All Activity

This stream auto-updates     

  1. Today
  2. Will send u a copy of the STOPDecryptor file I saved after scan two days ago.it couldn't do the decryption buy I saved it for future decryption
  3. I do not see the ID here, therefore, it is not clear with which key the files were encrypted. If your ID does not have the following code after the first three digits gyTwIW8EFRyrHBHcn0bFVHerzI3NtAa14YK0kst1 then your files cannot be decrypted right now.
  4. I sent you the readme file kindlyou check your inbox cod I deleted them.all so.I have to send an image I took of it to you
  5. You did not add a note, as I requested above. So then you need to read the news on this link and do all yourself.
  6. You did not add a note, as I requested above. So then you need to read the news on this link and do all yourself.
  7. Hi You will have to manually assign the license, which was created and assigned by syncro to the device, to the workspace. thanks
  8. @GT500 @Amigo-A @Demonslay335 Thank you so much for helping and guiding me so far. Let me explain what happened and where it started. I will attach all relevant information. Needing to find updated drivers for my graphics card i found a website offering free driver updates even rated as safe.( I have attached a screen shot so everyone can avoid it at all cost) screenshot 2. Secondly i attached a screenshot of the file i downloaded (screenshot 1). After installing the driverpack the first time it seemed fine till Avast started blocking the malware/ransomware. Driver seemed to be working fine. No infections after further scans. I then picked up a problem with starting Windows 10 and a clicking sound. Bootmgr was missing. Under the assumption my hard drive had the click of death, I reinstalled Windows 10 on another hard drive as my new OS. Not thinking to first do the protection I reinstalled the driverpack first whereby i got multiple infections. Any attempt to run a anti-virus or anti-malware was futile. The .MORGRANOS exstensions started to infect my other hard drives. I removed the OS drive and it seems my original OS drive was still working. I ran Malwarebytes (7292 infections). I will also attach the requested STOPDecrypter log.STOPDecrypter-log.txt
  9. This just occurred to me: Can you predict what will happen to the license on the expiration date reported in the ECC? The instance currently shows as a Trial with 25 days remaining in the ECC, but from Syncro and from the program itself, the license shows as valid. Is it possible that I can simply continue to use the ECC past the expiration, or what is the prediction on what will happen? Thanks-- just looking for a work-around for now. ECC ^ Desktop program ^
  10. Thanks Stapp and Andrey. You made my day! Greets from someone geeking in France
  11. i hereby attached a copy of FRST save file after scan and i have also added the save information after running STOPDecryptor Addition.txt FRST.txt STOPDecrptor information.txt
  12. The result of the verification in the IDR will be as follows: Phobos Ransomware I have not added this variant to the update section yet, but previous variants ones with this extension are already known.
  13. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  14. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  15. Soon may not be possible (some people have been waiting for 6-7 months). If you need immediate file recovery, then you may want to consider contacting Coveware, as they can help you by contacting the criminal behind the ransomware and negotiate a lower price for you.
  16. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Yes, that's the best thing for you to do for now.
  17. That just means we don't have the key for your files in our database. In theory it might be possible for more to be added in the future, however there's no way to know if or when that will happen. In this case I think backups would be the best course of action. Outside of paying the ransom (which we prefer not to encourage) there's more than likely no way to recover the virtual drives. While it might sound reasonable to copy the data from the running VM's, keep in mind that your virtualization software can no longer read from the virtual disks, and thus it would fail to copy any data that was not already loaded into memory in the VM's.
  18. Funny, considering that the e-mail failed validation, I'm surprised your mail server didn't block it. Authentication-Results: spf=none (sender IP is 173.201.192.186) smtp.mailfrom=thealtar.info; rslcomputers.com; dkim=none (message not signed) header.d=none;rslcomputers.com; dmarc=fail action=quarantine header.from=emsisoft.com;compauth=fail reason=000 Received-SPF: None (protection.outlook.com: thealtar.info does not designate permitted sender hosts) The last time I checked, both DKIM and DMARC are configured for our domain, so both should validate if it's a legitimate e-mail from us.
  19. Yesterday
  20. @broniusr I've fixed that now. Please try re-downloading for v1.0.0.1.
  21. I received ransomware requiring me to write [email protected] with in 24 hours using he code 720AF1D2-2289 after 24 hours i was to email to [email protected] i was to send 5 files for free decryption, which i did not do. i was advised on how to buy bitcoins at https://localbitcoins.com/buy_bitcoins and for beginners the provided me with this webside http://www.coindesk.com/information/how-can-i-buy-bitcoins/ which i did not do the virus infected my back-up and my server. the files were converted to banjo. files written in javascript i believe my computer was taken off the network and a new ip address was given, at the moment it is off the network so iam unable to use it, to send any files to you. i have the computer in safe mode now. can you please help me
  22. Hello This variant .nacro has not yet been added to the STOP Decrypter. Attach your file _readme.txt to message to see how the type of ID is.
  23. A few minutes ago I received the following email pretending to be from Emsisoft: Title: Invoice(s) due Email address used to send from in my case is: Emsisoft <[email protected]>; (Emsisoft via thealtar.info) Header info: Received: from CY4PR10MB1989.namprd10.prod.outlook.com (2a01:111:e400:7a4d::51) by BN6PR10MB1986.namprd10.prod.outlook.com with HTTPS via BN3PR03CA0091.NAMPRD03.PROD.OUTLOOK.COM; Mon, 19 Aug 2019 09:39:22 +0000 Received: from MWHPR10CA0050.namprd10.prod.outlook.com (2603:10b6:300:2c::12) by CY4PR10MB1989.namprd10.prod.outlook.com (2603:10b6:903:11a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 09:39:21 +0000 Received: from SN1NAM01FT044.eop-nam01.prod.protection.outlook.com (2a01:111:f400:7e40::200) by MWHPR10CA0050.outlook.office365.com (2603:10b6:300:2c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:39:21 +0000 Authentication-Results: spf=none (sender IP is 173.201.192.186) smtp.mailfrom=thealtar.info; rslcomputers.com; dkim=none (message not signed) header.d=none;rslcomputers.com; dmarc=fail action=quarantine header.from=emsisoft.com;compauth=fail reason=000 Received-SPF: None (protection.outlook.com: thealtar.info does not designate permitted sender hosts) Received: from p3plwbeout14-03.prod.phx3.secureserver.net (173.201.192.186) by SN1NAM01FT044.mail.protection.outlook.com (10.152.65.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:39:20 +0000 Received: from p3plgemwbe14-06.prod.phx3.secureserver.net ([173.201.192.155]) by :WBEOUT: with SMTP id ze7lhNK5aCOgBze7lhwknU; Mon, 19 Aug 2019 02:38:49 -0700 X-SID: ze7lhNK5aCOgB Received: (qmail 27063 invoked by uid 99); 19 Aug 2019 09:38:49 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8" X-Originating-IP: 185.232.22.204 User-Agent: Workspace Webmail 6.9.59 Message-Id: <[email protected]mail14.godaddy.com> From: "Emsisoft" <[email protected]> X-Sender: [email protected] Reply-To: "Emsisoft" <[email protected]> To: Subject: Invoice(s) Due Date: Mon, 19 Aug 2019 02:38:45 -0700 Mime-Version: 1.0 X-CMAE-Envelope: MS4wfNBVZhrgbzXKdfKr1g3R1v01SOMJCYE71uYLEPOCW6VDE41cWKCv7iHHNTdC6CSMpKrRBN9gzyc6R+x1ZE9gEE58qyHEvRbUeO3sWK/Ri6lGI+ly5Vu5 2vf/q1wNG30vIoGlPuQpfq/tBA6juYsp/5fyBnkXgt9EfEXcSAhUtSyb2dhk8XxuyKhq0EaMYn1kljHRTU14NKeJP5MjPspAqxw= Return-Path: [email protected] X-MS-Exchange-Organization-ExpirationStartTime: 19 Aug 2019 09:39:20.6845 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: dff0cfe4-0774-41ed-a299-d72b333064a1:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Matching-Connectors: 132106811607365733;();(30aae98b-e46d-47eb-c8af-08d3b25b0f82,ff47d72d-0fa9-4508-46b6-08d429cf5cf9,4aa9d499-1c82-4814-693f-08d51fe40331) X-Forefront-Antispam-Report: CIP:173.201.192.186;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:CY4PR10MB1989;H:p3plwbeout14-03.prod.phx3.secureserver.net;FPR:;SPF:None;LANG:en;CAT:SPM; X-MS-Exchange-Organization-AuthSource: SN1NAM01FT044.eop-nam01.