I got a virus and my files were infected with Gandcrab

[seppanator1]

Last week I was trying to download a patcher to pirate the new 2019 versions of creative cloud since the zerocode one was taken down. I ended up getting a virus and erased the hard drive on my PC and reinstalled windows right away. I forgot I had a couple external drives plugged in. The next day I plugged one of them into my Mac to go do some photo editing and I checked finder and half the files on there were infected with Gandcrab version 5.0.4. I got home and the 4 terabyte external drive I had plugged in when I got the virus and it was partially infected as well. I'm planning to try the Gandcrab decrypter from bit defender when that comes out. My questions are is there anything else I can try that may work to decrypt my files and is it even possible since I erased the drive on my PC.  Also if I erased the drives on my PC and Mac again after I hopefully get the files decrypted would those computers be completely virus free and would the external drives be safe to use if I just decrypted them.

[KuJoe]

Walk the plank.

[Mad153]

Well,

I guess you should pay for software.

 

[Guest]

I wouldn't trust your PC to be safe if you decrypt them, once they are decrypted, I'd defenitly do a virus scanner sweep and then reinstall your OS again.

 

Decryption is pretty secure, so there is not much you can do to crack it. There are some decrypter tools that just try a bunch of passcodes, but I don't know what they are called.(Google it, but ask here before trying them, incase of Viruses)

 

[LukeSavenije]

well, turn off the system and wait for a proper fix from for example bitdefender. Grandcrab has the ability to activate itsself with the worse programs

[Adorable Cat]

I don't think there's anything you can do to decrypt your files without a decrypter. So you could just leave it encrypted and wait for bitdefender to release a decrypter, or just give up on the data, back up the not encrypted stuff and format the drive.

[Princess Luna]

Lol

 

Tough luck mate, shouldn't be pirating without knowing how in the first place, google for 'cracks' and what not will 90% of the time lead you to malicious bullshit like this, it's not the correct way to get "genuine pirated stuff".

 

If you're not savvy enough to learn the correct way, just buy the official license, the way it is now I doubt any free solution will manage to decrypt the files and it is highly likely that the system isn't corrupted for good.

[seppanator1]

5 minutes ago, Mad153 said:

Well,

I guess you should pay for software.

 

Yup I'm in high school and creative cloud is a good chunk of money for me but I'm going to find a way to pay for it and whenever I need to pirate software in the future I'm going to use a VM or an old machine without any drives plugged in.

[AngryBeaver]

31 minutes ago, seppanator1 said:

Last week I was trying to download a patcher to pirate the new 2019 versions of creative cloud

Not trying to be a dick, but I would read the community standards below. It will insure you have a much better experience on these forums.

 

 

Now to your other problem. There is already a solution for decrypting the files.

https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/?cid=ppc|b|google|business_resources&gclid=Cj0KCQiA6JjgBRDbARIsANfu58GuZpT-qOoHw5qpF2JtalzI-DVvm_lmViCe3zlCiBW6sLqoWYOiD3gaAoCqEALw_wcB

 

That being said you will need to make sure you have a good plan in place to scan these drives to remove any thing left over by ganbcrab

 

Actually on second thought you probably do not have the note anymore which means you are pretty much SOL. In that case you will need to wipe your drives or at least tuck them in to cold storage until a solution can be found.

[seppanator1]

7 minutes ago, AngryBeaver said:

Not trying to be a dick, but I would read the community standards below. It will insure you have a much better experience on these forums.

 

 

Now to your other problem. There is already a solution for decrypting the files.

https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/?cid=ppc|b|google|business_resources&gclid=Cj0KCQiA6JjgBRDbARIsANfu58GuZpT-qOoHw5qpF2JtalzI-DVvm_lmViCe3zlCiBW6sLqoWYOiD3gaAoCqEALw_wcB

 

That being said you will need to make sure you have a good plan in place to scan these drives to remove any thing left over by ganbcrab

 

Actually on second thought you probably do not have the note anymore which means you are pretty much SOL. In that case you will need to wipe your drives or at least tuck them in to cold storage until a solution can be found.

