All Activity

This stream auto-updates     

  1. Today
  2. @Mohamad Ajmal See the answer to your request.
  3. @vivek choudhary This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  4. @Mohamad Ajmal This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  5. @Rachwell No. First you need to get rid of malware. Otherwise, encryption may be repeated or restarted with other components. I did not look deeply, but all the anti-virus programs and on-demand scanners that are on your PC, as it became clear, turned out to be useless. You can remove them all and install them to fully check the "Emsisoft Emergency Kit". Check PC and agree to send quarantined malware files. Attach the results to the message for the Emsisoft experts to see.
  6. hi i can recovry my davda file Unidentified ID: X1Woa6dQiBqBnBh2aG3hm5DJ1tRmxNgy683W3fz4 MACs: 48:BA:4E:B1:77:6D, F4:96:34:85:9F:95, F6:96:34:85:9F:94, F4:96:34:85:9F:94, F4:96:34:85:9F:98 ---------------------------------------- STOPDecrypter v2.1.0.10 OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000 ---------------------------------------- No key for ID: X1Woa6dQiBqBnBh2aG3hm5DJ1tRmxNgy683W3fz4 (.davda ) Unidentified ID: X1Woa6dQiBqBnBh2aG3hm5DJ1tRmxNgy683W3fz4 (.davda ) MACs: 48:BA:4E:B1:77:6D, F4:96:34:85:9F:95, F6:96:34:85:9F:94, F4:96:34:85:9F:94, F4:96:34:85:9F:98 Decrypted 0 files, skipped 673
  7. My PC worked as usual and suddenly I found I couldn't open any program - so I can't start with Emsisoft! The reboot didn't help. Maybe it's a virus but I'm not a programmer, just a user of Windows and I don't know how to get access to my files...
  8. Good night, My files are infected with .gerosan. I read the forum topics and tried most of the solutions here, but nothing works. What should I do? I need ur kind support.
  9. Kindly help to get file files backs by provide the solution of this virus which infected my whole data with .VESAD extension in each file
  10. My server was infected by a ramsoware with files infected by gerosan extensions. Can anybody help me.
  11. @Amigo-A Ok, thanks. But is something that i can do? I'm trying to recovery my files with "recuva", but the most still broke.
  12. @Rachwell There are malicious files in the logs! Be careful! Wait for a response of a support service Emsisoft.
  13. I successfully repeated the scan (1207668 files, about 48 minutes) later in the day.
  14. @GT500 Here are the files. Addition.txt FRST.txt stopdecrypterlog.txt
  15. @Din I sent you a message even earlier. 😃
  16. @Thinh Dang Please attach a ORIGINAL ransom note to your new post and report the approximate time when the files were encrypted. or upload them to the site www.sendspace.com
  17. @Thinh Dang Good! Good that you answered! Everything is as I said. Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware. But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware. Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists. For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption. That is, for Maoloa Ransomware there is still hope for decrypting, but there is no decryptor yet.
  18. WIn 8.1 64bit, EAM 2019.5.0.9476 I set up and started a custom scan, which would normally take about 45 minutes and scan about 1.2 M files. I wasn't watching the machine as it scanned; when I came back to it I found the scan screen saying the scan was complete, only 510 files examined, no report file available. I don't know how long that took, though presumably not very long. Couldn't see anything in event viewer. I'll PM the debug logs to @GT500
  19. @GT500 Same issue too, Please help. Thank you so much. [+] Loaded 43 offline keys Please archive the following info in case of future decryption: [*] MACs: 60:A4:4C:35:39:2A, 40:9B:CD:96:F2:D8 This info has also been logged to STOPDecrypter-log.txt By the way, is it normal to not having ID? If yes, how to find it? STOPDecrypter-log.txt FRST.txt Addition.txt
  20. Here is the note: YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US: [email protected] ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: QY 5P 3f /+ iC qr bq AU SA VT XU Q5 Xf SH 7F ac tv SM WB qk gm bU +K /2 0X o4 Zy S9 JW Zx 5s NH ZI Sj sZ sQ /B Cf J1 fd pU oi aZ j5 gb gf 3h oG 4P +a QU yn es Hd 8k F5 Xq zX Ew ZA r8 nV y0 4z B6 JA Hy NM l0 ZD hO v0 2h PK X7 vj 6g 5J yO be Fs b6 FW +R X/ Bp kd so 1Z jo nF ti EF ut 49 /o wV Ky dX YG PK cR n1 nd 39 Qr uj 7U JN gS MS HJ jI mx bn Sv b4 mS q6 CH 6H Vs d5 m/ Xg 4X al b8 X4 kx +4 he y5 mu dJ mc aT Mv rf GM 1Z Z9 Fp tx N8 2L ZA vt +l fe 38 a3 w1 3/ Ks Fm br L/ TC I9 8I ax rZ fD Wy jo Vm wT 4X Fy rd bo 34 qW PA CM zn c8 42 lb qj ML v/ WP Za pL Fe kJ VC 5P +A CJ bD 2q fp am +u N/ Xl xI 1N N3 Qs oz AR d5 kW n5 7u si n+ Oy DE ML mi SD M1 t5 c1 a7 As Wu g7 ME kd Qh /T X+ jW r9 h8 9f bX 6D G+ 2N 0v Bi Vd tY pP 1c w1 fu dE 5m Zr Sz Ak z5 FX IO BG 1F Ly zk Ri s5 5D nu nt fc 3Q 8B aA ez tM NV cx b7 5T Y+ ES Xi 7R /N zl rJ O8 xP +u mW kF Sj QJ UT /H o0 Vw 2q +/ Z5 w1 wo ry 3G I3 fL RZ wx cO S7 VJ Eh jg FA YB U5 ux 6H +c Zn dG D2 oS gh VR kG xW 4f xq 8K Ya EA Hx cf D/ iD 75 zs MF fo yz 94 69 fr FW MN Kd LK Th 0=
  21. Thank you very much for kindly support. After I uploaded to https://id-ransomware.malwarehunterteam.com I got the result, Any solution for me to decrypt ?
  22. [!] No keys were found for the following IDs: [*] ID: eFopxYl6gdCrKPp9FQgmBigK4tyKkShuMAzHARJ1 (.redmat ) [*] ID: eFopxYl6gdCrKPp9FQgmBigK4tyKkShuMAzHARJ1 (.lnk ) [*] ID: eFopxYl6gdCrKPp9FQgmBigK4tyKkShuMAzHARJ1 (.pdf ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 4C:BB:58:DC:83:48, F0:76:1C:F7:CE:DB, 4C:BB:58:DC:83:49 This info has also been logged to STOPDecrypter-log.txt
  23. THANK YOU SO MUCH. ITS REALLY WORK. MY DATA HAS BACK NOW
  24. This operation can take a lot of time. Theoretically, even as much as we (we all) can not imagine.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up