My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web: It is possible to decrypt files encrypted with Trojan.Encoder.10465

March 17, 2017

Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465.

Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content:

All your files are encrypted with AESalgorithm!
For decrypt use this instructions: 
Download tor browser
Run tor and go to: http://vejtqvliimdv66dh.onion
Or you can use tor2web services
in log panel enter your id (CRPTksrjghkrkwkrjthkewVM)
follow next instructions
if server is down, try connect later
locker version 3.0.0

The id parameter can assume various values on different infected computers.

If you have fallen victim to this malicious program, follow the recommendations below:

  • do not remove any files from your computer or reinstall the operating system. It is also not recommended to use the infected computer until you get detailed instructions from Doctor Web’s technical support;
  • if you have run an anti-virus scan, do not try to cure or remove the threats that were detected—our technical support specialists may need them during their search for a decryption key;
  • try to remember as much about the circumstances of the infection as possible: this can involve receiving dubious email messages, downloading programs from the Web, or visiting websites;
  • if you have the email message containing the attachment that infected your computer after you opened it, do not remove it—our specialists may need it to identify which version of the Trojan is involved.

To decrypt files corrupted by Trojan.Encoder.10465, use this special service page on the Doctor Web site.

Once again, we would like to point out that our free decryption service is only available to users who have purchased commercial licenses for Dr.Web products. Doctor Web cannot guarantee that all of your files will be decrypted successfully. However, our specialists will do their best to recover the encrypted data.

Use Data Loss Prevention to protect your files from encryption ransomware

More  about encryption ransomware What to do if... Free decryption Category “Encrypt everything”

More about this Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments