All Activity

This stream auto-updates     

  1. Yesterday
  2. Thread ClosedReason: Lack of ResponsePM either Kevin, Elise, or Arthur to have this thread reopened.The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  3. My files have been encrypted by this ransomware. See attached note. Does anyone have or knows of a decrypter for this? If not, does anyone know whether Emsisoft is developing a decrypter? !!!CHEKYSHKA_DECRYPT_README.TXT
  4. ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-JBwR4re7bR Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Mark Data Restore Your personal ID: 119Asd3768237IhsdfkJ1gULNhQ2LQSxjDn4VT9YiYooR7tH2nl7UxFuvq
  5. The format of the encrypted file and a ransom note indicates that this is a new variant of Matrix Ransomware. I have no doubt in this case. But for the doubters, we can always use the service "ID Ransomware" and check the files. Result >>
  6. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .darus extension is added to encrypted files. This is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  7. Good day, my files have been encypted with "QH24" extension. this happened around the beginning of July. I have attached a sample file and a word document left on the computer.[[email protected]].3qVkykwX-gxlMxapq.QH24 !QH24_INFO!.rtf [[email protected]].xv6ggZGG-K5FYCPoV.QH24
  8. ولدي هذه المشكلة
  9. My apologies for jumping aboard, but this happened to me too 2019-06-19 on both my computers. Later Firefox updates went OK, but today (2019-07-22) it happened again, when updating FF from 68 to 68.0.1 This time I had debug logging activated. Events were as follows: Turned on debug logging EAM updated itself (hadn't used the computer for several days) Restarted 13:03 Started Firefox but did nothing with it (home page is a local html file) 13:08 Got the update offer pop-up. Clicked “Download Update” 13:10 Restarted Firefox: it does the actual update on restarting Got the EAM BB warning . The ”Will quarantine in xx seconds” text seemed to stay at “in 6 seconds” Clicked “Wait, I think this is safe” and Firefox started 13:11 Closed Firefox and turned off EAM debugging 13:13 Restarted the computer. Computer is an old HP EliteBook 8440p running under Windows 7 Pro, 32-bit Debug logs sent as described above, referring to this post.
  10. hi , my pc was effected with darus virus i cleaned the pc but i cant able to open the files guys please help me in this can i get my data restored
  11. https://www.virustotal.com/gui/file/4b007073586ededba08b535b724703e0ac59806fae66bbfdb5a098e4d8cc5d29/detection https://www.hybrid-analysis.com/sample/4b007073586ededba08b535b724703e0ac59806fae66bbfdb5a098e4d8cc5d29
  12. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .madek extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  13. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. The .berosuce extension is added to encrypted files. If this is a variant has not been added to the decryptor two days ago, but in some cases offline-keys may coincide. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  14. This is reported by extortionists in the reply letter. Addresses are in the note. It will be expensive.
  15. What would be the cost for the decryptor?
  16. No free decryptor for Dharma. Only extortioners have a paid decryptor.
  17. Sorry, my bad. I may have pretended the name from the extension. So what's the possible solution of this issue?
  18. Hello @Ethel You did not answer about the name. Why did you decide that this is called the Planetarium Ransomware? The format of the encrypted file and a ransom note indicates that this is a variant of Dharma Ransomware. This extension appeared in the Dharma arsenal in May 2019 with another email. I have no doubt in this case. But for the doubters, we can always use the service "ID Ransomware" and check the files. Result >>
  19. Hello, Here's the sample 2 encrypted files and the original ransom note. Kindly take a look and let me know you feedback. Regards Ethel customer support survey.xlsx.id-0A9A33E1.[[email protected]].PLUT written test question-customer support executive.doc.id-0A9A33E1.[[email protected]].PLUT RETURN FILES.txt
  20. Last week
  21. Hi my compter was attacked with .madek. Does anyone has a solution?
  22. Attach a ransom note _readme.txt to your message. Do not change anything. This should be the original.
  23. Attach a ransom note _readme.txt to your message. Do not change anything. This should be the original.
  24. please help me as sone as possible
  1. Load more activity
  • Who's Online   0 Members, 0 Anonymous, 42 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up