Popular Content

Showing content with the highest reputation on 09/16/19 in all areas

  1. 1 point
    Perhaps this is the only chance to return some of their files. You can add this links to the sample on the VT website in the ticket. DrWeb experts will gain access to it through an affiliate program. https://www.virustotal.com/gui/file/5106d847e6fecd52295ab7e01ce2e7525e3107f6a2d4dd3fc2956a8db970e799/detection https://www.vmray.com/analyses/5106d847e6fe/report/overview.html
  2. 1 point
    DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  3. 1 point
    In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\
  4. 1 point
    Most ransomwares will automatically delete themselves after they finish encrypting files, but some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best practice to check and make sure that no such components have been left behind, so we recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (just attach the log files FRST saves to your message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  5. 1 point
    Hello @Mido This is the result of the STOP-Djvu Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Extension .kvag - this is new variant of STOP Ransomware. Until recently, it was possible to collect some information and add it to STOP-Decrypter. Now this does not help. We expect changes in the decryption method. But so far there is no such news and the victims remain with encrypted files. I repeat, there is no way to decrypt files yet. Any site that offers decryption for this variant may be a scam site. Be careful.
  6. 1 point
    Please upload a copy of the ransom note and an encrypted file here and post back with the result. https://id-ransomware.malwarehunterteam.com
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up