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(711020)(4605104)(4710121)(4712094)(1403117)(71702078)(7193020);SRVR:CY4PR10MB1989; X-MS-TrafficTypeDiagnostic: CY4PR10MB1989: X-MS-Exchange-PUrlCount: 1 X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-Organization-SCL: 5 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2019 09:39:20.5254 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-MS-Exchange-CrossTenant-Id: dff0cfe4-0774-41ed-a299-d72b333064a1 X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR10MB1989 X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.8374783 X-MS-Exchange-Processed-By-BccFoldering: 15.20.2178.000 X-Microsoft-Antispam-Mailbox-Delivery: dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506383)(944626516); X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?zxTIkmxboA8V3HWwi2SWFCPnZs4f45S1m/nHTLKnr4HKWtXjcqLKzGpHYrQ1?= =?us-ascii?Q?Fp8H5p7fUFZBfDvqnygf5XZoWluTqwKJqHLQLR/+MQXILfUnAQdTrkoVUNuS?= =?us-ascii?Q?HEUsBMrSz8tS3yAGVGgje8/7AM140W24Tqlzc++N/6OGsfiYpjkuyrZgwDsr?= =?us-ascii?Q?splE9rOc88b1ccUQGqKieYy/udeq/Pmd6YpqRnXPW2sLYNJ2UeTYNCUtsYYi?= =?us-ascii?Q?Fc3dsbZUTr6oCRDZrMmPPyZEkZpNuxq0wua0XNRvDamdyOWjgbB8J0II2tY2?= =?us-ascii?Q?2y/WtZ8yoN/XwcqKDl33xjPDIGTBq8t2Y7RtwdcmxMVgvswB7AwQFrN+IIY/?= =?us-ascii?Q?TWiBmw5qJYb0vIxUfTFI+f9ON/8fRSiIrlvvURhLKkwiY12Izm2SC0b3EuSP?= =?us-ascii?Q?7dQDLhf78CyJO42XKDrtYpd40bLe+GC9Li4yuEeBy8bgru5W5YFxf+diJnpK?= =?us-ascii?Q?l/aRWFCpjfrmcldpUcQZW1/O1Py+5HeQ5YyQ1U3wTjY92br4PEgV2gra4EyB?= =?us-ascii?Q?5UTXbAf2vRwcweFkGuL89QwDG928QQeH94EO8GLOSjZW7mbPMzVHbLjLM8iV?= =?us-ascii?Q?ZOKIL/iyLUQnNGrXnFsBOvVmUFq+ZTSksEWBpaayeQrax/qOHljRBm5bQQuc?= =?us-ascii?Q?5dmgS5Z545wFUA95NEkiUN8TY9OeFdoeVQ28hhUghHCFeTnesL4mlhQw3HI8?= =?us-ascii?Q?axTIa7EblveXKYroxaeat/X+CTIw3jSneJhpyyko4pSDBiMiY9Q9kSqkA3We?= =?us-ascii?Q?e3ai+8n0PxjZEb2KPL9Knj6zyOjam+zns388wov0zWqkH5zhK0+h9gqVh6hA?= =?us-ascii?Q?t5UHRe0HZGwx/jowtsGey+/EKv5Ga+eesQjUCsffLtIsYtX2J4e76F3cOzy1?= =?us-ascii?Q?Z1R4vZwHqPqe5fL5r5UnIYu51RpOmcr0DvlKvgfQ8bIbUpRQKbJ9sgIsgwPc?= =?us-ascii?Q?HZMsJjj7NEfes5AgNd3Eu3unEsNZp7cJyK7Pl0Sg+cVqV7pW5d+9fcH0LHuL?= =?us-ascii?Q?ikxyu4Gkb9tWeydxi7u8nuLTsfCqjVpQ1yO+PuXpNxHF8YfvmRVbWBVVc849?= =?us-ascii?Q?dJp4b6/3/I+1xj319lehdBYAl2eN7a7Or5Anj3RWKVGwhy7YU4yeGL6rakBA?= =?us-ascii?Q?V++x0Ejjqwvm+2F1LTlP7whfLWkMySMQoLx2srdtT2fSsJzlrVTt4aHv9yvZ?= =?us-ascii?Q?aY/jfIdBmRBH+YtaTf/OslPVPQCQvtBgnnTou+u+jSTxXt3EcIDELEC1UZa7?= =?us-ascii?Q?bXSIz2JWe1frgmWUO0v5mYgX4vUYEC7IcEWh97ef6VUG6NsITAubTWyaVIDu?= =?us-ascii?Q?E4Q4Y++2D+mAmG3kfRwgJQKEdKJHeyd880RxkKfPgjq5exDs4dnnplvMAc9H?= =?us-ascii?Q?FtxVXPZfyU3AHn9v7UmLdvKpgh7Hqt3GSohCe1gEDDGPAS9BiQ4YVtnLI4dc?= =?us-ascii?Q?ROAZVYlsHGDCNT1LWmC7i87zWkVEqllLDwzwZwTQlIME8klgfrKUOWs26Bx1?= =?us-ascii?Q?xZ9tlkl0o713MvU=3D?= Here is the email message I received Hello Mr/Mrs, acknowledge this message is for our record purposes. Kindly re-confirm to us with the status of our Due invoices, as we currently have to give you a new updated Bank information. I will like to draw your attention to the fact that due to high taxes imposed by the government, we no longer receive payments in our local account. Hence the reason for our earliest mail to you. Subsequently to your acknowledgement of this mail, please let me know when you will be making payment to enable me send you our updated account information. We apologies for any inconvenience this may bring to you. Your immediate response will be highly appreciated, and if you do have any Question, do let us know. Regards, Mrs Joy Accounting Team
  24. please help me guys, my dad need his data soon.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up