Scribd
Upload
98 views

How To Use The Emsisoft Decrypter For Jsworm 2.0

1. The document provides instructions for using the Emsisoft Decrypter to decrypt files encrypted by the JSWorm 2.0 malware. 2. It notes that the malware must first be removed from the system before decrypting files to prevent reinfection. 3. The decrypter requires access to the ransom note file typically called "JSWORM-DECRYPT.txt" and walks through downloading and running the decrypter program to select the ransom note and start decrypting files.

Uploaded by

Bavuugardi Ganbold
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
98 views

How To Use The Emsisoft Decrypter For Jsworm 2.0

1. The document provides instructions for using the Emsisoft Decrypter to decrypt files encrypted by the JSWorm 2.0 malware. 2. It notes that the malware must first be removed from the system before decrypting files to prevent reinfection. 3. The decrypter requires access to the ransom note file typically called "JSWORM-DECRYPT.txt" and walks through downloading and running the decrypter program to select the ransom note and start decrypting files.

Uploaded by

Bavuugardi Ganbold
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

How to use the Emsisoft Decrypter

for JSWorm 2.0


IMPORTANT! Make sure you remove the malware from your system first, otherwise it will
repeatedly lock your system or encrypt files. If your current antivirus solution fails to delete the
malware, it can be removed using the free trial version of Emsisoft Anti-Malware. If your system
was compromised through the Windows Remote Desktop feature, we also recommend changing
all passwords of all users that are allowed to login remotely and check the local user accounts for
additional accounts the attacker might have added.

The decrypter requires access to a ransom note left by the malware, typically called “JSWORM-
DECRYPT.txt”

How to decrypt your files


1. Download the decrypter from the same site that provided this “How To” document.

2. Run the decrypter as an administrator. The license terms will show up, which you must agree to
by clicking the “Yes” button:

EMSISOFT www.emsisoft.com Page 1 / 4


3. After accepting the terms, select a ransom note by clicking the “Browse” button. Then click the
“Start” button.

4. The decrypter will display the reconstructed encryption details once the recovery process has
finished. The display is purely informational to confirm that the required encryption details have
been found:

EMSISOFT www.emsisoft.com Page 2 / 4


5. Once a key is found, click “OK” to open the primary decrypter user interface:

6. By default, the decrypter will pre-populate the locations to decrypt with the currently connected
drives and network drives. Additional locations can be added using the “Add” button.

7. Decrypters typically offer various options depending on the particular malware family. The
available options are located in the Options tab and can be enabled or disabled there. You can
find a detailed list of the available Options below.

EMSISOFT www.emsisoft.com Page 3 / 4


8. After you have added all the locations you want to decrypt to the list, click the “Decrypt” button
to start the decryption process. The screen will switch to a status view, informing you about the
current process and decryption status of your files:

9. The decrypter will inform you once the decryption process is finished. If you require the report
for your personal records, you can save it by clicking the “Save log” button. You can also copy it
straight to your clipboard to paste it into emails or forum posts if you are asked to.

Available decrypter options


The decrypter currently implements the following options:

 Keep encrypted files


Since the ransomware does not save any information about the unencrypted files, the decrypter
can’t guarantee that the decrypted data is identical to the one that was previously encrypted.
Therefore, the decrypter by default will opt on the side of caution and not remove any
encrypted files after they have been decrypted. If you want the decrypter to remove any
encrypted files after they have been processed, you can disable this option. Doing so may be
necessary if your disk space is limited.

EMSISOFT www.emsisoft.com Page 4 / 4

You might also like