How do I clean a TeslaCrypt infection using the ESET TeslaCrypt decrypter?

下一個故事

Issue

  • Your personal files became encrypted and the following information may be displayed in your computer, or in a .txt, .html or .png file

Figure 1-1


  • Your ESET product detects the infection Win32/Filecoder.TeslaCrypt 
  • How to decrypt your files using the ESETTeslaCryptDecryptor.exe tool

  

Detail

 

Win32/Filecoder.TeslaCrypt is a trojan that encrypts files on local drives. To decrypt files, the user is asked to send information/certain amount of money via the Bitcoin payment service.

 

Solution

  1. Download the ESETTeslaCryptDecryptor.exe tool and save the file to your Desktop.
     
  2. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
    • Windows 8 / 8.1 / 10 users: press the Windows key + to search for applications, typeCommand prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
       
  3. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
     
  4. Type the command ESETTeslaCryptDecryptor.exe and press Enter.
     
  5. Read and agree to the end-user license agreement.
     
  6. Type ESETTeslaCryptDecryptor.exe C: and press Enter to scan the C drive. Files encryped by TeslaCrypt V.3 and V.4 will automatically be decrypted. To scan a different drive replace C: with the appropriate drive letter.

TeslaCryptDecryptor Switches
In most cases, running the decryptor tool as shown in step 6 is the best choice. If you are familiar using command line switches, you can make use of the following switches available for the TeslaCryptDecryptor tool:

  • /s— run the tool in silent mode
  • /f —run the tool in forced mode
  • /d —run the tool in debug mode
  • /n —only list files for cleaning (files will not automatically be decrypted)
  • /h or /?— show usage
  1. The TeslaCrypt cleaner tool will run and the message "Looking for infected files..." will be displayed. If an infection is discovered, follow the prompts from the TeslaCrypt cleaner to clean your system.

Figure 1-2
Click the image to view larger in new window

 

Need Personalized Assistance in North America?
If you're not already an ESET customer, ESET Support Services are available to clean, optimize and secure your system. Call 866-944-3738 or click to schedule an appointment with ESET Support Services today!