Jump to content

Sarah W

Emsisoft Employee
  • Posts

    226
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Sarah W

  1. Hi Morty, Sorry about the delay, took a little while to add what we needed, but please download the newest version of the decrypter . You will need to go to options and insert Wosar is a pig dancing on the wardrobe. as the salt (needs to be exactly this), and [email protected] as the email. Then click calculate for the ID. After that, you can return to the Decrypter tab and then click decrypt. Regards, Sarah
  2. Hi BenSan, Sorry about the delay, you can run the tool on another system but you would need to have the encrypted files on that system that you wanted to decrypt. We'll think about adding that option where you can save the key. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  3. Hi Theamoebson, BTCWare is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  4. Hi xginx, Looks like the infection is gone now. Regards, Sarah
  5. Hi xginx, How is the system running now? Can you access Avast and task manager? Please re-run FRST, put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply. Regards, Sarah
  6. Hi Davepens, You should see this: You need to click on Download This File. Then fill in the captcha. Regards, Sarah
  7. Hi xgent, Unfortunately, Sage ransomware is not decryptable. Your best bet is to wait for a solution that may happen at some point if you don't want to pay (I suggest not, if possible). A good backup procedure is very important and well worth the investment. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  8. Hi Gusi, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  9. Hi josevm700, Hopefully we have a solution eventually. Regards, Sarah
  10. Hi xginx, Sorry about that. Download from here, and follow the rest of the instructions. Regards, Sarah
  11. Hi Davepens, Try and download it from here, follow the rest of the instructions after. Regards, Sarah
  12. Hi Brenda Chandler, Sorry for the delay, I happened to miss your topic. To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable. Regards, Sarah
  13. Hi Daniel, I merged your post with the Locky topic. Locky is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  14. Hi vettalex, You are most welcome. Glad we could help! Usually, Globe comes in via RDP, so if you know that you have that enabled, please change the passwords to something more secure. If you appreciate our decrypter and want to support the work we do, I suggest checking our product out, and consider buying it. Regards, Sarah
  15. Hi Morty, Perfect, that's what we are looking for. Give us a few days and we'll have something for you. Regards, Sarah
  16. Hi vettalex, Please download and use this decrypter. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. Regards, Sarah
  17. Hi Panos and manelv, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  18. Hi xginx, We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply ================================================================= We need to remove programs using "Programs and Features" Click the "Start" orb on the taskbar, and then click the "Control Panel" button. If you use Category mode, click on Uninstall a Program. If you use Icons mode, click on Program and Features. A list of programs installed will be "populated" (this may take a bit of time). If they exist, uninstall the following by clicking on the below entries and selecting "Remove": Advanced SystemCare 10 Reimage Repair WindowsMangerProtect20.0.0.1064 Additional instructions can be found here if needed. ================================================================= Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator The tool will start to update the database if one is required. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Logfile button. A window will open which lists the logs of your scans. Click on the Scan tab. Double-click the most recent scan which will be at the top of the list....the log will appear. Review the results...see note below After reviewing the log, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report). To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list. Copy and paste the contents of AdwCleaner[CX].txt in your next reply. A copy of all logfiles are saved to C:\AdwCleaner. ================================================================= Reply here and attach the following logs to your post: fixlog.txt AdwCleaner log Regards
  19. Hi josevm700, We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution. Regards, Sarah
  20. Hi Davepens, Please download removecrypted.bat and run it. It should delete the crypted files. Regards, Sarah removecrypted.bat
  21. Hi Sergio, Al-Namrood 2 is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  22. Hi TCO Jason, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah
  23. Hi rooterz and xginx, PCLock is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. xginx, if you think you're infected then please do this for me: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Reply here and attach the following logs to your post: Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt
  24. Hi Davepens, Did you get any errors? Regards, Sarah
  25. Hi vettalex, Sorry, I just wanted to check what the ransom note was named so I can identify the specific globe variant you were hit with. If you have the globe.exe file then submitting that will help too. Regards, Sarah
×
×
  • Create New...