All Activity

This stream auto-updates     

  1. Past hour
  2. Yesterday
  3. Just got infected, got lucky to react fast and stop encrypting before my imprtant stuff got encrypted. Managed to stop it by turning off pc and disabling from start up and disconnecting lan cable. Now I am in safe mode. Becouse I still have my files unencrypted, I would like if someone could my help how to get rid of the this virus without formating whole system. I deleted files in temp folder, file from startup "Sdfsd" and all suspicious files next to that one in appdata. Deleted .job file in windows/Task folder. Encrypted files are .DOCM Does this virus spread if I connect usb to my pc and than somewhere else. Is it safe if it does to after unpluging from infected system to format usb using otg adapter with android phone and then putting programs for removal of virus. Virus started by encrypting most of the desktop and than my ­čśž( cannot remove smiley for some reason)D disk drive folders from the bottom to the top by name. I stoped it while it was encrypting steamlibary, luckily I had se big games in size so I had time to react. As I said I would appreciate help to remove it and one last thing, is it safe to turn connection back on and go out of the safe mode? Writing from a phone. Just got an idea. Since my system is installed on ssd, but all important files are on hdd, will I be safe if I unplig hdd, reinstall windows and after that plug back hdd. Is virus only stored on system partition? Is it a smart idea to do that?
  4. Hello @RockyS If this has encrypted your files, then it is urgent to file a complaint with the administration of github.com --- Compare this information with yours. All the same as by you? This is in the Update June 3, 2019 in my article GlobeImposter Ransomware. Victims sent me samples. Test results: VT + VMR - Perhaps they will help decryption specialists figure out something. There is no free way and free tool to decrypt files. Alas.
  5. Hello @swarup anand GT500 will answer you later. Let's put some order in the anti-virus protection of your PC by looking at the logs you provided. How does all this live in your computer? Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program. Uninstall ESET Online Scanner. This is a quick scan tool and it will not protect your PC from threats. Uninstall AVAST Software modules or using an official tool 'avastclear'. Perhaps they are left from the previous installation. https://www.avast.com/uninstall-utility --- Why is Quick Heal Total Security inactive? Is the license expired or have you disabled it yourself? If over, then uninstall. If turned off and forgot, turn it on after you finish cleaning. --- I recommend choosing something that previously protected your PC better, and another to uninstall. Antivirus protection must be active, actual and complex (antivirus, firewall, other security features). If the licenses has expired and you do not plan to renew - immediately uninstall. --- If nothing is left and all inactive antiviruses are removed, then you can download and install Emsisoft Anti-malware (30 days free) after restarting the PC. --- Try not to use free antivirus software, because their security capabilities are very limited. It is better, safer and smarter to use a paid comprehensive antivirus product. It has more functionality and is able to protect your PC and your online privacy. The choice is yours.
  6. all my file are encrypted with ransomware then extension .browec has been added with all my file plz help me there is no any decryptor for .browec ransomeware i am waiting for it plz make it as soon as possible
  7. Hello @Anand812 In the screenshot in the lower right corner there is a logo PHOBOS. This is Phobos Ransomware. I have been tracking activity this Ransomware since October 2017. Until now, no one has released a free decryptor who could decrypt files of different versions. --- You can attach the original memo file and several encrypted files to your message so that I can catalog this variant. --- You can subscribe to this topic and receive notifications about any new cases and attempts to decrypt, if it will be in the future.
  8. dear sir GT 500 my files were infected with .kiratos EXT, and below my mac address, is there any help ? and there is a sample of file thanks in advance MAC_Addresses.txt 00f43dedbe88a8b4b433cdf289cc1ee1.aac.kiratos.zyaspgnf.kiratos
  9. After Using this Script https://github.com/DrEmpiricism/Optimize-Offline My Hard Drives All Media file Become DOCM File.Also There is Note as "Restore my file". I am installing Antivirus for remove that Virus.I am Still Dont know is there any way to recover those file's There been a lot of memory Images Encryped too. Can help!!! Thanks in Advance
  10. Ok, many thanks for all the help! I have to return the infected PC tonight, and i've recover some files with recuva yesterday. I'll not format the computer, but left running the Emsisoft Anti-Malware, notification the owner about that ransonware's infection. There's some copy files .gerosan with me that i'll keep for help and I'm waiting for the @GT500's tool.
