djsava

Member
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About djsava

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I just understood one thing... This is not the same decryption key for all extensions. The .doc has a number and the .docx has another number. How to recover everything in one go? When i put a docx.merry file and the original, it works for all .docx files and pdf files too. EDIT : I'm back, All files are decrypted with the combinaison ATELIER NET PUBLIC.docx and ATELIER NET PUBLIC.docx.MERRY I think it's ok for all files, i tested jpg, txt, pdf, docx.. .I try mp3 and mp4 for see. There is my MRCR results report : logMRCR2.txt It's a verry verry good job realy realy thank you !!
  2. Hello Fabian and thanks for your help.. 1.The malware was cancel by FRST.. 2.I joint files are decrypt property by mrcr: (TARIFS A4.doc) The files are in my first post. The other one are in .docx and pdf, they don't work. (This is Original files) ATELIER NET PUBLIC.docx and ATELIER NET PUBLIC.pdf 3. files that don't decrypt properly called NW. NW-ATELIER NET PUBLIC.pdf NW-ATELIER NET PUBLIC.docx ATELIER NET PUBLIC.docx.MERRY ATELIER NET PUBLIC.pdf.MERRY
  3. I have some bin.merry files, i think they broken when i When I run the program it's something wrong. .docx not working.
  4. I think it's ok for all .doc files.. It is a pity that we can not choose the type of extension to extract with the decrypter if i try to decrypt all files, there will create a copy of each corrupted original file. What extension do you want i try except .doc file ? logMRCR.txt
  5. Yes kevin i'm sorry, Jeremy says to me why it's important to do a single subject. After i saw the translate rules and i understood.
  6. the txt files about adw cleaner not working for the moment.. mp3, jpg, pdf and doc files not working too. Some doc files works
  7. Hello, Like everybody in this time, I also took the ransomeware Merry I Love You Bruce. I caught this on the site of my supplier, The characters look bad, chrome asked me to download a font (Chrome_Font.exe) and Bruce arrived. Sorry for my english, i'm from france, we are only 2 french to my knowledge to have this ransomeware. Malekal is already helping me but there they are deadlocked. Your decrypter is not working for me, do you want other encrypted files and original files ? What extension (pdf, jpg, txt, doc...) ? I can't download the Emsisoft kit, there is an 404 error. edit: The url is broken to the french rules translation to dl11.emsisoft.com english link is good) I am really in the shit because I have a company and if I do not recover my files I will to close my company. In addition I had planned the arrival of a virus, having already taken cryptowall few years ago, I received my hard disc 2 days after this infection. I am very angry ! I attach the files with FRST. (It's the second pass, the first one did with malekal.) If you want the first result with FRST, it's here : http://pjjoint.malekal.com/files.php?id=FRST_20170125_n5s15i13e14j11 http://pjjoint.malekal.com/files.php?id=20170125_b14b5k9d610 http://pjjoint.malekal.com/files.php?id=20170125_p7i9k5j8v11 The fixlist : CreateRestorePoint: CloseProcesses: 2017-01-24 23:29 - 2017-01-24 23:29 - 00091845 _____ C:\Users\JESS\Downloads\MERRY_I_LOVE_YOU_BRUCE.HTA 2017-01-24 23:05 - 2017-01-24 23:05 - 00091845 _____ C:\Users\JESS\Documents\MERRY_I_LOVE_YOU_BRUCE.HTA 2017-01-24 23:04 - 2017-01-24 23:04 - 00091845 _____ C:\Users\JESS\Desktop\MERRY_I_LOVE_YOU_BRUCE.HTA 2017-01-24 23:04 - 2017-01-24 23:04 - 00091845 _____ C:\Users\JESS\AppData\Roaming\MERRY_I_LOVE_YOU_BRUCE.HTA 2017-01-24 22:57 - 2017-01-24 22:57 - 05559264 ____N C:\Users\JESS\Downloads\aircrack-ng-1.2-rc2-win.zip 2017-01-24 22:51 - 2017-01-24 22:51 - 00091845 _____ C:\Users\JESS\AppData\Local\MERRY_I_LOVE_YOU_BRUCE.HTA 2017-01-24 23:04 - 2017-01-24 23:04 - 0091845 _____ () C:\Users\JESS\AppData\Roaming\MERRY_I_LOVE_YOU_BRUCE.HTA 2016-05-17 11:01 - 2017-01-24 23:04 - 0000177 _____ () C:\Users\JESS\AppData\Roaming\WB.CFG.MERRY 2017-01-24 22:51 - 2017-01-24 22:51 - 0091845 _____ () C:\Users\JESS\AppData\Local\MERRY_I_LOVE_YOU_BRUCE.HTA Hosts: EmptyTemp: RemoveProxy: Reboot: Here I think you have everything Thanks for you help kevin. Addition.txt Fixlog.txt FRST.txt mbam.txt Shortcut.txt TARIFS TOBOGGAN A4.doc TARIFS TOBOGGAN A4.doc.MERRY scan_170127-194458.txt scan_170127-194607.txt
  8. Hello everybody, i have the same problem from France. I have take this on a web site like stefano P with chrome_font.exe . Malekal try to find an issue, i have a lot of original files, what's extension do you favorite ? Thanks TARIFS TOBOGGAN A4.doc.MERRY TARIFS TOBOGGAN A4.doc