0
(0)

The Virus.Win32.Gpcode.ak malware encrypts user files of various formats, such as DOC, TXT, PDF, XLS, JPG, PNG, CPP. To recover files that have been encrypted by Virus.Win32.Gpcode.ak, use the PhotoRec tool.

To avoid infection:

 

How to recover files using the PhotoRec tool

To recover files you will need an external storage drive, such as a USB drive.

  1. Download the TestDisk archive from the vendor’s website and extract the files.
  2. Save the extracted files to the external storage.
  3. Connect the external storage to the infected PC.
  4. Open the folder with the saved files and run photorec_win.exe.

Starting the PhotoRec utility

  1. Select the disk the tool is saved on. Press Enter.

Selecting the disk with the PhotoRec tool

  1. Select the disk partition to scan. Press Enter on the keyboard. If the disk has multiple partitions, repeat this step for each one.

Selecting a disk partition in the PhotoRec tool

  1. Select the file system type. Press Enter on the keyboard.

Selecting a file system type in the PhotoRec tool

  1. Select the disk space to scan for encrypted files. Press Enter on the keyboard.

Selecting disk space in the PhotoRec tool

  1. Specify the folder in which to save the decrypted files.
    1. Go to the root folder. To do so, select the “…” folder twice.

      Going to the root folder in the PhotoRec tool

    2. Select the external storage drive.
    3. Create a folder on the external storage drive in which to save the decrypted files. Name it, for example, Recovered.
    4. Select the Recovered folder.

      Selecting a folder for saving recovered files in the PhotoRec tool

    5. Press Y on the keyboard.
  2. Wait until the scan has completed.

The decrypted files will be saved on the external storage drive in the specified folder under names such as t*.jpg or t*.txt.

Results of the PhotoRec tool scan

 

How to rename and sort decrypted files

Using the StopGpcode tool, you can rename and sort decrypted files:

  1. Download the StopGpcode tool and save it to an external storage drive.
  2. Connect the external storage to the infected PC.
  3. Open the command line.
  4. Run the command:
<path to tool>/stopgpcode.exe -r <decrpyted files> -i <encrypted files> -o <files with recovered names>

Where:

  • -r <decrypted files> — path to the folder containing the files decrypted by the PhotoRec tool
  • -i <encrypted files> — path to the disk or folder containing the encrypted files
  • -o <files with recovered names> — path to the folder where the files with recovered names will be saved

The tool will collate the sizes of the decrypted and encrypted files and save to the folder:

  • “Sorted” decrypted files with recovered names, copying the original folder structures.
  • “Conflicted” decrypted files without recovered names.
For more information about the Kaspersky protection technologies for defending against file-encrypting malware, see the TechnoWiki.
Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 28 times, 1 visits today)