Like everybody in this time, I also took the ransomeware Merry I Love You Bruce.
I caught this on the site of my supplier, The characters look bad, chrome asked me to download a font (Chrome_Font.exe) and Bruce arrived.
Sorry for my english, i'm from france, we are only 2 french to my knowledge to have this ransomeware.
Malekal is already helping me but there they are deadlocked.
Your decrypter is not working for me, do you want other encrypted files and original files ? What extension (pdf, jpg, txt, doc...) ?
I can't download the Emsisoft kit, there is an 404 error. edit: The url is broken to the french rules translation to dl11.emsisoft.com english link is good)
I am really in the shit because I have a company and if I do not recover my files I will to close my company. In addition I had planned the arrival of a virus, having already taken cryptowall few years ago, I received my hard disc 2 days after this infection. I am very angry !
I attach the files with FRST. (It's the second pass, the first one did with malekal.)
If you want the first result with FRST, it's here : http://pjjoint.malekal.com/files.php?id=FRST_20170125_n5s15i13e14j11 http://pjjoint.malekal.com/files.php?id=20170125_b14b5k9d610 http://pjjoint.malekal.com/files.php?id=20170125_p7i9k5j8v11
The fixlist :
2017-01-24 23:29 - 2017-01-24 23:29 - 00091845 _____ C:\Users\JESS\Downloads\MERRY_I_LOVE_YOU_BRUCE.HTA
2017-01-24 23:05 - 2017-01-24 23:05 - 00091845 _____ C:\Users\JESS\Documents\MERRY_I_LOVE_YOU_BRUCE.HTA
2017-01-24 23:04 - 2017-01-24 23:04 - 00091845 _____ C:\Users\JESS\Desktop\MERRY_I_LOVE_YOU_BRUCE.HTA
2017-01-24 23:04 - 2017-01-24 23:04 - 00091845 _____ C:\Users\JESS\AppData\Roaming\MERRY_I_LOVE_YOU_BRUCE.HTA
2017-01-24 22:57 - 2017-01-24 22:57 - 05559264 ____N C:\Users\JESS\Downloads\aircrack-ng-1.2-rc2-win.zip
2017-01-24 22:51 - 2017-01-24 22:51 - 00091845 _____ C:\Users\JESS\AppData\Local\MERRY_I_LOVE_YOU_BRUCE.HTA
2017-01-24 23:04 - 2017-01-24 23:04 - 0091845 _____ () C:\Users\JESS\AppData\Roaming\MERRY_I_LOVE_YOU_BRUCE.HTA
2016-05-17 11:01 - 2017-01-24 23:04 - 0000177 _____ () C:\Users\JESS\AppData\Roaming\WB.CFG.MERRY
2017-01-24 22:51 - 2017-01-24 22:51 - 0091845 _____ () C:\Users\JESS\AppData\Local\MERRY_I_LOVE_YOU_BRUCE.HTA
Here I think you have everything
Thanks for you help kevin.
TARIFS TOBOGGAN A4.doc
TARIFS TOBOGGAN A4.doc.MERRY