RP45

Member
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RP45

  • Rank
    New Member
  1. So I found those files that were running "windows_update" and "update" in the background and was able to stop them and the cpu lightened up after I stopped them maybe that's what was stopping it. And you're saying run the FRST and choose fix and not run decrypt_apocalypse.exe?
  2. It was actually a program called "windows_update" and separate program called "update" traced it back to a public folder named jb-JP and couple of sub folders with the bat files in them. Renamed all .bat to OLD and zipped it and then deleted the folder and reboot and no more cpu usage from windows_update or update. I have a copy of the zip on a virtual machine I can upload if it will help.
  3. Ok here's what I did 1 Boot to safe mode 2 Uncheck Windows Update under services 3 Reboot and run the Apocalypse Decryption tool. The tool ran as before with no results and fixlist.txt and FRST on the desktop 4 Ran FRST program and clicked "fix" the program ran 48 hours with no results Mon morn check FRST running stopped with task manager. In the task manager noticed "windows update service" and another service called "update" running and taking about 95% cpu. Looking thru the services panel "Windows Update Services" is disabled.
  4. so I'm going into safe-mode to stop the window update service from starting, then reboot to regular mode with FRST and fixlist.txt on the desktop and run the Apocalypse Decryption tool from the desktop? Is this the steps
  5. Didn't work, booted win server 2012 to safe mode with networking. ran msconfig uncheck windows update service and applied no restart. copied fixlist.txt and decrypt_apocalypse.exe. ran it three different times. in the DecriptLog1.txt I browsed to file that are encrypted and that was the print out. I have a copy of the Peachtree/Sage database I need to decrypt I can upload a zip if needed. Everything else on the server can be replaced if we have to. the database is about 3 months of data we're trying to avoid rebuilding. Thanks for your help DecriptLog.txt DecriptLog1.txt DecriptLog2.txt fixlist.txt
  6. Thank you so much for your help. I'm off to the clients now and will let you know how it went
  7. New clients computer encrypted, my back is against the wall. Their backup was corrupted to. Was able to save a few that were encripted and have a good back up on if it helps FRST.txt Scan_161220-162330.txt Addition.txt DefaultConnectorsConfig.xml.ID-11C53BA7US[[email protected]].oqa1adcarqbfa PipeBendDefaultValues.txt.ID-11C53BA7US[[email protected]].oqa1adcarqbfa projSymbolStyle.dwg.ID-11C53BA7US[[email protected]].oqa1adcarqbfa DefaultConnectorsConfig.xml PipeBendDefaultValues.txt projSymbolStyle.dwg