All Activity

This stream auto-updates     

  1. Today
  2. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  3. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  4. I can clearly see KMSpico in the logs. Please note that you'll have to remove any pirated software from the computer before we can assist you further.
  5. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  6. Yesterday
  7. Thanks! Addition.txt FRST.txt log.txt how_to_back_files(1).html
  8. Hello, we got encrypted with id-BCC49E1D.[[email protected]].html anybody know how to decrypt that?
  9. Hello, please help me... is there any way to decrypt files that have this .BUDAK extension? this same type message is shown in every folder, and all my files are encrypted with .BUDAK extension ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-WbgTMF1Jmw Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Mark Data Restore Your personal ID: 111Asd3i74yih3gkdMRrOmiaGsrOBV5WeKx9PFMAoug3J1vvarRjmmut1 I already try and look for some solution but still got nothing.. I already remove the ransom malware from everyconer, regedit, antivirus e.tc... the only left is to decrypt the files.. please help is there any way? thank you for the help, if anyone catch my post Sorry for not including any image or text file since I read the other post for same problem
  10. Your Internet Explorer is infected with a 'www.ihotsee.com' site anf hacked of DAEMON Tools Toolbar. You need reset browser settings to default. Also reset Chrome browser settings to default. Also need remove Dll-Files Fixer. This will not help you, but may cause problems with the computer, if not worse. I noticed about 4 antiviruses in the logs or this is their residual modules. I did not look at their functionality. You need to leave only 1 the most actual, which be work in real-time. The rest need to be removed. Free antiviruses can not protect your PC from encryptors! Do not believe advertising promises! I noticed a lot of programs that could harm your PC before the Buran Ransomware attacked or made it more vulnerable. Some of them may still be active. If you want to clean the PC from this, then you will need the help of specialists in the treatment of malware. Say it here.
  11. Hello @Shang Maull This is a Buran Ransomware or one of its modifications. There are no free ways to decrypt files and no decrypters.
  12. It's simple! Here is an image. You can drag files into this window or select them by reference. Attach 2 encrypted files and a ransom note. Or use the service www.sendspace.com to upload files and give us a link to download. Do not attempt to use the removal tools that some sites in Google-search offer to delete and decrypt files. This is a lie and fakes. We will advise you real decoders (decrypters), if they exist in reality or will be updated for existing ones.
  13. Hello, @Nazero If upload a ransom note and 1 encrypted file to ID Ransomware, it says that it is GlobeImposter 2.0 Result: https://id-ransomware.malwarehunterteam.com/identify.php?case=6f52bfba55e4fea8a2fd24d9476a40548cd5b213 But according to my data, this is Jaffe Ransomware, which I have been tracking since November 2018. It uses victim ID like GlobeImposter and borrowed something else, but differs from him in some signs. This variant with the .[[email protected]] extension and email [email protected] has been known to me since April 2019. It is not researched enough for someone to make a decryptor. I do not make decryptors, unfortunately... At the BC-forum was a similar case in May. There are my answers. If the originality of Jaffe Ransomware is not be confirmed, then its connection with GlobeImposter-2 will be confirmed. One is no better than the other. I do not think that in the near future someone will release a decrypter for it, if this did not happen in the previous 7-8 months of his spread.
  14. Hi guys, another .godes here is readme ransom txt Thx for yor effort _readme[1].txt
  15. My server has been attacked by a new Ransomware last month June 2019. All files have been decrypted with the file extensions,. Io. (. io) I have tried decrypting using all decryption anti Ransomware but unable to. I am uploading the Readme txt file and 3 files inflected/encrypted Kolet Ransomware. The two emails included in the Readme file for ransom are: 1. [email protected] 2. [email protected] Please help me with a encryption tool available that I may not be aware of to decrypt this files. Thank you!! READ ME PLEASE!.TXT Public Folder Database 0818868523.edb.delta.[[email protected]] Mailbox Database.cmp.[[email protected]] pdi.txt.[[email protected]]
  16. Hi, My PC got inefected by ransomware, I had follow the instruction and all file are prepared. However, I dont know how to upload it.
