|19 Jan 2014||#1|
decrypt files files that I didn't encrypt
A few days ago, I noticed a popup saying computer wanted to reboot and would if I didn't postpone it. I wasn't doing anything, so I went ahead and did it. The windows updates (running Windows 7 Professional 64-bit) applied and I got back to the desktop. Adobe put up a box saying there was an update for it too, so I clicked on it. Before I could start it though, I got a windows box that said "Encrypting File System" and told me to backup my file encryption certificate and key. After some searching on google with a different computer, I found that this sometimes come up even if you have never encrypted anything as I have not. So I went ahead and let it save the key to a flash drive. I did the cipher /u command to find if any files were encrypted. It found thousands of files in 7 directories. Mostly pictures (.jpg) on the second hard drive and they weren't viewable.
Error: "Windows Photo Viewer can't open this picture because you don't have the correct permissions to access the file location."
Filenames were green in explorer. So I tried using the backup of the encryption certificate and key. It seemed to restore just fine, but all the files were still encrypted. I tried the decript command "cipher /d" but that wanted to either be in the directory or specify the directory/filename and the list from the /u just flew by and would only scroll back so far.
After some more searching, found a .vbs script to find all the encrypted files and put the list in a text document. That's how I found out all those files were in just 7 directories. Four of the directories, I was able to go to them at the "ran as admin command prompt" and decrypt them with the cipher /d command. The other 3, it said access is denied on each file. I tried in explorer to just right click on them, under the General tab, clicking on advanced, and unchecking encrypt contents to secure data, but after giving administrator authorization, it says "Error Applying Attributes. An error occurred applying attributes to the file. Access is denied."
Another thing to try for a previous version of windows was make sure the System Volume Information had full access. SYSTEM did, but I changed Administrators and Everyone to full control. No help. I even tried the right-click add-on that I've used on directories and files that wouldn't let me delete them called Grant Admin Full Control. Nope. Still not decrypting in explorer or using cipher /d in command prompt.
Only about 1000 files left, but I'd like to get all of this self-encrypted stuff decrypted because I can't just re-download them. I did notice that all the other partitions only list SYSTEM for group/user names for the System Volume Information directories.
I tried MEO File Encryption Software, but that seemed to only want to decrypt files with 2 different extension types that it creates. I tried to go to the directories that were still encrypted from decrypt prompt anyway, but since the directory didn't have those 2 filetypes, it didn't find anything.
Found a program that looked like it was an old dos or linux boot that you could change attributes like encrypted. It was just ran as a window inside of Windows though and it didn't didn't have permission from Windows 7 do change that attribute.
I tried Advanced EFS Data Recovery trial, and it was able to get one of the 3 directories decrypted once I paid $299 to register. Until paying, it would pretend to recover files, but only the first 512 bytes of each file until you buy.
That still leaves 2 directories left. Any idea what I can try next to get the last 2 directories back? I do have Acronins backups of all my partitions on an external drive, but the directories are encrypted on them as well. I have Carbonite online backup too, and I haven't put it back on my computer since Switching from Windows 7 to 8 and back to 7 again in September 2013, so I figured maybe that would have them not encrypted, but nope. They were encrypted on there too. So however these files got encrypted, at least some of it happened more than 4 months ago.
The ONLY time I messed with encryption was when Windows 7 RC1 Ultimate came out. On a different computer, I made a flash drive a bitlocker flashdrive. Only used it a couple weeks though. Never used that flash drive on this computer or encrypted anything on this computer.
I've run Malware Bytes, Microsoft Security Essentials full scans, and Vipre Rescue in safemode, but no problems found.
I found a post from2001, that Microsoft made EFSINFO.EXE from server 2000 resource kit available, but the link to it just goes to the Server 2012 download page. Should I Downloading the trial and install it to a VM? Then I could try and copy efsinfo.exe out or make it see the encrypted directories and see if the efsinfo /r /c /u command will show the thumbprint.
Anything else I might try to get these files that I didn't encrypt de-crypted?
|My System Specs|
|22 Jan 2014||#2|
Well, from what I've been able to find and try, looks like those last two directories are simply not recoverable. Since I didn't encrypt them in the first place, I don't seem to have a key for it.
So, for the future...
What made it encrypt those directories so I can not do it again?
What should I do now to prevent problems like this again? Just backup my encryption key and try and remember where I backed it up to? The current one should be good for a while. One of the many things I tried was extending the expiration date to 2113.
|My System Specs|
|Similar help and support threads for2: decrypt files files that I didn't encrypt|
|How do I encrypt and decrypt harddrive on computer boot?||System Security|
|Judge says defendant must decrypt files, Fifth Amendment not at issue||Security News|
|Encrypt and Decrypt - Add to Context Menu||Tutorials|
|Problem with Encrypt and Decrypt||System Security|
© Designer Media Ltd
All times are GMT -5. The time now is 11:29 PM.