[CodeAddiction]

Hello,

I have .pdf files infected with Random Trojan. The files have the file extension .ENCODED.

How do I 'clean' or 'decode' these files so I can use them again? I have tried antivirus with no success and also tried the latest Kaspersky Rector Decryptor tool without success.

Regards.

[Eric_71]

Hello,

you can not decrypt the files, the only way is to use backups.

http://www.securelist.com/en/blog/6165/ ... rikes_back

[Xylitol]

Same response as Eric_71, i guess by ransomware who use the file extension ".ENCODED" you mean Trojan-Ransom.Win32.Gpcode.ax or Trojan-Ransom.Win32.Gpcode.bn

Encryption used by the malware is really too strong. (for the moment)
Here are some links, hope that can help you to recovers datas:
How To Use Backup and Restore in Windows 7: http://www.howtogeek.com/howto/1838/usi ... windows-7/
How To Use Backup and Restore in WindowsXP: http://system.cs.technion.ac.il/BackUp/ ... dowsXP.htm

For Gpcode.ak, Kaspersky have found a way for recover files: http://support.kaspersky.com/faq/?qid=208279822
That not for your case (the infection use the file extension '._CRYPT' & it was from 2008, in the 2010 or 2011 version that will not recover datas, gpcode work differently now.)

[CodeAddiction]

Thank you for your responses.

How about some type of password crack software using Brute Force?

[Eric_71]

Your files are encrypted with 256 bit AES key, this key is encrypted using an RSA 1024

Only the 1024 bit RSA private key can decrypt the AES key, if you have a few years you can try the brute force ..

[CodeAddiction]

Thanks.

I think I'll try recovery software instead.

[peet]

If the file is protected by an AES256 key, it is almost hopeless.

http://www.cryptool.org/ has an option to manually enter and try 1 AES256 key each time, in hex format. It is not automated, it's an educational tool. It shows the inner workings. Since you do not know the key, it will take years to try out all possible options - even with a high speed cracker.

If the PDF file is encrypted by some other encryption system, it can be easy to impossible. Some systems are really easy, like the XOR with the character 4B.

PDF password crackers try to find the password of a PDF file which is encoded with the PDF tool itself. Depending on the cipher, it can be fairly quick to break it. It does not show the key of an external encryption app which coded your PDF file.

[CodeAddiction]

Thanks, peet.

I'm going to try recovery software with a deep scan. I just haven't had the time to do it yet.

[umerali]

Hello,

I have .pdf files infected with Random Trojan. The files have the file extension .ENCODED.

How do I 'clean' or 'decode' these files so I can use them again? I have tried antivirus with no success and also tried the latest Kaspersky Rector Decryptor tool without success.

Regards.

In this case you can anyone can use Advanced PDF Repair(APDFR) a very powerful software to repair or recover PDF files.