All Activity

This stream auto-updates     

  1. Today
  2. Decrypted 0 files! Skipped 33 files. [!] No keys were found for the following IDs: [*] ID: M5DZiTJAwyhnvx8jy5wW0RkzyjGnT5kTWYzlziWT (.nasoh ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:FF:FA:C1:D0:1D, 0C:C4:7A:B5:1E:DD, C8:3A:35:C4:DB:D3, C8:3A:35:C4:DB:D4, C8:3A:35:C4:DB:D1 This info has also been logged to STOPDecrypter-log.txt
  3. Yesterday
  4. thank you so much for the recommendations. https://www.sendspace.com/file/smsvl2 my HKEY_USERS
  5. Does anyone can help me my computer was attack by "Carote ransomware" all my files left encrypted with the extension name .carote ransomware Any decrypted software to help me recover all my files.
  6. This is Nemty Ransomware Detections: DrWeb -> Trojan.Siggen8.40291 BitDefender -> Trojan.GenericKD.41613105 Emsisoft -> Trojan.GenericKD.41613105 (B) Malwarebytes -> Ransom.Nemty Symantec -> ML.Attribute.HighConfidence Kaspersky -> Trojan-Ransom.Win32.Gen.snw
  7. plz ,help me to decrypt my files the following message is taken from STOPDecrypter : [!] No keys were found for the following IDs: [*] ID: c6sBODdV0QWTQDWrTOKf1sdQ0w778V8uZ0qrJqNq (.vesrato ) [*] ID: c6sBODdV0QWTQDWrTOKf1sdQ0w778V8uZ0qrJqNq (.docx ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:25:64:92:10:F2, BA:76:3F:38:7E:B4, BA:76:3F:38:76:B4, 00:FF:F7:CC:82:79, B8:76:3F:38:7E:B4 This info has also been logged to STOPDecrypter-log.txt _readme.txt
  8. Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offer https://sharewareonsale.com/ - daily discounts, excluding 100% Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Office https://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux. Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs.
  9. I downloaded this archive. You can remove it from the site 'sendspace' , if you saved a link to manage the file, or it will be deleted automatically after a while.
  10. The file must be archived and as the zip-file attached to message or upload to www.sendspace.com. --- PM - this is Personal Message
  11. In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\
  12. Most ransomwares will automatically delete themselves after they finish encrypting files, but some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best practice to check and make sure that no such components have been left behind, so we recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (just attach the log files FRST saves to your message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  13. Hello @Mounesh This is the result of the STOP-Djvu Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  14. plz ,help me to decrypt my files the following message is taken from STOPDecrypter : [!] No keys were found for the following IDs: [*] ID: c6sBODdV0QWTQDWrTOKf1sdQ0w778V8uZ0qrJqNq (.vesrato ) [*] ID: c6sBODdV0QWTQDWrTOKf1sdQ0w778V8uZ0qrJqNq (.docx ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:25:64:92:10:F2, BA:76:3F:38:7E:B4, BA:76:3F:38:76:B4, 00:FF:F7:CC:82:79, B8:76:3F:38:7E:B4 This info has also been logged to STOPDecrypter-log.txt
  15. what is this? kkk https://www.sendspace.com/file/9fjoyn PROFESSOR, I THINK i've got the ransom from this keygen. I was trying to crack the office so, i only clicked in the office option and tried to crack it. i cant upload my regedit. it gives me an error. "-200"
  16. Please upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply so that one of our experts can review them
  17. Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool again. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished". Select the following items: [PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found [PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) C:\Windows\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090236034\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08232019090239737\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\Mail.Ru -- N/A -> Found [PUP.Gen1|PUP.MailRU (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1746082704-2882651586-2436767360-1001\Software\AppDataLow\Software\Mail.Ru -- N/A -> Found >>>>>> XX - Uninstall [PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- N/A -> Found >>>>>> O87 - Firewall [PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C7F849EF-2A4F-454A-9EB0-EB676A21D505} -- (Easeware Technology Limited) v2.28|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\Easeware\DriverEasy\DriverEasy.exe|Name=Driver Easy|Desc=Allow Driver Easy Access Internet to Scan and Download Drivers.| (C:\Program Files\Easeware\DriverEasy\DriverEasy.exe) -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found [PUP.AutoIt.Gen (Potentially Malicious)] (shortcut) OP Auto Clicker.lnk -- C:\Users\Johnson Hwang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OP Auto Clicker.lnk => C:\Users\JOHNSO~1\DOWNLO~1\AUTOCL~1.EXE -> Found [PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\Johnson Hwang\AppData\Local\AdvinstAnalytics -> Found [PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\Users\Johnson Hwang\AppData\Local\Mail.Ru -> Found [PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Uninstall Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Uninstall Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found [PUP.Easeware (Potentially Malicious)] (folder) Easeware -- C:\Program Files\Easeware -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Johnson Hwang\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found [PUP.AutoIt.Gen (Potentially Malicious)] (file) AutoClicker.exe -- C:\Users\Johnson Hwang\Downloads\AutoClicker.exe -> Found'CODE' Click the Delete button. Attach the RogueKiller report to your next reply. The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex.txt) The highest number of [X], is the most recent Delete log.
  18. Last week
  19. Anyone heard of this yet? All of my files are encrypted by some ransomware attack called NEMTY. It even reached my back up drives and cloud storage. I am not sure what to do at this point... literally everything of importance, including business files, personal photos and videos going back a decade, etc has been hit. The virus left a document telling me to go to some TOR website. Once there it demands $1000 in btc sent to a wallet and there's a timer counting down at which point they say I have to pay double.
  20. Attached the file. roguekillerscanreport1.txt
  21. My files encrypted to .pedro extension not able to decrypt pls help
  22. If/when your decryption key is figured out, you'll be contacted privately to let you know.
  23. Not yet, but we're still working on it.
  24. Let's take a look using a different tool. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
  25. What errors (if any) are you encountering when installing? Is the issue the same on every computer? Which installer are you using? EmsisoftAntiMalwareWebSetup.exe? EmsisoftAntiMalwareSetup.exe? EmsisoftAntiMalwareSetup32.msi? EmsisoftAntiMalwareSetup64.msi? Was the installer downloaded from your my.emsisoft.com account, or from one of our static links? After a quick second look at your logs, I can see that the first and third appear to have EAM installed, however it isn't running and the last time it was it looks like it had installed a program update. Whenever you see instances of Emsisoft Anti-Malware's executables in the diag log with .old on the end of their file names, this usually means that a program update requiring a computer restart has been installed, and EAM is still waiting for the computer to be restarted. Registered Anti-Virus Products: displayName instanceGuid pathToSignedProductExe pathToSignedReportingExe productState Emsisoft Business Security {67773CDD-EA83-AD98-A2ED-386463EB3B0D} C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe.old 262144 Registered Anti-Spyware Products: displayName instanceGuid pathToSignedProductExe pathToSignedReportingExe productState Emsisoft Business Security {DC16DD39-CCB9-A216-985D-0316186C71B0} C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe.old 262144 Windows Defender {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} %ProgramFiles%\Windows Defender\MSASCui.exe %SystemRoot%\System32\svchost.exe 397584 As for the second computer, it doesn't appear to have EAM installed at all, which would suggest that different computers are having different issues.
  26. I don't know because something weird is going on with my PC. When I try to go to Windows Defender, the image I attached appears.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up