All Activity

This stream auto-updates     

  1. Past hour
  2. My laptop is effected with .pumax file extension. I want to recover all files without formating hard disk.Which software will help me for this trouble
  3. Today
  4. this is the read me file ej5squ-readme.txt
  5. There is no chance at this time, but in the future a method may appear that will help to do this.
  6. Different malicious programs can hide in different ways. If you did a reinstall as you said, then it should not remain in the system. But perhaps you have saved some files in which there was an installation or boot file of this malware.
  7. @torikf Hello I have already identified the Sodinokibi Ransomware, who encrypted your files, but I need to confirm this. Attach also that original file of ransom note from which you copied this text. Or confirm that the ransom note is called ej5squ-readme.txt It is correctly?
  8. my pc is infected and deal like this ---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion ej5squ. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/530E0201BC62D444 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/530E0201BC62D444 Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: 8hGCuu0sytpE7iQ5AViYihawxDt4t4CojYPRzFT547etAg0FT4GtkR0497o0/uGd hol6Qu682dW+9Wz51RxunN0P9jXi8qi90wjIJ4ryEz080kjb5Rx/E6e5kl4m416v HNCAVJ0hEqw//x85niup9ObhzPUR9Iia2jqCsQeXhF/P6p7cvcjYBWl/rgyXfj1A 5jt/X7NHMezT8F75ISUqW7M2SuKGEGJkTc2OZKFQjYEbMNRCZI08SgwWW6nu6rnJ XJOx3jNFqZBJviULsDXu82J/Yhp+kMwsBQmxTQcsW5uoGysaGOUDDaNjCfOTZzNZ PwOLsrxdhnGXbWFIY2PPbuz3GLN/w5Ef/gb5k0F5Sa5Zd0OEvwYxCu/KPU6FOkeT cd6ugPZsdxOppqsV1/wAhuth36BnIBtkocTFhxAmE4cwj40UTLZqrdrQTBLXrW08 edS7tl80jlMjaOwbZAvs15oBnK/LW3KV84DaZcMSO9FNMWiP/FIRzkEI0xkIMHsq kho3CRtnG24CebPDS3ablgJgzB1qSTFt9G3Qd3no3NlTaN4j0xYDGSAfsgUkI1eo T+vQ7SvnLnOCj29YoKiixklR/zNZWene7G47tEPYrloqBwBVpWYqel7k1AP3ilPb BkXLJIkgB8SUgMHsLYZF/Dx9Jh4r7n8c9b2Zb5gpCf66OJmdDmQxgaXRM6okGlWl Is9z9URNjj6g0vGd/6biezJPYiWY+IsMDQOK/MaNhT2aZ6pkkTfGWnQ0ROJy28wW rVEudx+n/y6EXQcHiserW6D+mxjNMJuGgsDAUiIeJuWSliJq2h8SJmY9AT1CrchL gXIlZl0P+xlDyM05+RRQBrOmvbd2LCJpIBlMpTthZXFcAK93SPYviPggvEJzLKva gbSusPYSL6oaHggpNzHEX7uXKVMFiYz786rkxAfXuhT3ymYELUFDPhQnFNaZ6F56 O+vgE2gHok063FgVTm8qpy2bT9jT83LvpyYXjPbPKqzYaQYq1M+eNM2RlBAKGVjL o2EHCOXFMVhYChAocPJWVQyIjLrpvI6Wy/NXYjabjXLMyYqkTOON1l1Rm6e7DeeX jyqmSJDH26yhS+/nc8dGjHZkwOtpBqB8IOU4ae2is1AhaGRcSIHrj6nO4H/eHkM2 WQBaMoRSLtLdHnK2Luoc4UFnvgb5yzYml9w6Q42oMFCiQHBGdKH12BxWFcFfuIOV 2NEEnA== Extension name: ej5squ ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!! scan_190624-113505.txt DATA-LAHAN-KERJASAMA.xlsx.ej5squ
  9. I juz cleaned up my PC by formatting and reinstalled windows. Luckily this ramsomeware does not spread out to local network automatically like Wannacry., or it is juz hiding inside.. hmm I dunno.
  10. Yesterday
  11. They asking for 0.073 Bitcoin ($800) Anyone done it before?
  12. I have tried the latest version of STOPDecrypter with no luck. If my files were encrypted with an online key, what are the chances I will decrypt them?
