Issue
- Your personal files became encrypted and the following information may be displayed in your computer, or in a .txt, .html or .png file
Figure 1-1
- Your ESET product detects the infection Win32/Filecoder.TeslaCrypt
- How to decrypt your files using the ESETTeslaCryptDecryptor.exe tool
Detail
Win32/Filecoder.TeslaCrypt is a trojan that encrypts files on local drives. To decrypt files, the user is asked to send information/certain amount of money via the Bitcoin payment service.
Solution
- Download the ESETTeslaCryptDecryptor.exe tool and save the file to your Desktop.
- Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
- Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, typeCommand prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
- Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, typeCommand prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
- Type the command
cd %userprofile%\Desktop
(do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
- Type the command
ESETTeslaCryptDecryptor.exe
and press Enter.
- Read and agree to the end-user license agreement.
- Type
ESETTeslaCryptDecryptor.exe C:
and press Enter to scan the C drive. Files encryped by TeslaCrypt V.3 and V.4 will automatically be decrypted. To scan a different drive replaceC:
with the appropriate drive letter.
- The TeslaCrypt cleaner tool will run and the message "Looking for infected files..." will be displayed. If an infection is discovered, follow the prompts from the TeslaCrypt cleaner to clean your system.
Figure 1-2
Click the image to view larger in new window