TorrentLocker Ransomware Cracked and Decrypter has been made

If you have been infected with TorrentLocker in the last 24-48 hours, Please PM me ASAP. 

Thank you.

Hi Nathan,

One of our file servers has been infected since 25th Sep. I tried your earlier tool but failed. Please help.

Thanks

Prad

If you have been infected with TorrentLocker in the last 24-48 hours, Please PM me ASAP. 

 

Thank you.

Hi Nathan,

One of our file servers has been infected since 25th Sep. I tried your earlier tool but failed. Please help.

Thanks

Prad

Edited by JaneDoe111, 02 October 2014 - 06:43 AM.

Hi all

I've been reading this all day and night

We got the virus 2 days ago, I was able to remove the virus files using malwares and spybot OK, but the files are still encrypted, my brother says he has few years worth of data that has been hit, we are a small IT shop here in a local town and this virus is just starting to make its rounds.

this is the one we have

WARNING

We have encrypted your files with CryptoLocker virus

 

Any help would be great, I did try the one on this link http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/

it finds the key OK but when I view file to see if it worked it tells me it cant open.

cheers Karl

Edited by karlfk, 02 October 2014 - 10:48 PM.

I'm trying to decrypt files as well and it looks like the same situation as the post above. The program gets the key and I decrypt a file but it does not open. The ransom page looks the same as above as well.

I have all the malware logs and so on if any one needs to them to figure out whats going on, we have tried about 6 different programs including a pyton script which didn't work, i would like to be able to fix this for my brother since I'm working for him as the leading IT in the shop, it would have to be one of the worse ones I have seen yet to date

cheers Karl

 

Malwarebytes Anti-Malware 1.65.1.1000


 v2014.10.02.02

Windows XP Service Pack 3 x86 NTFS
 8.0.6001.18702
tanya :: ACCOUNTS

2/10/2014 10:10:35 AM
mbam-log-2014-10-02 (10-10-35).txt

  (C:\|)
 
 
 743407
 4 , 57 ,

 0


 0


 0


 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|215797616 (Trojan.Ransom.ED) ->  C:\DOCUME~1\ALLUSE~1\msffz.exe ->
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yfygojur (Trojan.Agent.ED) ->  C:\WINDOWS\afewalfj.exe ->
HKCU\Control Panel\Desktop|SCRNSAVE.EXE (Trojan.Agent.EV) ->  "C:\Documents and Settings\tanya.KNIGHTLINE.000\Application Data\Microsoft\Windows\IEUpdate\asr_fmt.exe" ->
HKCU\Software\Microsoft\Command Processor|AutoRun (Hijack.Autorun) ->  "C:\Documents and Settings\tanya.KNIGHTLINE.000\Application Data\Microsoft\Windows\IEUpdate\asr_fmt.exe" ->
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|Run (Trojan.Agent) ->  "C:\Documents and Settings\tanya.KNIGHTLINE.000\Application Data\Microsoft\Windows\IEUpdate\asr_fmt.exe" ->

 0


 1
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) ->

 9
C:\Documents and Settings\All Users\msffz.exe (Trojan.Ransom.ED) ->
C:\WINDOWS\afewalfj.exe (Trojan.Agent.ED) ->
C:\Documents and Settings\All Users\Application Data\usyrunywumatusiq\01000000 (Trojan.Agent.ED) ->
C:\Documents and Settings\tanya.KNIGHTLINE.000\Local Settings\Temp\KB1342057296.exe (Trojan.Agent.ED) ->
C:\Documents and Settings\tanya.KNIGHTLINE.000\Local Settings\Temp\KB1346935468.exe (Trojan.Agent.ED) ->
C:\Documents and Settings\tanya.KNIGHTLINE.000\Local Settings\Temp\KB1347482843.exe (Trojan.Agent.ED) ->
C:\Documents and Settings\tanya.KNIGHTLINE.000\Local Settings\Temporary Internet Files\Content.IE5\2XI7QDGA\ubanner[1].png (Trojan.Zemot) ->
C:\Program Files\Samsung\Samsung CLP-300 Series\Install\data\Ssopen.exe (Trojan.FakePDF) ->
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) ->

 

cheers Karl

Here a couple of images

And the result of the PDF I'm trying to decypt

Nathan, have you had any luck? I too have tried everything and got nowhere. Was infected on the 25th Sept, And demand has now gone up to 2 bit coins. Would happily pay you for a solution. Best, Tim

I appear to have torrentlocker on a clients pc, ran the decrypter you made which seems to work for files over 2mb but I seem to have the error you mentioned with the smaller files.  Is there an automated way to try and recover those corrupted 4-8 bits or it a manual process only? (I ask because there's around 19000 small pdf files and therefore manually doing them all is gonna be a pain)

Hi to everybody , this is my first post : I am from Italy  and I thank you all for admission.  Sorry for my English ...

My customer ( I am a programmer)  got the Torrent Locker (Cryptolocker)  on 8th of October  which  destroyed   (.encrypted) all the files  (4 months of work , it's a small company)  and even the backup disk that was accidentally  logged on at that moment ! (XP , no backups) .

I realized  by reading your forums  it' s the release of virus that  crypts 'only'  the first two MB of the file. The program of Mr. Nathan (TorrentUnlocker) seems to find the key (I have one original file)  but the key is not  good to restore any of the files , large or small. Is there a possibility to post en example to your site ?  Thanks in advance    Marina

Hi Nathan,

My computer was also affected by TorrentLocker on 8 Oct through an 'Undelivered Package' mail. I've experienced the same outcome as the previous posts. I managed to find same original files from my backups that are more than 2MB and tried them on the Torrent Unlocker, all were able to generate the decrypt keys. However, when I did a test on the other affected files, they failed.

I've ran out of big original files to try out. Please help.......

Yes, The idea is that because of the previous sites that wanted to share the glitch with the whole internet, the virus creator has now patched it. Which means newer infections from this variant will not be able to use my tool.

 

If anyone has the dropper or the EXE, please submit it to:

http://www.bleepingcomputer.com/submit-malware.php

 

And i will see if the fix can be updated.

Uploaded Filecoder.Dm.gen.rar everything i collected from a few infections.

Thank you for the opportunity that is vital for us . I tried to post several files but I got an error.  please tell me if you received them .

Marina