Plagocki

Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Plagocki

  • Rank
    New Member
  1. sorry - that was TeamViewer copy again :-( Here is the file malware.zip
  2. Fortunately i have a sample of the encryption Software. it was embedded to start on the infected Server if you Login with another admin account via registry, i saved the .exe file to another Directory for later Investigation purposes.Should i upload this file here?
  3. One of our Customers was attacked at 2. December. It seemed to be via an RDP Port and used an old Account we had not used for years. Allmost all files were encryped ( he hit 7 Servers), shadow copys deleted, the backup was deleted manually, we were able to restore many files from the last Server, where the process was not fully completed, and the shadow copy were still there. But we have still files that are not accessible. The Decryptor from Emsisoft for nmoriea doesn´t work - we tried different files (txt, doc, pdf) with no result. Will there be a new Version of the decryptor? Thanks for any help :-) Torkret_Weimar_2001.07.31.doc.__AiraCropEncrypted!