Bitcoin Forum

Hi. I’ve registered in your community in hope that you’ll help me. My problem is that my wife’s laptop is infected with Odin virus that has encrypted all files. And now it claims for 1.5 BTC for encryption. I tried different tools, antiviruses, guides etc. One thing that had helped me was ShadowExplorer (http://www.shadowexplorer.com/downloads.html (http://www.shadowexplorer.com/downloads.html)) which I found in this site (http://myspybot.com/odin-virus/ (http://myspybot.com/odin-virus/)), and with a help of it I managed to decrypt little bit of files, but not very important. :(
So finally I decided to pay 1.5 BTC for encryption, but I don’t know how, where and when I can buy this crypto currency. So I hope that you can give me some advice's or provide with a link to a step-by-step guide on how to use BTC. ??? ???
And last question – why can’t I pay with my dollar card? What is a reason for them to use Bitcoins? I don’t get it. :-\

There is different reasons why they chose Bitcoin instead of credit cards . Bitcoin is irreversible (your can't chargeback) and untraceable (police won't be able to find them) , It's just a procedure hackers do to make sure they won't be caught.
As for buying Bitcoin then It  really depends where you live and the payments methods you are willing to use honestly. but there is Coinbase , Virwox.com , Circle.com and others. (check them out , they are legit services)

The reason Ransomware viruses use bitcoin is due to the fact that its untraceable and irreversible too.
If you were able to decrypt a bit of the files it should be possible to decrypt all the files too.

I wouldn't pay them unless I had something really important on that machine and all other means to recover the files failed.

Are you suggesting that he gives into the demands of the hackers while there might be other means to recover his files?

I wouldn't pay unless the files are EXTREMELY valuable.  1.5 btc is almost a thousand dollars.  In the worst case where you cannot decrypt those files you could contact the laptop mfg and reload the system from scratch.  Probably an available download for free even and then forensically wipe the disk before installing the new system.  It would only take a few hours to have a fresh new system disk.  If important files are backed up on a flash or external drive those can be copied back easily.  Do NOT connect any removable media to that infected computer.  This is what I do, so if you need a few steps in the process to be outlined, please ask here.

This is genuine re-occuring dream of mine, they've locked up my computer and want all my BTC (having converted my other crypto into BTC moments before)... Always wake up in a cold sweat.

I'll try it.
Thanks for all reply's

I knew someone that had this problem before and they took the computer to a professional to have the computer cleaned up. I think he lost everything that was infected though. I think that's the best thing to do in this situation.

i think i will give the same suggestion to him, because if we don't know anything about computer, better we go to into computer store and ask them to help us to cure the virus. but for a short time i do searching, there are many clue on the search engine that you can use to try it with your self to cure the virus.

maybe you want to look on this links https://www.google.com/search?client=opera&q=how+to+cure+Odin+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

i use the keyword how to cure Odin virus, and i see that there is many website that give the answer but i am not sure, where is the right answer that you need it. better you see by yourself.

Bitcoin is used because it's anonymous and police can't trace the payment.
Try to buy bitcoins at localbitcoins website, my first time buying bitcoins was from that site and cash in hand to reduce the fees.
Ransomware viruses are very annoying and isn't very much to do than paying and pray for they giving the private key to de encrypt.

don't pay, it might even be a modified odin or a downloaded copy and the people have no idea what they are doing, meaning your computer stays that way after paying.  if there is nothing that cannot be replaced on there, put windows on a usb from a friends computer and start over.  make sure that you completely format the drive during install rather than trying to save files.  if your legacy to mankind is on there, say f it and take the thing to best buy.  they are better equipped to deal with and a lot cheaper than 1.5 BTC. 

I'm literally in the process of writing an article explaining ransomware, what it is and how to avoid it - it is running rampant at the moment.

without being insensitive, it is a hell of a concept and nearly impossible to get around.  when properly used it is a menace, apparently the biggest issue at the moment is that the people finding it around the internet are not really coders and do not have the experience to use it right in the first place, meaning that even the people that are breaking down and paying are not getting their PC's back

Yeah I tried to be loving in the article, giving a good 15+ tips on what kind of mindset you need and what to look out for while using the internet. Education on the matter may help save a few people!

yeah, this goes right around normal practices of safety.  used to be that you simply set a restore point in the case of concern and backed to it when there was an issue.  this is a complete shell replace, root kit, you ain't getting in there issue that cannot be "restored" or "rolled back"

I'll chime in with others.

