dtwestoz

Hi Elise, heres the first lot: vyde.exe: https://www.virustotal.com/en/file/b6a1d2bd1b659cb434d0e9d3701e7ad5948337a23d69e2c291f8e2e8631a03b0/analysis/1462025812/ a2.exe: https://www.virustotal.com/en/file/5fc3bd579565b862660482ede2156b19230b4f7b23c5f21348a4c8e3e38de613/analysis/1462026266/ ggqcujdk.dll: https://www.virustotal.com/en/file/05627202e4890114285b24177512b6a1733c2a0e4af905763b65b92a8fdbb5bb/analysis/1462026398/ pchrekxt.dll: https://www.virustotal.com/en/file/aac8074fe38d05144bfe6d0b3f8eb1ed0c65272b68f0df549858139ed34f71ba/analysis/1462026489/ qbdhanzj.dll: https://www.virus

I've got the other executables and dll files but I think they are subsequent malware infections.

Thanks for the response Elisa. From memory the dropper is deleted at the end of the encryption process which looks like it completed. Would it be located in the %TMP% folder?

Hello, I've been asked to look at a Nemucod issue that has encrypted files which the Emsisoft decrypter will not decrypt. I've disabled the infection and run the decrypter on the same machine using an encrypted file and an original from a backup. But get the error: "The decrypter could not determine a valid key for your system. Please drag and drop both an encrypted file as well as its unencrypted counterpart on to the decrypter to determine a correct key. Files need to be at least 510 bytes long." Unfortunately there are some important recent files that were not backed up as it looks