Billy C

Thank you for getting back to me. Please message me options. Luckily, it's not a super emergency.

Hi Sara, Unfortunately the owub.exe is no longer in the location. I checked the virus vault in avast and a few other scanners (malwarebytes) to see if it caught anything but no trace. Currently doing a deep search for it on the computer. Hopefully will update soon. Yes, it seems like 2 different ransomewares. the .hta extension first and then the .html version with both .crypt extensions. After 2nd run of the decryptor

Hi All, So I have an issues in which it looks like the files are encrypted twice by two different crypt versions. I ran the tools but not of them worked. I've tried some other tools and it errors saying that files are not exact same size. Seems like the encrypted files are slightly larger by variant sizes. Ransomeware gave me 4 possible variants on the upload. Seems like it was first encrypted with an earlier variant of a .crypt (how to open file.hta) Then by how to open files.html as the hta files are also.crypt. I've attached a few pairs to see the different size variants between the files. I couldn't find an exe or any suspicious quarantine file so I loaded the FRST.txt file as well. HOW_OPEN_FILES.hta.crypt FRST.txt HOW_OPEN_FILES.html cmain.dll.zip

Thank you very much! It work perfectly. I tried it using version 1.0.0.50. I did have a few bumps while i was testing that may help others with any issues. I had copied the files that were infected to another machine. When I tried running the decryptor on the other machine it found keys to try but did not work. It was only when I went to the original infected machine did it generate additional keys to try and then it worked. I ran it in a few different scenarios and came up with the same issue if I didn't use the original infected machine. Again thank you all for the work you guys do. I know what software to recommend when people ask for antivirus requests.

Hi all, I started a new thread so I don't piggyback off of Pen's original post. I've been following the post and tried the new update that was released to decrypt the Merry I love you bruce encryption, but unfortunately I get the same message that it can't find a decryption key. I've uploaded the exe and the pair of files I used for the decryption. I thank everybody involved with this project. Deposits Dec 2016.zip

I believe this to be the exe file that caused the encryption. I'm having the same exact issues with the I_LOVE_YOU_BRUCE html application. MerryS.exe

I too am dealing with a machine that has the MERRY_I_LOVE_YOU_BRUCE.HTA that doesn't work. Hoping for a new update with this variant. Fingers crossed.