  17. I'll pass this on to the maker of STOPDecrypter, but note that we need to have the MAC addresses of every network adapter on the computer (even if it isn't a normal ethernet adapter). Hopefully the information you provided will be enough to be able to find your decryption key quickly, however please note that we can't make any promises. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  18. These are the reports in addition that were listed out in the Guidelines. Addition.txt FRST.txt scan_190716-063524.txt
  19. Hi there, I am still suffering from a data loss and yet, I'm unable to recover the files that are encrypted by someone and the decryption is not available for it too, on the website. Though, I have request that can you please help me out to sought out this problem. If yes then, really, thank you very much. This is the extension of the file, ".-7CE0F832-A90E-C81C-6AB3-1FDFBCB25171" And the .txt log is ""!!! YOUR FILES ARE ENCRYPTED !!!.txt" Patiently waiting for your kind response. Warm Regards.
  20. Last week
  21. Unable to provide 100% security. Unanticipated incidents happen to any device and specialist. Encryptors that active for several years are modified many times and made almost invisible for anti-virus protection. I often see many variants of already known ransomware who can be detected by antivirus scanners and recorded in "DETECTION" of VirusTotal under a different name or can be considered non-harmful until they are launched.
  22. @njr2003 Everything I wrote above applies also to your case. Alas. But until now, no one can release a free decryptor for Phobos Ransomware.
  23. Hallo Oli, vielen Dank für Ihre Rückmeldung. Bitte entschuldigen Sie die Umstände. Es ist zwar normal dass die Verhaltensanalyse in diesem Fall anschlägt, allerdings sollte die Meldung automatisch von Emsisoft Anti-Malware abgearbeitet werden. Für die Signatur der gemeldeten Datei wurde zuletzt wenige Stunden bevor Sie das Update mit WSUS Offline Update durchgeführt haben auf der Seite VirusTotal eine Analyse durchgeführt die bestätigt dass Emsisoft Anti-Malware unter normalen Bedingungen mit Standardeinstellungen kein Fund gemeldet werden sollte: https://www.virustotal.com/gui/file/c0e27b7f6698327ff63b03fccc0e45eff1dc69a571c1c3f6c934ef7273b1562f/detection Wenn eine Verbindung zu unseren Servern aufgebaut werden kann und in den Einstellungen von Emsisoft Anti-Malware die Optionen "Ruf von Programmen überprüfen" und "Automatisch zulassen bei gutem Ruf" aktiviert sind sollte es zu keinem Zwischenfall kommen. Ich kann Ihnen in dem Fall gerne anbieten dass wir einen genaueren Blick auf die bestehende Installation von Emsisoft Anti-Malware auf Ihrem System werfen. Könnten Sie dazu bitte eine Log Datei mit Hilfe unseres Emsisoft-Diagnose-Tools erstellen und mir diese Datei in einer privaten Nachricht hier im Forum oder auch per E-Mail an [email protected] zukommen lassen? Sie können unser Diagnose-Tool von folgenden Link herunterladen: http://cdn.emsisoft.com/EmsiDiagTool.exe Eine Anleitung dafür können Sie auf der folgenden Seite finden: https://help.emsisoft.com/de/1736/emsisoft-diagnostic-tool-ausfuehren/ Bitte senden Sie zusätzlich auch die Datei "logs.db3" welche Sie im Installationsverzeichnis von Emsisoft Anti-Malware auf Ihrer Festplatte finden können. Zwischenzeitlich stehe ich für Ihre Anliegen gerne weiter zur Verfügung.
  24. Hi Frank, Thx, for all information, have now same Clients updatet to 1903 and I can confirm the a NO Cert Issues till today. Good work 🥰 best regards
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up