All Activity

This stream auto-updates     

  1. Today
  2. My files got encrypted not all of them. At the end of every encrypted file its .dodoc. Help plzzz
  3. Wait. You will be answered by a support specialist. The logs have information about malicious files. They need to save and transfer to experts. Then you can reinstall the system. --- The 'readme' files with 123 look the same. For now, leave them in the folders where they were found. The decryption specialist will look at the downloaded files here.
  4. Hello, The first time we were targeted by .Freezing, now for the second time we were targeted by .HelloAgain. There are no recovery notes on disk C
  5. SIR I FINALLY FOUND _readme file WHOSE ID STARTS WITH 123*** I HAVE ATTACHED DIFFERENT FILES FROM DIFFERENT FOLDERS. _readme.txt _readme.txt _readme.txt _readme.txt _readme.txt _readme.txt
  6. Sir .. I sent the log files and some suspicious files. I backed up all the necessary encrypted files and i will store it in my F drive.I have also zipped them using Win Zip. But now I have to use the laptop so can i perform a clean installation of the OS and also clean all other drives except the drive containing the infected files???
  7. These are the FRST log. FRST.txt Addition.txt
  8. I have already sent a message to the STOP Decrypter's developer (Demonslay335). Make a FRST log. https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Do not remove anything yourself. Perhaps the harmful file is still in the system and the STOP Decrypter's developer will need a sample of it. Perhaps this is the only chance for you.
  9. Please help me solve this problem sir.. I have pictures of my grand mom who died recently which i would never again get. Please sir...
  10. OK. We will transfer your case to the developer. Perhaps he already knows what to do. In his time zone is now earlier morning. It will be a little later. Now it's best to check and make sure that no malware components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  11. The folder where .lapoi files are present...there is no _readme.txt file
  12. Need a file _readme.txt, in which the ID will contain at the beginning of the number 123. This is necessary for files that have received an .lapoi extension. Perhaps the encryption process replaced them with new ones with numbers 124. Perhaps they may have been renamed to _readme1.txt or _readme2.txt These 'readme' files should be in folders with files, which having a .lapoi extension.
  13. i am attaching some suspicious files while i searched for the files you told about....I couldnt find one. .escheck.tmp.lapoi .8f2998.todar feature_table.bin.lapoi metadatastore.bin.lapoi .nomedia.lapoi med-res-frame-448185439754432.jpg.lapoi med-res-frame-448185473289432.jpg.lapoi med-res-frame-448185507054432.jpg.lapoi
  14. I said above: New version of STOP Decrypter will not appear very quickly, but you need come every day.
  15. Look for files _readme.txt where in instead numbers under 'Your personal ID: 124***' will be written 'Your personal ID: 123***' These files and ID refer to files with .lapoi extension and should be in folders with files, which having such a new extension. Find a few, compare, and if they are the same, attach one file _readme.txt to the message.
  16. They have not disappeared. They is encrypted, but will not be available until the free decrypter software appears. Sometimes people have to wait several years until someone can decrypt. We are not extrasenses and do not know in advance.
  17. So its mean my all data are gone. there is no other option to retrieve data.
  18. Hello @Dave D Man I trace the Chekyshka Ransomware's activity from the first victims and made a description a month ago. I handed over all the samples found to the AV-companies, but so far no one has published a free decoder.
  19. Yes...There are some. Both the extensions are there in the same PC
  20. The variant that used the .lapoi extension should be first. Do you have files with the extension .lapoi now? Or are they on another PC?
  21. thankssssssssssss...............ok .....i will change my username
  22. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  23. Hello @Dheeraj This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .gusau extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  24. My files got encrypted by .TODAR and .LAPOI extension.

    After running the STOP Decrypter the following message was shown:

    [+] Loaded 59 offline keys
    Please archive the following info in case of future decryption:
    [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw
    [*] ID: mneaFv6qsoloG3BSRWuiOULjQBJDJLQHrQuadMpl
    [*] ID: ZivCxija0GBwtwtwD0q4JRy80spT6lUyybPYhot1
    [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
    This info has also been logged to STOPDecrypter-log.txt
    Selected directory: C:\Users\dasba\OneDrive\Desktop\New folder
    Starting decryption...

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-03-09-57-02-734.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-11-00-06-25-558.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-06-20-14-40-29-599.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-34-29-971.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-39-33-310.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-10-15-49-11-156.jpg.todar
    [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )

    Decrypted 0 files!
    Skipped 6 files.

    [!] No keys were found for the following IDs:
    [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )
    Please archive these IDs and the following MAC addresses in case of future decryption:
    [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
    This info has also been logged to STOPDecrypter-log.txt

     

     

     

    Please Help me.

    Also added the ransomware note.

    STOPDecrypter-log.txt

    _readme.txt

  25. This is what I got after running STOP Decrypter +] Loaded 59 offline keys Please archive the following info in case of future decryption: [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw [*] ID: mneaFv6qsoloG3BSRWuiOULjQBJDJLQHrQuadMpl [*] ID: ZivCxija0GBwtwtwD0q4JRy80spT6lUyybPYhot1 [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81 This info has also been logged to STOPDecrypter-log.txt Selected directory: C:\Users\dasba\OneDrive\Desktop\New folder Starting decryption... [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-03-09-57-02-734.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-11-00-06-25-558.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-06-20-14-40-29-599.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-34-29-971.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-39-33-310.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) [+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-10-15-49-11-156.jpg.todar [-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) Decrypted 0 files! Skipped 6 files. [!] No keys were found for the following IDs: [*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81 This info has also been logged to STOPDecrypter-log.txt STOPDecrypter-log.txt _readme.txt
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up