GT500

Emsisoft Employee
  • Content Count

    9654
  • Joined

  • Days Won

    279

GT500 last won the day on June 16

GT500 had the most liked content!

Community Reputation

558 Excellent

9 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

47113 profile views
  1. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  2. Deleting the ransom note can lead to problems identifying the ransomware and/or decrypting your files later on. It is recommended to leave the ransom notes alone, and allow them to remain alongside the encrypted files.
  3. Now that I take a second look at this, something has messed up the log output from STOPDecrypter too badly for it to be useful. Could you try running STOPDecrypter again? It might also help if you attach STOPDecrypter's log to a reply (if you followed the instructions here then it will be in your Downloads folder in a folder named STOPDecrypter).
  4. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. BTW: I removed your e-mail address. Posting it publicly only invites spam, scams, and the criminals who made the ransomware to contact you to let you know that they can decrypt your files (for a "small" fee of course).
  5. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  6. OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects. You can attach a copy of the scan report here for me to review. They are usually in the following location: C:\EEK\Reports
  7. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  8. This is more than likely GlobeImposter 2.0. You can confirm this at ID Ransomware: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  9. Please download the following fixlist.txt file and save it to the Desktop: https://www.gt500.org/emsisoft/fixlist/2019-06June-18/yousef_elmalk/fixlist.txt NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop. Run the FRST download from earlier, and press the Fix button just once and wait. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.
  10. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  11. ID Ransomware can have false positives, however if it does then we can inquire about getting those fixed.
  12. Note that if shared files on a computer were encrypted, but nothing else (meaning the computer wasn't actually infected), then you might be able to recover some files using file undelete/recovery tools or Shadow Explorer.
  13. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  14. Repeatedly posting your information won't help get your files decrypted faster. Right now all you need to do is give us time, and we'll do what we can to help you.
  15. Many ransomwares have the capability to access network shares and encrypt files on them. My recommendation is a backup solution where the backup media does not remain connected to the computer when not in use (such as using USB drives or tape drives). Cloud backups are nice as well, however in many cases where ransomware is executed on a computer by an attacker who compromised RDP they will access cloud backup settings and delete any backups if they can, making the cloud backup system useless. Cloud backups also tend to be slower than having local media to restore from, which makes them less practical (I know of a hospital which paid a ransom rather than restore from cloud backups due to the amount of time restoring from cloud backups would take costing them more than the ransom).