You're in: Panda Security > Home Users > Support > Product Knowledge Base

Rate us
What kind of help do you need?
(Examples:“Panda Security installation”, “I want to contact Panda”)
Print
Panda Premium Assistance

How to restore files encrypted by virus Trj.Dapato.b

Information applies to:

Products
Todos los productos

Symptoms

My computer has been infected by one of the FBI Moneypak virus variants, detected by Panda as Trj.Dapato.b, and now, every time I open a .doc, .xls, .jpg or .pdf file, a webpage stating that all my files have been encrypted is displayed instead. What´s more, a payment is required to solve the problem.

Example of encrypted file: filename.doc.html

FBI Moneypak Dapato Virus 1

Solution

Panda Security has developed a tool to decrypt these files.

Follow the instructions below:

  1. Download the Panda Dapato Decryptor tool.

  2. Make sure that you have enough free space on your disk to decrypt all the files.
    Bear in mind that Panda Dapato Decryptor will generate the corresponding decrypted file but will not remove from the system its encrypted version.
    Alternatively, if there is not enough free space in the C:\ drive, you can copy the encrypted files to an external disk and connect it to the affected machine to run the Panda Dapato Decryptor tool.
  3. If you do have enough space, run the downloaded Panda Dapato Decryptor tool in the affected machine.
  4. A command-line window displaying the progress will be shown. This process can take several hours to be completed, so it is important not to close this window during this time.
  5. When the process is finished, a message advising that the files have been decrypted will be shown.

    FBI Moneypak Dapato Virus 2
  6. Accept the message.

Afterwards, once you make sure the decrypted file works fine, locate its encrypted version, i.e, filename.doc.html and remove it.

Help nº- 20131017 1677 EN
survey

Help us improve our service by letting us know your opinion.

Your suggestions will help to resolve your questions more quickly and effectively.

Have you resolved your query with this article? YES NO Thanks for your answer

How would you improve this article?

Do you want to contact TechSupport?