0
(0)

Issue

  • Your personal files became encrypted and the following information may be displayed in your computer, or in a .txt, .html or .png file

Figure 1-1

  • Your ESET product detects the infection Win32/Filecoder.TeslaCrypt
  • How to decrypt your files using the ESETTeslaCryptDecryptor.exe tool

Details

Win32/Filecoder.TeslaCrypt is a trojan that encrypts files on local drives. To decrypt files, the user is asked to send information/certain amount of money via the Bitcoin payment service.

  • Win32/Filecoder.TeslaCrypt threat description on virusradar.com
  • TeslaCrypt analysis on welivesecurity.com
  • TeslaCrypt on Wikipedia

Solution

NOTE:

We do not recommend running the decryptor on files located on USB flash drives.

  1. Download the ESETTeslaCryptDecryptor.exe tool and save the file to your Desktop.
  2. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
    • Windows 8 / 8.1 / 10 users: press the Windows key + to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
  3. Type the command cd %userprofile%\Desktop (do not replace “userprofile” with your username–type the command exactly as shown) and then press Enter.
  4. Type the command ESETTeslaCryptDecryptor.exe and press Enter.
  5. Read and agree to the end-user license agreement.
  6. Type ESETTeslaCryptDecryptor.exe C: and press Enter to scan the C drive. Files encryped by TeslaCrypt V.3 and V.4 will automatically be decrypted. To scan a different drive replace C: with the appropriate drive letter.

TeslaCryptDecryptor Switches

In most cases, running the decryptor tool as shown in step 6 is the best choice. If you are familiar using command line switches, you can make use of the following switches available for the TeslaCryptDecryptor tool:

  • /s— run the tool in silent mode
  • /f —run the tool in forced mode
  • /d —run the tool in debug mode
  • /n —only list files for cleaning (files will not automatically be decrypted)
  • /h or /?— show usage
  1. The TeslaCrypt cleaner tool will run and the message “Looking for infected files…” will be displayed. If an infection is discovered, follow the prompts from the TeslaCrypt cleaner to clean your system.

Figure 1-2
Click the image to view larger in new window

Need Assistance in North America?

If you are a North American ESET customer and need assistance, visit helpus.eset.com to chat with a live technician, view product documentation or schedule a consultation with an ESET Home Advisor.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 24 times, 1 visits today)