  11. Need still file _readme.txt He is in your C:\_readme.txt Tomorrow the @GT500 will transfer your information to the STOPDecrypter developer. Perhaps this will help.
  12. One of our servers got infected with Phobos ransomware. Currently, all horizontal communication has been stopped and all servers are in shutdown condition, with all network removed. We plan to start the physical server on safe mode and check further gradually.As there is no secure network available at site, latest patch update would be difficult. Could you please share some details about standalone utilities that can help to detect the infection and deep scan.
  13. Dear Sir please help me all my work and files are encrypted i'm trying to follow you instruction 1- downloaded FRST and scanned and the 2 files attached 2- i'm scanning the files with Kasperysky Internet security and it's deleting all malware 3- spyhunter didn't detect any malware 4 stopdecrypter no key message please help me with instruction to decrypt and get back all my files Addition.txt FRST.txt STOPDecrypter-log.txt
  14. Also attach this files: STOPDecrypter-log.txt _readme.txt
  15. Thanks for your reply .. but what shall i do ????
  16. @mdaher Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program. Uninstall McAfee Security Scan. This is a quick scan tool and it will not protect your PC from threats.
  17. Could you please help me i'm trying to follow the instruction but no clue already scanned all files with Kaspersky internet security and spyhunter when i try stopdecrypter it shows no Key kindly find attached 2 files as suggested please help me asap all my work and company paper will lost Addition.txt FRST.txt
  18. Oh thanks man. I'm looking forward to the future! ­čśŐ
  19. @Blacksharks Compare this information with yours. All the same as by you? This is in the Update June 3, 2019 in my article GlobeImposter Ransomware. Victims sent me samples. Test results: VT + VMR - Perhaps they will help decryption specialists figure out something. There is no free way and free tool to decrypt files. Alas.
  20. @GK sharma Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend´╗┐ following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  21. @Toby1222 Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend´╗┐ following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  22. Yes, use the site www.sendspace.com to upload such an archive. It is advisable to set an password 'infected' so that the service does not delete it.
  23. @Rachwell Gorblimy! Here are files from several encryptors and other malicious files. It is better to wait for the answer of the Emsisoft specialist @GT500, since it's their tool. It may be necessary to take samples of encryptor from Quarantine.
  24. Your files are now encrypted! All your files have been encrypted due to a security problem with your PC. Now you should send us email with your personal ID. This email will be as confirmation you are ready to pay for decryption key. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Contact us using this email address ->> [email protected] If we do not answer you within 48 hours Write here ->> [email protected] Free decryption as guarantee! Before paying you can send us up to 1 *.JPG files for free decryption. The total size of files must be less than 5Mb Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. ----------- Your personal ID -------------- +QIAAAAAAACFkVXmHZIJDgQkCAOzZGvszw0ue=dSSkJaMDgWMYehg9blegmtjJlYshanooSp7X9EvtF1ZrPF9YjQegwvTlGiG+En UtKg0urUjTenVJi+fP=Ym2EXRnjmciSXdhCofqJ+v7p9m7SQt45=rOQRlwGssv2CPLK4Cb5DtMRQOWjmsAEhpjLdOpz7AY7vWMZh 9NpRsYn67a=bqPcOMQfZsvtNn7BZPMoIfcAfTxzUalVLGCEMjTS+CnRzU8cuHDXP9GlS85Nz17YuZupEVNvL=BT5g8pcc04uZumA 5aa+LahhSwHWIwgqxndIby2Vjvatggq9P6uS7WBYXVhZUU1==NlNBBnTcIc2wN7m=QUeH2QlRRY3a04oTDLbmJ5yrpctWL5o6Cbt ByCMrnXwrWlaCr32I4eW8ux1ym8z -------------------------------------------
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up