Question

PLEASE HELP!!! Files encrypted with extension ".dlahovy"

Hi everyone,

My files recently become encrypted with file extension ".dlahovy" after I download some software. I tried the RansomwareFileDecryptor 1.0.0.1668 from Trend Micro, as well as some other recently released decrypting tools without success. Has anyone encountered this before? A solution would be much appreciated. Thanks!

Here's one of my encrypted files:
https://drive.google.com/file/d/1ZITYgJ8q-twWjDwAz-AzeI7TG3yJZH_U/view?usp=sharing

Tinyspook

Discussion is locked
Answer
Follow
Reply to: PLEASE HELP!!! Files encrypted with extension ".dlahovy"
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: PLEASE HELP!!! Files encrypted with extension ".dlahovy"
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
To help others avoid this.

What did you do Ray? (Ghostbusters nod)

Help others avoid this by sharing your troubles.

- Collapse -
Answer
Here, We Wipe The Drive and Use Backup Recovery Steps

If ALL of your important files are effected, then it looks like you've got some ransomware or malware which caused the name change. Although there are a few file decryptors out there, and they sometimes work, the malware writers seem to be ahead of the fixit writers. The file extension you've listed is one that I haven't seen before and I don't find it on the internet either. That's not unusual.

We feel our data is important enough to only use our own backups to restore a computer which has become infected. As such, using a system image or a recovery option which wipes all malware from the system and reloads the operating system and all programs, drivers, and files is the best way to approach this.

Hope this helps.

Grif

Post was last edited on July 24, 2018 10:30 AM PDT

- Collapse -
Answer
This is Magniber ransomware

I bet this is Magniber because it is common for this ransomware to use random letters in the file extension. You need to have decryption tool specifically designed to decrypt this version of the virus. It is not working other ways.
Every ransomware is created differently. Even when it comes to versions of the same ransomware. Developers tweak a little thing to make it different and non-decryptable.
You can also try anti-malware tools for cleaning the system and maybe Data Recovery Pro for file restoring. But you should get rid of the ransomware first because anything you plug into the device will get encrypted.
Clean the system, remove this virus and then try recovering your files. The best solution is backups if you have any.

CNET Forums