1, don't even bother paying this "ransom" you are just tossing out good $
2, use that $ and buy yourself another computer and try to safeguard it better, not downloading things and sites you visit, anti-virus, different passwords, all sorts of things I don't have the time to list
3, learn to remove the virus yourself/with help from online, malewarebyets is a pretty good site that helps people, I haven't been there in years, but know it exists
4, your computer is already compromised and any files will just compromise a new system.........don't even bother accept the loss, documents and photos should of been printed anyways and not just stored on a pc  :-\

Lastly, sorry this happened to you.  Most people are just assholes and we have to learn how to swim among them.

as a cheaper solution, you don't even have to replace the computer, just the hard drive, those can be pretty cheap.  you may even have another older computer sitting around that has a hard drive you can use.  but, with a new hard drive in place, do not get skippy and try adding the infected drive after the fact and get your files, within seconds of adding that hard drive you will likely be right back here at square one

As I mentioned above this is something I do.  Once this gets behind you learn to make solid sector images of your computer disk.  Its easy and with modern USB speeds you can restore at least a 100 Gig per hour going sector by sector.  Next time (hopefully none) you would simply wipe the disk and then write back a perfectly clean image from backup.  Total restore is almost always under half a day and usually about 2 hours.  FREE too if you had those items at the ready!!

correct me if i am wrong but can't you just format the hard drive instead? it is not physically damaged. the files re just encrypted which you can format and start fresh with an empty HDD.

and to OP, i have seen some progress in breaking the encryption of some types of ransomeware on reddit. maybe you should check it out.

Use the money to buy some good anti virus plans for you and your wife, get a license for hitman pro and install hitman pro alert as well and finally put your wife through cyber security training so this won't happen again.

Paying these people is not the solution, it will just keep happening to people around the world when people fall for their demands.

@OP: IMO, This is the best solution for you if the files cannot be recovered.

There is no guarantee that the hacker will help you gain access to your data after you have paid them.

If the OP wants to recover his files, formatting doesn't solve the problem.
Remember that certain computers have valuable files, and that files can cost more than 1.5 BTC, probably OP is in that situation.
I heard reports that some people pays and is successful, but I believe it's a risk anyway.

As far as I know, they even give good support after paying. It's their core business to make sure everybody knows paying gets you back your files, if they don't deliver, their business model fails.
I've even read about competing cyber criminals, it's big business!

Just a friendly reminder to everybody: make sure you have backups, and make sure your backups are not just on a disk that is connected to the computer.

Are these ransomware makes caught in the past. If so, they might contribute a lot of money to the governments due to the seizure.

so has anyone been affected by this?

i had one pc that i played around with get it, beyond that no.  it was a crypto only pc, windows based, used only to download and run wallets.  one of those alt coin wallets had it attached, no big deal, daily the wallet.dat files synced to the cloud, so i grabbed the backups from the day before the install and only lost a handful of coins.  fast ass virus, lightning quick, none of this one little window here you can't explain, a pop up here that shouldn't be, nope one blink on the windows security notification and then bam, straight to the new shell.  i spent maybe ten minutes tinkering before a restart, just went past the cover threat window to the file directory.  explorer.exe had been changed and replaced a minute before, there was no backup of the original file that i could see. 

most of the files are not actually encrypted, it is key files that make it work.  most files are intact, but robocopy, copy, move, shell, regedit, and a dozen more are renamed and encrypted, something like regedit.mdlck. i did not have a ftp program installed, but i did wonder if that would have been a key, you can definitely get to the file system, just can't move anything.  you can tell that most files are untouched by their properties.  i thought a neat thing to do might be to install something like cuteftp.  after that, rename all the ftp exe's and confs to something else, doesn't matter, just in case odin looks for them.  make a copy of ipconfig and others and put them somewhere renamed.  so, then life goes on, you get hit with odin, pop into the file system and use the ftp command line functions, with network configs if needed and move your important files elsewhere, just a thought

Unfortunately no one can help you to recover it just make this a learning and also remember, dont install untrusted software and definitely dont open weird emails download bad torrents or visit strange websites. Avoid PDF or doc files that could hold back doors.

Avoid any file for that matter.

If you are downloading something cryptographically signed, don't leave it for granted. Verify it.

Check if the website you are downloading files from is the real one

If someone sends you a link, hover your cursor into it. You will see where it will really lead you. If you don't recognise it, check on a redirection site to see if the url redirects you to a malicious site.

never ever pay to the parasites who spread ransomware!
there is 99.9% chance you will not hear from them after you have sent them money
they do not care about the integrity of your files,all they care for is to get your money
I read stories of people who paid them and didn't get the unlocker or the "code" or whatever to unlock the files,I have yet to hear a single one where you pay and you get your files decrypted

people that work behind that virus must be loyal to users, otherwise their clients (which are the victims) don't pay them because of the fear to lose the money for nothing.

hell, i doubt the devs are anywhere near these guys.  It came out, was most likely sold a few times and used many times by the devs and after a few sales, it hit the darkweb and other markets.  Once the virus hit the media, I am sure the devs never touched it again.  And that is if they ever used it for profit, some of these guys are just trying for proof of concept.