All Activity

This stream auto-updates     

  1. Past hour
  2. @ahmed kotb This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt a small group of files, only make copies of them before this. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  3. readme.txt is a very common name for all ransom notes. You can also upload to here this note and several encrypted files if you want me to confirm the identification or provide details.
  4. I keep in contact with Michael when this happens, from the beginning of multilingual version IDR.
  5. It is a pity, I said above, that every time these extortionists change something. Very changeable Ransomware. The previous versions they could decipher. It was also with Scarab Ransomware, decrypted easily, then it became difficult, and later decrypt could not feasible. Impossible now - maybe in the future. No need to delete files if they are valuable to you.
  6. Today
  7. i know it that's why i deleted all my encrypted files
  8. Hello guys My files are encrypted, and I really need my data base, but when I run stop decrypter I got this message. [+] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK [*] MACs: 00:40:A7:27:6B:AD This info has also been logged to STOPDecrypter-log.txt Selected directory: C:\Users\Thays\Documents Starting decryption... [+] File: C:\Users\Thays\Documents\SISGER.FDB.gerosan [-] No key for ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan ) [-] Fatal Error: (5) Acesso negado: [C:\Users\Thays\Documents\Meus Vídeos] [-] Aborting Decrypted 0 files! Skipped 1 files. [!] No keys were found for the following IDs: [*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:40:A7:27:6B:AD This info has also been logged to STOPDecrypter-log.txt Can someone help me. I dont't care my other files, but I really need this one.
  9. Bad news, DrWeb says: Hello! A case of Trojan.Encoder.26657 Decryption is not feasible.
  10. help. No key for ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) Unidentified ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) MACs: 20:68:9D:EE:6F:72, 08:60:6E:8B:55:73, 20:68:9D:EE:29:B8
  11. Hallo Oli, vielen Dank für Ihre Rückmeldung. Die Datei wget.exe wurde laut unseren Malware-Analysten digital signiert und sollte daher nicht von Emsisoft Anti-Malware blockiert werden. Möglicherweise gab es zu dem Zeitpunkt ein Verbindungsproblem so dass die Verhaltensanalyse die Datei dann doch gemeldet hat. Wir haben die Datei nun in die Whitelist aufgenommen. Bitte lassen Sie mich wissen wenn wir Ihnen noch behilflich sein können.
  12. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  13. help me. [!] No keys were found for the following IDs: [*] ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 20:68:9D:EE:6F:72, 08:60:6E:8B:55:73, 20:68:9D:EE:29:B8 This info has also been logged to STOPDecrypter-log.txt
  14. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  15. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  16. Yesterday
  17. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  18. Deleting the ransom note can lead to problems identifying the ransomware and/or decrypting your files later on. It is recommended to leave the ransom notes alone, and allow them to remain alongside the encrypted files.
  19. All my file encrypted but the extension and neme of this files doesn't changed. The message " readme.txt - Notepad "
  20. Now that I take a second look at this, something has messed up the log output from STOPDecrypter too badly for it to be useful. Could you try running STOPDecrypter again? It might also help if you attach STOPDecrypter's log to a reply (if you followed the instructions here then it will be in your Downloads folder in a folder named STOPDecrypter).
  21. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. BTW: I removed your e-mail address. Posting it publicly only invites spam, scams, and the criminals who made the ransomware to contact you to let you know that they can decrypt your files (for a "small" fee of course).
  22. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  23. OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects. You can attach a copy of the scan report here for me to review. They are usually in the following location: C:\EEK\Reports
  24. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  25. This is more than likely GlobeImposter 2.0. You can confirm this at ID Ransomware: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  26. Please download the following fixlist.txt file and save it to the Desktop: https://www.gt500.org/emsisoft/fixlist/2019-06June-18/yousef_elmalk/fixlist.txt NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop. Run the FRST download from earlier, and press the Fix button just once and wait. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up