Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: decrypt files files that I didn't encrypt

19 Jan 2014   #1
chuckcm

Windows 7 64-bit
 
 
decrypt files files that I didn't encrypt

A few days ago, I noticed a popup saying computer wanted to reboot and would if I didn't postpone it. I wasn't doing anything, so I went ahead and did it. The windows updates (running Windows 7 Professional 64-bit) applied and I got back to the desktop. Adobe put up a box saying there was an update for it too, so I clicked on it. Before I could start it though, I got a windows box that said "Encrypting File System" and told me to backup my file encryption certificate and key. After some searching on google with a different computer, I found that this sometimes come up even if you have never encrypted anything as I have not. So I went ahead and let it save the key to a flash drive. I did the cipher /u command to find if any files were encrypted. It found thousands of files in 7 directories. Mostly pictures (.jpg) on the second hard drive and they weren't viewable.

Error: "Windows Photo Viewer can't open this picture because you don't have the correct permissions to access the file location."

Filenames were green in explorer. So I tried using the backup of the encryption certificate and key. It seemed to restore just fine, but all the files were still encrypted. I tried the decript command "cipher /d" but that wanted to either be in the directory or specify the directory/filename and the list from the /u just flew by and would only scroll back so far.

After some more searching, found a .vbs script to find all the encrypted files and put the list in a text document. That's how I found out all those files were in just 7 directories. Four of the directories, I was able to go to them at the "ran as admin command prompt" and decrypt them with the cipher /d command. The other 3, it said access is denied on each file. I tried in explorer to just right click on them, under the General tab, clicking on advanced, and unchecking encrypt contents to secure data, but after giving administrator authorization, it says "Error Applying Attributes. An error occurred applying attributes to the file. Access is denied."

Another thing to try for a previous version of windows was make sure the System Volume Information had full access. SYSTEM did, but I changed Administrators and Everyone to full control. No help. I even tried the right-click add-on that I've used on directories and files that wouldn't let me delete them called Grant Admin Full Control. Nope. Still not decrypting in explorer or using cipher /d in command prompt.

Only about 1000 files left, but I'd like to get all of this self-encrypted stuff decrypted because I can't just re-download them. I did notice that all the other partitions only list SYSTEM for group/user names for the System Volume Information directories.

I tried MEO File Encryption Software, but that seemed to only want to decrypt files with 2 different extension types that it creates. I tried to go to the directories that were still encrypted from decrypt prompt anyway, but since the directory didn't have those 2 filetypes, it didn't find anything.

Found a program that looked like it was an old dos or linux boot that you could change attributes like encrypted. It was just ran as a window inside of Windows though and it didn't didn't have permission from Windows 7 do change that attribute.

I tried Advanced EFS Data Recovery trial, and it was able to get one of the 3 directories decrypted once I paid $299 to register. Until paying, it would pretend to recover files, but only the first 512 bytes of each file until you buy.

That still leaves 2 directories left. Any idea what I can try next to get the last 2 directories back? I do have Acronins backups of all my partitions on an external drive, but the directories are encrypted on them as well. I have Carbonite online backup too, and I haven't put it back on my computer since Switching from Windows 7 to 8 and back to 7 again in September 2013, so I figured maybe that would have them not encrypted, but nope. They were encrypted on there too. So however these files got encrypted, at least some of it happened more than 4 months ago.

The ONLY time I messed with encryption was when Windows 7 RC1 Ultimate came out. On a different computer, I made a flash drive a bitlocker flashdrive. Only used it a couple weeks though. Never used that flash drive on this computer or encrypted anything on this computer.

I've run Malware Bytes, Microsoft Security Essentials full scans, and Vipre Rescue in safemode, but no problems found.

I found a post from2001, that Microsoft made EFSINFO.EXE from server 2000 resource kit available, but the link to it just goes to the Server 2012 download page. Should I Downloading the trial and install it to a VM? Then I could try and copy efsinfo.exe out or make it see the encrypted directories and see if the efsinfo /r /c /u command will show the thumbprint.

Anything else I might try to get these files that I didn't encrypt de-crypted?


My System SpecsSystem Spec
.

22 Jan 2014   #2
chuckcm

Windows 7 64-bit
 
 

Well, from what I've been able to find and try, looks like those last two directories are simply not recoverable. Since I didn't encrypt them in the first place, I don't seem to have a key for it.

So, for the future...
What made it encrypt those directories so I can not do it again?
What should I do now to prevent problems like this again? Just backup my encryption key and try and remember where I backed it up to? The current one should be good for a while. One of the many things I tried was extending the expiration date to 2113.
My System SpecsSystem Spec
Reply

 decrypt files files that I didn't encrypt




Thread Tools





Similar help and support threads
Thread Forum
CryptoWall Ransomware, Please Help To Decrypt Files.
Hello There, I am not sure if this is the right section to Post my problem, I Got a CryptoWall Virus, So they Encrypted all my files and blackmail me to Decrypt them back, So Does anyone knows any way to Decrypt this ? Please anyone can help, It's Excel and Word Work Files. Once they do this...
System Security
decrypt encrypted files error
ok sir, i seriously need help or information regarding my situation so plzz plzz help. i had some files colored green for 1-2 years but i ignored it as i didnt knew what it meant. i thought it was jst a random thing like changing icon or something. now that i ve realized that it is encyrpted and...
General Discussion
How do I encrypt and decrypt harddrive on computer boot?
I'm looking for a way to secure my "files" hard drive (not my primary OS hard drive). I want something that would allow me to decrypt it on boot, with a decryption password of some type. It would then need to also encrypt again when shutting down. Could anyone recommend a program for this? It...
System Security
Judge says defendant must decrypt files, Fifth Amendment not at issue
ZDNet Judge says defendant must decrypt files, Fifth Amendment not at issue | ZDNet Earlier story - Passwords tangled in Fifth Amendment Passwords tangled in Fifth Amendment | ZDNet I wonder if this will apply to business?
Security News
Encrypt and Decrypt - Add to Context Menu
How to Add Encrypt and Decrypt to Context Menu in Windows 7 and Windows 8 This will allow you to add Encrypt and Decrypt to the context menu so that you can encrypt or decrypt a file or folder by simply right clicking on the item and selecting Encrypt or Decrypt.Encrypting folders and files is...
Tutorials
Problem with Encrypt and Decrypt
I have 2 partitions c and d. i encrypted some files in d:. yesterday i formatted ma lap and i installed a fresh copy of win7. today i tried to copy that files into a cd it displays an error. then i tried to decrypt that files it also getting an error. even i cant open that files. plzzzzzz some one...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:11.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App