Jump to content

Sarah W

Emsisoft Employee
  • Content Count

    226
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Sarah W

  1. Hi DRUG, Please share the two files you used. Regards, Sarah
  2. Hi Morty, Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter . You will need to go to options and insert Wosar is a pig dancing on the wardrobe. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. After that, you can return to the Decrypter tab and then click decrypt. Regards, Sarah
  3. Hi BenSan, Sorry about the delay, you can run the tool on another system but you would need to have the encrypted files on that system that you wanted to decrypt. We'll think about adding that option where you can save the key. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  4. Hi Theamoebson, BTCWare is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  5. Hi xginx, Looks like the infection is gone now. Regards, Sarah
  6. Hi xginx, How is the system running now? Can you access Avast and task manager? Please re-run FRST, put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply. Regards, Sarah
  7. Hi Davepens, You should see this: You need to click on Download This File. Then fill in the captcha. Regards, Sarah
  8. Hi Massimo, Unfortunately, Hermes 2.0 ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  9. Hi xgent, Unfortunately, Sage ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  10. Hi Gusi, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  11. Hi josevm700, Hopefully we have a solution eventually. Regards, Sarah
  12. Hi xginx, Sorry about that. Download from here, and follow the rest of the instructions. Regards, Sarah
  13. Hi Davepens, Try and download it from here, follow the rest of the instructions after. Regards, Sarah
  14. Hi Brenda Chandler, Sorry for the delay, I happened to miss your topic. To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable. Regards, Sarah
  15. Hi Daniel, I merged your post with the Locky topic. Locky is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  16. Hi vettalex, You are most welcome. Glad we could help! Usually, Globe comes in via RDP, so if you know that you have that enabled, please change the passwords to something more secure. If you appreciate our decrypter and want to support the work we do, I suggest checking our product out, and consider buying it. Regards, Sarah
  17. Hi Morty, Perfect, that's what we are looking for. Give us a few days and we'll have something for you. Regards, Sarah
  18. Hi vettalex, Please download and use this decrypter. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. Regards, Sarah
  19. Hi Panos and manelv, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  20. Hi xginx, We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the
  21. Hi josevm700, We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution. Regards, Sarah
  22. Hi Davepens, Please download removecrypted.bat and run it. It should delete the crypted files. Regards, Sarah removecrypted.bat
  23. Hi Sergio, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  24. Hi TCO Jason, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  25. Hi rooterz and xginx, PCLock is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. xginx, if you think you're infected then please do this for me: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPOR
×
×
  • Create New...