All Activity

This stream auto-updates     

  1. Past hour
  2. Nehmt am besten gleich alle Dateien von WsusOffline in die Whitelist auf!
  3. Today
  4. thanks dear GT 500 for your effort below the information that you advised me to copy [+] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT [*] MACs: 28:D2:44:4A:78:F0, FC:F8:AE:4D:14:63, FE:F8:AE:4D:14:62, FC:F8:AE:4D:14:62, FC:F8:AE:4D:14:66 This info has also been logged to STOPDecrypter-log.txt FRST.txt
  5. i already deleted all files with name of : HOW TO DECRYPT FILES so all notes and .hta files deleted successfully
  6. It may be in other folders with encrypted files.
  7. i deleted it manually really
  8. @AdMiRaL Also look for a note HOW TO DECRYPT FILES.hta. It usually looks like an icon in a blue frame. He should be on your desktop also. Some antiviruses fear and delete this type of note in Quarantine.
  9. Yes of course. They do not require it. This is a new version and...
  10. thank you a lot for your reply's and ofcaurse i will not pay until i am sure they can decrypt it first.
  11. @AdMiRaL @ Bojan Atanasijevic No need to pay anything in advance! They will report in an open you ticket if the files can be decrypted and give instructions for payment and so on. In contrast, in ESET company, which also provides paid file decryption, they offer to buy a license first, and later try to decrypt files. --- These are anti-virus companies known worldwide. After purchasing a package with a licensed program, the buyer becomes a legal user and customer of the company. DrWeb and ESET decrypt files for their clients free and without any problems, if the protection they purchased was already on the PC and was active, i.e. did not expired and not be turned off at the time of the attack. I have nothing to do with them and I is no user from their programs now. --- Do not use the services of various intermediaries and companies that declare about decryption on the Internet! This is a 99% deception and change in the value of the ransom. In many countries of the world by law, the one who (a group of persons, an intermediary, a person, a company) conspires with the criminals, is a co-member of the crime and is also prosecuted. This does not apply to victims, of course...
  12. @AdMiRaL @ Bojan Atanasijevic The files after DCRTR-WDM Ransomware's attack can be decrypted by Dr.Web specialists. DrWeb classification it as Trojan.Encoder.26981, Trojan.Encoder.27259 and others. Dr.Web specialists perform the decryption itself for free, but to get the decryption key and decrypt all files, you need to get a Rescue Pack (rescue package), which includes Dr.Web Security Space's licensed anti-virus protection for 2 years. For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). This service without the rescue package of Dr.Web is not available. Offecial English link: https://legal.drweb.com/encoder/?lng=en There is also support for other languages. Test decrypt be done for free. It is necessary to send both notes about the ransom and encrypted files of different formats. You must this be done independently, without intermediaries. I know that over the past 6 months there have been several happy occasions. Can be decrypt your files? I dont know. Extortionists could change the encryption so that it was impossible to determine the decryption key. It is always expected.
  13. thanks dear GT 500 for your effort below the information that you advised me to copy [+] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: gLS3y0S8B1sLghmJRotI5oE48HO2VRo1i8N8qGoT [*] MACs: 28:D2:44:4A:78:F0, FC:F8:AE:4D:14:63, FE:F8:AE:4D:14:62, FC:F8:AE:4D:14:62, FC:F8:AE:4D:14:66 This info has also been logged to STOPDecrypter-log.txt
  14. Sorry, I was distracted by an urgent call and I did not have time to finish the message. Wait a moment, I write details.
  15. is there any paid decryptor ?
  16. Bojan Atanasijevic gave us two scrap files: HOW TO DECRYPT FILES.txt + HOW TO DECRYPT FILES.hta With upload txt- and tha-notes there will be two results. One will point to the Xorist, and the other to Dharma. https://id-ransomware.malwarehunterteam.com/identify.php?case=03ab5d464383972db0e5e170d2d4bc2082ab003d https://id-ransomware.malwarehunterteam.com/identify.php?case=7391784c146c9cb877fffcc1b7eb9e07f993d3ab Both do not reflect the accuracy, because the extortionists use the names that are characteristic of these two Ransomware to deceive the identification service. This is DCRTR-WDM Ransomware . In the service, it is identified as DCRTR Ransomware (as general item DCRTR Family) No free decryptor.
  17. Realistically. But the Xorist identification is incorrect. Reality needs to be clarified to the end. Extortionists use the name of the note from Xorist to deceive identification. This is a well-known technique. Service is not to blame.
  18. i tried and i got this : http://prntscr.com/o3erae but after i already deleted all my encrypted files because i thought it's all infected with the ransomware is it real that this program may be work and decrypt the encrypted files ?
  19. @AdMiRaL @Bojan Atanasijevic The usual recommendation on the forum is to upload a note and an encrypted file to the service ID Ransomware. Did you do it? Upload 1 note HOW TO DECRYPT FILES.txt + 1 encrypted file. Then 1 note HOW TO DECRYPT FILES.hta + 1 encrypted file. --- I already did this using the files you uploaded, but I want you to do this and see for yourself. And then copy the links to the results and paste here.
  20. Need to check your PC and make sure that no Ransomware components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ You can use Emsisoft Anti-Malware Home (30 days for free) to scan your system, disks and be safe until you decide how to protect your PC and information on drives. Just do not remove the Quarantine, let the specialists from Emsisoft see it.
  21. @Antonio Felix This also text from Phobos Ransomware. You have already been told that for him there is no free decryptor. Before Phobos, the files were encrypted by another encryptor. One encryption overlaid another.
  22. Not all the files has been encrypted twice. Below text received after the attack: "!!! All of your files are encrypted !!! To decrypt them send e-mail to this address: [email protected] If we don't answer in 48h., send e-mail to this address: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected]" Example of a picture name: TP GAF GAM manha-1.jpg.id[9EF7A78C-1023].[[email protected]].actin Please tell me that I can recover the encrypted files somehow...
  23. Hello I need help. My PC was infected by gerosan and I need my database back. Here the txt. Your personal ID: 101nHfssdMnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK
  24. @Antonio Felix Amendment! Your file you downloaded now has a name: ***marZo.xls.crypted.id[9EF7A78C-1023].[[email protected]].actin Here the 1st part of .id [9EF7A78C-1023].[[email protected]].actin reports that the file is encrypted with Phobos Ransomware, this can be seen even without special tools. The 2st part of .crypted reports that before Phobos the file was encrypted by another encryptor. Thus, your file has been encrypted twice. The .crypted extension is very common. If you find another note, can be find out which encryptor was the first. This is necessary not for sporting interest or mere curiosity, but in order to exclude all possible ways of penetration into the system and methods of attack of your PC.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up