-
Content Count
226 -
Joined
-
Last visited
-
Days Won
10
Everything posted by Sarah W
-
Hi DRUG, Please share the two files you used. Regards, Sarah
-
Stampado (I think) trying to decrypt.
Sarah W replied to Morty's topic in Help, my files are encrypted!
Hi Morty, Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter . You will need to go to options and insert Wosar is a pig dancing on the wardrobe. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. After that, you can return to the Decrypter tab and then click decrypt. Regards, Sarah -
Crypton tool: Search Key and decrypt files later
Sarah W replied to BenSan's topic in Help, my files are encrypted!
Hi BenSan, Sorry about the delay, you can run the tool on another system but you would need to have the encrypted files on that system that you wanted to decrypt. We'll think about adding that option where you can save the key. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah -
Hi Theamoebson, BTCWare is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
-
My files are infection/ with CryptoLocker / Pclock
Sarah W replied to rooterz's topic in Help, my files are encrypted!
Hi xginx, Looks like the infection is gone now. Regards, Sarah -
My files are infection/ with CryptoLocker / Pclock
Sarah W replied to rooterz's topic in Help, my files are encrypted!
Hi xginx, How is the system running now? Can you access Avast and task manager? Please re-run FRST, put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply. Regards, Sarah -
Decrypt nemucod worked perfectly
Sarah W replied to Davepens's topic in Help, my files are encrypted!
Hi Davepens, You should see this: You need to click on Download This File. Then fill in the captcha. Regards, Sarah -
Infettati file jpeg,psd,png,ecc.
Sarah W replied to Massimo's topic in Help, my files are encrypted!
Hi Massimo, Unfortunately, Hermes 2.0 ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah -
Hi xgent, Unfortunately, Sage ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
-
Hi Gusi, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
-
Hi josevm700, Hopefully we have a solution eventually. Regards, Sarah
-
My files are infection/ with CryptoLocker / Pclock
Sarah W replied to rooterz's topic in Help, my files are encrypted!
Hi xginx, Sorry about that. Download from here, and follow the rest of the instructions. Regards, Sarah -
Decrypt nemucod worked perfectly
Sarah W replied to Davepens's topic in Help, my files are encrypted!
Hi Davepens, Try and download it from here, follow the rest of the instructions after. Regards, Sarah -
Hi Brenda Chandler, Sorry for the delay, I happened to miss your topic. To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable. Regards, Sarah
-
Hi Daniel, I merged your post with the Locky topic. Locky is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
-
All my files encrypted with .global - Help Me -
Sarah W replied to vettalex's topic in Help, my files are encrypted!
Hi vettalex, You are most welcome. Glad we could help! Usually, Globe comes in via RDP, so if you know that you have that enabled, please change the passwords to something more secure. If you appreciate our decrypter and want to support the work we do, I suggest checking our product out, and consider buying it. Regards, Sarah -
Stampado (I think) trying to decrypt.
Sarah W replied to Morty's topic in Help, my files are encrypted!
Hi Morty, Perfect, that's what we are looking for. Give us a few days and we'll have something for you. Regards, Sarah -
All my files encrypted with .global - Help Me -
Sarah W replied to vettalex's topic in Help, my files are encrypted!
Hi vettalex, Please download and use this decrypter. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. Regards, Sarah -
Hi Panos and manelv, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
-
My files are infection/ with CryptoLocker / Pclock
Sarah W replied to rooterz's topic in Help, my files are encrypted!
Hi xginx, We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the -
Hi josevm700, We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution. Regards, Sarah
-
Decrypt nemucod worked perfectly
Sarah W replied to Davepens's topic in Help, my files are encrypted!
Hi Davepens, Please download removecrypted.bat and run it. It should delete the crypted files. Regards, Sarah removecrypted.bat -
Hi Sergio, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
-
Hi TCO Jason, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
-
My files are infection/ with CryptoLocker / Pclock
Sarah W replied to rooterz's topic in Help, my files are encrypted!
Hi rooterz and xginx, PCLock is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. xginx, if you think you're infected then please do this for me: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPOR