31 minutes ago, seppanator1 said:

Last week I was trying to download a patcher to pirate the new 2019 versions of creative cloud

Not trying to be a dick, but I would read the community standards below. It will insure you have a much better experience on these forums.

 

 

Now to your other problem. There is already a solution for decrypting the files.

https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/?cid=ppc|b|google|business_resources&gclid=Cj0KCQiA6JjgBRDbARIsANfu58GuZpT-qOoHw5qpF2JtalzI-DVvm_lmViCe3zlCiBW6sLqoWYOiD3gaAoCqEALw_wcB

 

That being said you will need to make sure you have a good plan in place to scan these drives to remove any thing left over by ganbcrab

 

Actually on second thought you probably do not have the note anymore which means you are pretty much SOL. In that case you will need to wipe your drives or at least tuck them in to cold storage until a solution can be found.

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, AngryBeaver said:

Not trying to be a dick, but I would read the community standards below. It will insure you have a much better experience on these forums.

 

 

Now to your other problem. There is already a solution for decrypting the files.

https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/?cid=ppc|b|google|business_resources&gclid=Cj0KCQiA6JjgBRDbARIsANfu58GuZpT-qOoHw5qpF2JtalzI-DVvm_lmViCe3zlCiBW6sLqoWYOiD3gaAoCqEALw_wcB

 

That being said you will need to make sure you have a good plan in place to scan these drives to remove any thing left over by ganbcrab

 

Actually on second thought you probably do not have the note anymore which means you are pretty much SOL. In that case you will need to wipe your drives or at least tuck them in to cold storage until a solution can be found.

Alright sounds good and just to clarify I think the external drives we're the only ones infected with Gandcrab because originally what happened was I opened rhe and those drives have a couple hundred copies of the note each.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, seppanator1 said:

Alright sounds good and just to clarify I think the external drives we're the only ones infected with Gandcrab because originally what happened was I opened rhe and those drives have a couple hundred copies of the note each.

Sorry I accidentally posted that before I was done typing basically I opened the patch file and a bunch of random crap started downloading to my PC but my files were ok on that before I erased the drive. my external drives seem like the only drives infected with it and have hundreds of copies of the note

Link to comment
Share on other sites

Link to post
Share on other sites

9 minutes ago, seppanator1 said:

Sorry I accidentally posted that before I was done typing basically I opened the patch file and a bunch of random crap started downloading to my PC but my files were ok on that before I erased the drive. my external drives seem like the only drives infected with it and have hundreds of copies of the note

I meant to tell you this, but as you are a student you get about 60% off Creative Cloud. If and when you start in college chances are you will be able to get it for free depending on your program and if not you can get it for generally cheaper than you can adobe.

 

I know that "pirated" programs/games have their appeal, but you have to understand that the same reason these appeal to you also appeal to those that want to take advantage of you. A good deal of these items trigger AV alerts for false-positives in how certain things like CD-Cracks are made so this means people often disregard these alerts making it that much easier to sneak in something malicious.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, AngryBeaver said:

I meant to tell you this, but as you are a student you get about 60% off Creative Cloud. If and when you start in college chances are you will be able to get it for free depending on your program and if not you can get it for generally cheaper than you can adobe.

 

I know that "pirated" programs/games have their appeal, but you have to understand that the same reason these appeal to you also appeal to those that want to take advantage of you. A good deal of these items trigger AV alerts for false-positives in how certain things like CD-Cracks are made so this means people often disregard these alerts making it that much easier to sneak in something malicious.

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, seppanator1 said:

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

You just need to send them a copy of a student ID or Report card. They have the requirements on the site.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, seppanator1 said:

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

image.png.4d64adcb5ae158fb2274dbe7abf74610.png

Link to comment
Share on other sites

Link to post
Share on other sites

Your hard drive is full of black friday fights?  These are the videos you're creating?  

 

If you value your hardware you'll obtain your software legally or else run the risk of malware.  Be safe out there.

"And I'll be damned if I let myself trip from a lesser man's ledge"

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, AngryBeaver said:

image.png.4d64adcb5ae158fb2274dbe7abf74610.png

I have to use my parents card and pay them back since mine is expired but I will give that a try tonight

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, timl132 said:

I wouldn't trust your PC to be safe if you decrypt them, once they are decrypted, I'd defenitly do a virus scanner sweep and then reinstall your OS again.

 

Decryption is pretty secure, so there is not much you can do to crack it. There are some decrypter tools that just try a bunch of passcodes, but I don't know what they are called.(Google it, but ask here before trying them, incase of Viruses)

 

That was kind of my plan. After I decrypt the files (if I even can find a solution that works) I'm going to fully erase the drives for both my PC and Mac then reinstall the OS and all my applications. I'm just wondering if doing that would completely get rid of the virus or is there anything else I would need to do. My main concern is that if there is still a trace of the virus somehow it may spread to other computers on my network or hack my accounts.

 

Link to comment
Share on other sites

Link to post
Share on other sites

  • 2 months later...

Well, I have spotted something that sounds as a solution.   

 

https://myspybot.com/gandcrab-5-1/

 

The first conclusion to be made is that you need to make sure the ransomware is gone for good. Even if you believe you have erased the virus, it might still be lurking somewhere. The second thing to note is that there are solutions like data recovery pro that exploit flaws in ransomware performance to recover files. It is also worth mentioning the ransomware has adavanced to the version 5.1. Perhaps, due to the flaws in the earlier versions! 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×