  13. All my files are encrypted .DICOM In attachment, you will find a sample of the encrypted, original file and the readme file. All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ---------------------------------------------------------------------------------------- | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/ | 3. Follow the instructions on this page ---------------------------------------------------------------------------------------- Note! This link is available via "Tor Browser" only. ------------------------------------------------------------ Free decryption as guarantee. Before paying you can send us 1 file for free decryption. ------------------------------------------------------------ alternate address - http://helpinfh6vj47ift.onion/ GlobeImposter 2.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by ransomnote_filename: Restore-My-Files.txt custom_rule: victim ID in encrypted file Click here for more information about GlobeImposter 2.0 Would you like to be notified if there is any development regarding this ransomware? Click here. Encrypted-orginal and redme file.zip Encrypted-orginal and redme file.zip
  14. Strange ... I do not deny the fact that any work should be paid and would be willing to pay reasonable money, not such as blackmailer extort , especially since there are no guarantees, so I would ready pay money for the working method of decrypting files back. I initially did not say that I am looking for freebies
  15. [+] Loaded 46 offline keys Please archive the following info in case of future decryption: [*] ID: yOKj7Yiy7zHqLNoay4dKKiXUvAs2CZxQlXVXfKkk [*] ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 [*] MACs: A8:1E:84:52:11:BB, 3E:A0:67:7C:50:75, 4E:A0:67:7C:50:75, 3C:A0:67:7C:50:75, 3C:A0:67:7C:50:76 This info has also been logged to STOPDecrypter-log.txt
  16. hi friend. I am sorry to tell you that I understood nothing of these. please supply me with any tools to decrypt my files. attached the ransom message that I have received and a doc that has been crypted. _readme.txt Bac.docx.stone
  17. @TecnoMania2020 The logs do not contain information about malicious files. Probably, 360 Total Security did the cleaning.
  18. Michael updated STOPDecrypter v2.1.0.13 with the OFFLINE key for .neras. OFFLINE ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  19. Just sent them file list log files to DrWeb. I'll report here when they respond.
  20. Me too! I have about 14TB of movies that are encrypted. (I would hate to have to rip them all again).
  21. MACs: 04:D4:C4:01:C1:63 ---------------------------------------- STOPDecrypter v2.1.0.13 OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000 ---------------------------------------- No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.gerosan ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rar ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.JPG ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.zip ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.CR2 ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.jpg ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.mp4 ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.package ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.conf ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.chm ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.pak ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.woff ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.exe ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.svg ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.html ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.strings ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.dat ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.html ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.skp ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.ttf ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rbe ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.pdf ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.png ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.css ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.css ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.svg ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.png ) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.js ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rb ) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\digest.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\digest.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.so ) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\psych\visitors.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\psych\visitors.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\request.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\request.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\util.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\util.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) No key for ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rb ) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\resolver\molinillo\lib\molinillo.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\resolver\molinillo\lib\molinillo.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\resolver\molinillo\lib\molinillo\dependency_graph.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\rubygems\resolver\molinillo\lib\molinillo\dependency_graph.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\webrick\httpauth.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\webrick\httpauth.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) Error on file 'K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\webrick\httpservlet.rb': System.UnauthorizedAccessException: (5) Access is denied: [K:\Recovered data 06-22 16_36_40\Deep Scan result\Existing Partition(NTFS)\SketchUp Pro 2019\Tools\RubyStdLib\webrick\httpservlet.rb] at Alphaleonis.Win32.NativeError.ThrowException(UInt32 errorCode, String readPath, String writePath) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\NativeError.cs:line 121 at Alphaleonis.Win32.Filesystem.File.RestartCopyMoveOrThrowException(Int32 lastError, Boolean isFolder, Boolean isMove, KernelTransaction transaction, String sourcePathLp, String destinationPathLp, Nullable`1 moveOptions) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 1027 at Alphaleonis.Win32.Filesystem.File.CopyMoveCore(KernelTransaction transaction, Boolean driveChecked, Boolean isFolder, String sourcePath, String destinationPath, Nullable`1 copyOptions, Nullable`1 moveOptions, Boolean preserveDates, CopyMoveProgressRoutine progressHandler, Object userProgressData, CopyMoveResult copyMoveResult, PathFormat pathFormat) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 842 at Alphaleonis.Win32.Filesystem.File.Copy(String sourcePath, String destinationPath, Boolean overwrite) in C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\Filesystem\File Class\File.Copy.cs:line 76 at STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams) at STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.txt ) No key for ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.xml ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.gerosan ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rar ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.JPG ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.zip ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.CR2 ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.jpg ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.mp4 ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.package ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.conf ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.chm ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.pak ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.woff ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.exe ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.svg ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.html ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.strings ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.dat ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.html ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.skp ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.ttf ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rbe ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.pdf ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.png ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.css ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.css ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.svg ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.png ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.js ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.rb ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.so ) Unidentified ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rb ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.txt ) Unidentified ID: wTJ1TfBJNSZPM62TPvjVlWEh4jrRs8XgU2IokzXv (.xml ) MACs: 04:D4:C4:01:C1:63 Decrypted 5007 files, skipped 22670 Thank sir. STOPDecrypter-log.txt
  22. is there any news sir GT500? 😃
  23. Due to the fact that no one has been able to come up with a way of decrypting files in a reasonable amount of time without having access to the database of private keys, and since the criminals are keeping the private keys securely stored on their servers and no one else has access to them that means no one can make a free decryption tool.
  24. We have to figure out more keys in order to add them to our database. Unfortunately there's no way to be certain how long that will take, so right now it's just a matter of waiting.
  25. Last week
  26. You can run a scan with Emsisoft Emergency Kit if you'd like to ensure that your computer is clean, and you'll want to change any passwords as well, however beyond that all you have left to do is wait until we're able to give you a solution to decrypt your files.
  27. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up