My computer has been infected by one of the FBI Moneypak virus variants, detected by Panda as Trj.Dapato.b, and now, every time I open a .doc, .xls, .jpg or .pdf file, a webpage stating that all my files have been encrypted is displayed instead. What's more, a payment is required to solve the problem.
Example of encrypted file: filename.doc.html
Panda Security has developed a tool to decrypt these files.
Follow the instructions below:
- Download the Panda Dapato Decryptor tool.
- Make sure that you have enough free space on your disk to decrypt all the files.
Bear in mind that Panda Dapato Decryptor will generate the corresponding decrypted file but will not remove from the system its encrypted version.
Alternatively, if there is not enough free space in the C:\ drive, you can copy the encrypted files to an external disk and connect it to the affected machine to run the Panda Dapato Decryptor tool.
- If you do have enough space, run the downloaded Panda Dapato Decryptor tool in the affected machine.
- A command-line window displaying the progress will be shown. This process can take several hours to be completed, so it is important not to close this window during this time.
- When the process is finished, a message advising that the files have been decrypted will be shown.
- Accept the message.
Afterwards, once you make sure the decrypted file works fine, locate its encrypted version, i.e, filename.doc.html and remove it.