1

enter image description here


Hi.I have Microsoft Windows 7 SP1 on my PC. I have an Ubuntu OS near Windows OS. My internet connection has a proxy server from Iran that monitors our networking and filters some of our websites. These days I have used some software about free VPN, SSH+ and SSH that I think I have hacked from those softwares. (psiphon and freegate)


My antivirus software was Microsoft Security Essentials.


Windows default images in Libraries\Pictures have been changes to black image with some text on it: File is encrypted. This file can be decrypted using the program DirtyDesctype.exe. Press CRTL+ALT+D to run DirtyDesctype.exe OR Check the paths (...). I use all of the ways to run DirtyDesctype.exe but I cant find anything. I changed my antivirus from Microsoft Security Essentials to Avira but non can find any virus or unwanted program. Antiviruses reports sad that my system is clean but it isn't. (why?) I created another user on my PC and I have this problem on second user too.


My questions:

  1. What is it?
  2. Why I have this problem?
  3. Where this come from? (My proxy server or those free VPN softwares or any where else)
  4. How can I solve this?
Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • 1
    This has a lot of questions, but the link Deer Hunter offered has all the relevant info for the first 4 questions. The 5th is off topic here. – Rory Alsop Aug 11 '13 at 08:44
  • Re #5, FWIW - [Product recommendations are off-topic throughtout Stack Exchange](http://blog.stackoverflow.com/2010/11/qa-is-hard-lets-go-shopping/). I.e. - the edit doesn't warrant reopening the question. – TildalWave Aug 11 '13 at 09:13
  • Mohammed - also, you don't need to make everything in your question a link. I have edited them all out except the image as they didn't help the question. – Rory Alsop Aug 11 '13 at 09:15
  • Just throwing it out there, Microsoft Security essentials is far from an Anti-Virus... – Steve Kline Jun 11 '16 at 10:52

1 Answers1

0
  1. It is a classic Ransomware.
  2. You have been infected. How? there can be many answers.
  3. It ould be any of the shady websites you visit ;) or a legit website that has been infected
  4. I have mentioned the link below though I am not sure how effective it is as I have not been infected with this thing yet.
  5. What do you mean by "managing internet usage"?

Here's a Blogpost on how to remove it:

Step-by-step guides to uninstall Dirty Decrypt.exe Virus

Manual Removal Guide:

Step 1: Boot up the infected computer, press F8 at the very beginning, choose “Safe Mode with Networking” and press Enter to get in safe mode with networking.

Step 2: Press Ctrl+Alt+Del keys together and stop Dirty Decrypt.exe Virus processes in the Windows Task Manager.

Step 4: Search for all infected files and registry entries and remove them from your computer as follows:

  • %Temp%[RANDOM CHARACTERS].exe
  • C:\Documents and Settings\
  • C:\Users\< Current User >\AppData\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\random
Yuriko
  • 1,478
  • 1
  • 11
  • 23
oldnoob
  • 300
  • 1
  • 3
  • monitoring downloads and uploads, servers that we connected to, unwanted popup pages, auto install softwares, auto run programs and ... –  Aug 11 '13 at 08:04
  • 1
    Buddy the thing is , even if you monitor everything and your computer is running an older version of Java( just an example amongst many other softwares) you will still be hacked . It may not be Ransomware , it might be a exploit kit or something else . For monitoring your network connection you can use "Netstat" amongst many other commercially available softwares . I personally use Mac as host machine and use XP\win 7 as a virtual machine with snapshot . Maybe a Windows user will be able explain to you better – oldnoob Aug 11 '13 at 08:17
  • This problem was from Torch browser that installs with iLivid. –  Sep 24 '13 at 16:50