All Activity

This stream auto-updates     

  1. Past hour
  2. It is a pity, I said above, that every time these extortionists change something. Very changeable Ransomware. The previous versions they could decipher. It was also with Scarab Ransomware, decrypted easily, then it became difficult, and later decrypt could not feasible. Impossible now - maybe in the future. No need to delete files if they are valuable to you.
  3. Today
  4. i know it that's why i deleted all my encrypted files
  5. Hello guys My files are encrypted, and I really need my data base, but when I run stop decrypter I got this message. [+] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK [*] MACs: 00:40:A7:27:6B:AD This info has also been logged to STOPDecrypter-log.txt Selected directory: C:\Users\Thays\Documents Starting decryption... [+] File: C:\Users\Thays\Documents\SISGER.FDB.gerosan [-] No key for ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan ) [-] Fatal Error: (5) Acesso negado: [C:\Users\Thays\Documents\Meus Vídeos] [-] Aborting Decrypted 0 files! Skipped 1 files. [!] No keys were found for the following IDs: [*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:40:A7:27:6B:AD This info has also been logged to STOPDecrypter-log.txt Can someone help me. I dont't care my other files, but I really need this one.
  6. Bad news, DrWeb says: Hello! A case of Trojan.Encoder.26657 Decryption is not feasible.
  7. help. No key for ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) Unidentified ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) MACs: 20:68:9D:EE:6F:72, 08:60:6E:8B:55:73, 20:68:9D:EE:29:B8
  8. Hallo Oli, vielen Dank für Ihre Rückmeldung. Die Datei wget.exe wurde laut unseren Malware-Analysten digital signiert und sollte daher nicht von Emsisoft Anti-Malware blockiert werden. Möglicherweise gab es zu dem Zeitpunkt ein Verbindungsproblem so dass die Verhaltensanalyse die Datei dann doch gemeldet hat. Wir haben die Datei nun in die Whitelist aufgenommen. Bitte lassen Sie mich wissen wenn wir Ihnen noch behilflich sein können.
  9. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  10. help me. [!] No keys were found for the following IDs: [*] ID: bdq0AAasBwkQPXS021RM1yFTm3a7SElwnVsi7yVY (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 20:68:9D:EE:6F:72, 08:60:6E:8B:55:73, 20:68:9D:EE:29:B8 This info has also been logged to STOPDecrypter-log.txt
  11. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  12. +] Loaded 44 offline keys Please archive the following info in case of future decryption: [*] ID: lJCZMQXyGgQ8ul5DOFGuRy4bQicztQ5wLCRucHjp [*] MACs: 44:8A:5B:D5:8E:D2 This info has also been logged to STOPDecrypter-log.txt
  13. Yesterday
  14. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  15. Deleting the ransom note can lead to problems identifying the ransomware and/or decrypting your files later on. It is recommended to leave the ransom notes alone, and allow them to remain alongside the encrypted files.
  16. All my file encrypted but the extension and neme of this files doesn't changed. The message " readme.txt - Notepad "
  17. Now that I take a second look at this, something has messed up the log output from STOPDecrypter too badly for it to be useful. Could you try running STOPDecrypter again? It might also help if you attach STOPDecrypter's log to a reply (if you followed the instructions here then it will be in your Downloads folder in a folder named STOPDecrypter).
  18. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. BTW: I removed your e-mail address. Posting it publicly only invites spam, scams, and the criminals who made the ransomware to contact you to let you know that they can decrypt your files (for a "small" fee of course).
  19. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  20. OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects. You can attach a copy of the scan report here for me to review. They are usually in the following location: C:\EEK\Reports
  21. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  22. This is more than likely GlobeImposter 2.0. You can confirm this at ID Ransomware: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  23. Please download the following fixlist.txt file and save it to the Desktop: https://www.gt500.org/emsisoft/fixlist/2019-06June-18/yousef_elmalk/fixlist.txt NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop. Run the FRST download from earlier, and press the Fix button just once and wait. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.
  24. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  25. ID Ransomware can have false positives, however if it does then we can inquire about getting those fixed.
  26. Note that if shared files on a computer were encrypted, but nothing else (meaning the computer wasn't actually infected), then you might be able to recover some files using file undelete/recovery tools or Shadow Explorer.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up