Alright sounds good and just to clarify I think the external drives we're the only ones infected with Gandcrab because originally what happened was I opened rhe and those drives have a couple hundred copies of the note each.

[seppanator1]

Just now, seppanator1 said:

Alright sounds good and just to clarify I think the external drives we're the only ones infected with Gandcrab because originally what happened was I opened rhe and those drives have a couple hundred copies of the note each.

Sorry I accidentally posted that before I was done typing basically I opened the patch file and a bunch of random crap started downloading to my PC but my files were ok on that before I erased the drive. my external drives seem like the only drives infected with it and have hundreds of copies of the note

[AngryBeaver]

9 minutes ago, seppanator1 said:

Sorry I accidentally posted that before I was done typing basically I opened the patch file and a bunch of random crap started downloading to my PC but my files were ok on that before I erased the drive. my external drives seem like the only drives infected with it and have hundreds of copies of the note

I meant to tell you this, but as you are a student you get about 60% off Creative Cloud. If and when you start in college chances are you will be able to get it for free depending on your program and if not you can get it for generally cheaper than you can adobe.

 

I know that "pirated" programs/games have their appeal, but you have to understand that the same reason these appeal to you also appeal to those that want to take advantage of you. A good deal of these items trigger AV alerts for false-positives in how certain things like CD-Cracks are made so this means people often disregard these alerts making it that much easier to sneak in something malicious.

[seppanator1]

1 minute ago, AngryBeaver said:

I meant to tell you this, but as you are a student you get about 60% off Creative Cloud. If and when you start in college chances are you will be able to get it for free depending on your program and if not you can get it for generally cheaper than you can adobe.

 

I know that "pirated" programs/games have their appeal, but you have to understand that the same reason these appeal to you also appeal to those that want to take advantage of you. A good deal of these items trigger AV alerts for false-positives in how certain things like CD-Cracks are made so this means people often disregard these alerts making it that much easier to sneak in something malicious.

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

[AngryBeaver]

Just now, seppanator1 said:

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

You just need to send them a copy of a student ID or Report card. They have the requirements on the site.

[AngryBeaver]

2 minutes ago, seppanator1 said:

I've tried to get the student version but I don't think I'm eligible and as of now I'm not planning on going to college.

[Velcade]

Your hard drive is full of black friday fights?  These are the videos you're creating?  

 

If you value your hardware you'll obtain your software legally or else run the risk of malware.  Be safe out there.

[seppanator1]

4 minutes ago, AngryBeaver said:

I have to use my parents card and pay them back since mine is expired but I will give that a try tonight

[seppanator1]

2 hours ago, timl132 said:

I wouldn't trust your PC to be safe if you decrypt them, once they are decrypted, I'd defenitly do a virus scanner sweep and then reinstall your OS again.

 

Decryption is pretty secure, so there is not much you can do to crack it. There are some decrypter tools that just try a bunch of passcodes, but I don't know what they are called.(Google it, but ask here before trying them, incase of Viruses)

 

That was kind of my plan. After I decrypt the files (if I even can find a solution that works) I'm going to fully erase the drives for both my PC and Mac then reinstall the OS and all my applications. I'm just wondering if doing that would completely get rid of the virus or is there anything else I would need to do. My main concern is that if there is still a trace of the virus somehow it may spread to other computers on my network or hack my accounts.

 

[yegoo]

Well, I have spotted something that sounds as a solution.   

 

https://myspybot.com/gandcrab-5-1/

 

The first conclusion to be made is that you need to make sure the ransomware is gone for good. Even if you believe you have erased the virus, it might still be lurking somewhere. The second thing to note is that there are solutions like data recovery pro that exploit flaws in ransomware performance to recover files. It is also worth mentioning the ransomware has adavanced to the version 5.1. Perhaps, due to the flaws in the earlier versions!