Windows – Most of the files in the Windows 8 got encrypted; Windows is still running

malwareviruswindows

Around 90% files of my files, including *.doc, *.jpg,
got converted into *.micro!

There are two files left:

  • help_recover_instructions+iyf.html
  • help_recover_instructions+iyf.txt

These files say:

*What happened to your files?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption RSA-4096 can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean?
This means that the structure and data within your files
have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever,
but with our help, you can restore them.

How did this happen?
Especially for you, on our server was generated the secret keypair RSA-4096
– public and private.
All your files were encrypted with the public key,
which has been transferred to your computer via the Internet.
Decrypting of YOUR FILES is only possible with the help
of the private key and decrypt program, which is on our Secret Server!!!

What do I do?
Alas, if you do not take the necessary measures for the specified time
then the conditions for obtaining the private key will be changed.
If you really need your data,
then we suggest you do not waste valuable time searching for other solutions because they do not exist.

Does anyone know what is going on?

Best Answer

This is a very nasty virus category, known as Ransomware. There is further information on it here.

The bad news is that the encryption used is realistically uncrackable. If you don't have backups, there is not a lot you can really do. The virus will demand payment to decrypt your files, which, lets face it, they may not do and may just take the money and run. There is no other way to decrypt it without the exact keys they provide. Paying the ransom is the only chance you would have to get the data back without backups, but if they don't comply after payment, you have no action of recourse and have just lost your files and your money.

The instructions above detail how to remove the virus, however, it is likely too late for your data. You can try the following as a last resort if you don't have backups (Remove the virus first using the above link, or it may just re-encrypt them):

There is only one known way to remove this virus successfully, barring actually giving in the to the demands of the people who created the virus – reversing your files to a time when they were not infected.

There are two options you have for this:

The first is to do a full system restore. This can take care of the file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.

Your second option is a program called Shadow Volume Copies.

Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.

Related Question