Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by JimmyJAPA

  1. 10 hours ago, Geng said:

    @JimmyJAPA I've heard reports of the decrypter.exe files they send you contains viruses. Can you confirm or deny this?

    Hello, Geng,

    I am aware of the possibility and I scanned the decryptor immediately after downloading it, using Microsoft Security Essentials.

    There was no virus in it.  I checked it again just now since you asked.  Still no virus.

    My system is always clean after every reboot.

    For your reference.

    10 hours ago, LeonardCaldwell said:

    Talk about "taking one for the team" (two, actually)! 

    I am not quite sure about your question, sorry.

    Could you elaborate?

  2. OMG!  Today I use Tor to connect to http://gebdp3k7bolalnd4.onion to check out information.

    It was shutdown and said,

    "This resource more is not available.

    You can find out the details decrypting files / buy decryptor + key / ask questions in the chat:
    https://fgb45ft3pqamyji7.onion.to, https://fgb45ft3pqamyji7.onion.cab (not need Tor)
    http://fgb45ft3pqamyji7.onion (need Tor)"

    It means the resource is gone?

    What should I do???!!!  Q___Q

  3. @nicksoti

    I am so sorry to hear your story, really.

    I also fell victim to a ransomware, Cry36, which locked all the files and photos that I have collected for more than 20 years, and I still can't decrypt it.

    How would they feel if they see our stories, and other thousands of hundreds'?

    I really curse these people who did this to all the victims!  Rot in hell!!!

    BTW, if you re-install your system, be sure to patch the security leaks lest you should get infected again. (I was infected twice.)


  4. Here I am again.

    After keeping searching on the Net, I finally found a ransom-paying photo.

    Just for your reference.

    BTW, could you please tell me if this Cry36 can be decrypted or not, Sarah or other staff?

    If yes, are you currently working on Cry36 or other ransomwares?

    If not, I still much appreciate your efforts as well as time devoted to this, and please tell me ASAP so that I can take time to accept it.

    Thanks a lot!


    • Upvote 1
  5. On 2017/5/11 at 9:13 AM, mclaugb said:

    The criminals also have a support box for you to send them files and your email address if the decrypt does not work for you.






    Dear McLaugb,

      This is Jimmy, another victim of the ransomware virus, gebdp3k7bolalnd4.onion.

      I saw the following sentence from you, and I am wondering if you have the e-mail address with which I can contact the kidnapper?

      "The criminals also have a support box for you to send them files and your email address if the decrypt does not work for you."

      Your reply, either public or private, would be most appreciated.

      Thank you!



  6. @kygiacomo

    As I mentioned before, I use Win7 with a real IP connection, and the details are in my post on May 11, which is on the above.

    Also, I didn't have the system updates after 2016.06.

    So, I guess that the reason why I got infected was that I directly connected to the Internet with a real IP.

    The other computers of mine using virtual IPs didn't get the virus.

    Just for your reference.

  7. @kygiacomo @bruticus0

    Hey men,

    I don't think the data recovery company would help, but thanks, aka Plan Y.

    Besides, I am prepared to pay the ransom twice, if necessary and if the first time succeeds.

    Of course I will do some surveys before doing so, and it will be my last resort, aka Plan Z.

    There are a few webpages that describe the process of transaction in detail, and I would peruse them a bunch of times to make sure everything goes right.

    Still looking everywhere for a solution.  Wish me luck!

    Let's give the guys working on this some cheers!



  8. @bruticus0

    Hello!  Thanks for reminding me.  I check the related threads almost every day, hoping to get the latest information.

    Well, I tried the solution at the beginning of the infection, but data recovery is of no use for me, for I regularly defragment my hard disk to keep it clean.

    I will just wait for a little longer for the geniuses in Emsisoft to see if they can come up with something.

    If anything good happens, I would definitely donate to them for appreciation.

    Finally, the IC3 forms are too complicated to me, a non-American, but I would consider filling in them someday.

    Thanks for everything!


    Jimmy from Taiwan

  9. 7 hours ago, izuran said:

    @JimmyJAPA just so you know paying didn't help us, they just moved the balance out of the Bitcoin wallet

    Well, if the decryptor cannot be made, I will have no choice but to pay, for the data are too precious to me.

    However, in the depth of my heart, I do curse these culprits who build happiness and wealth on others' suffering!

    How can they destroy others' data of the whole life time just to make money!!!

    God damn them!!!  Q_Q

  10. @bruticus0

      I tried the link you provided, but it deals with the 68 bytes file size difference (in my case the difference is 36 bytes).  Thanks, anyway.

      Regarding this virus, I don't think most Anti-Virus software are workable because it attacks the security holes directly, just like "Blaster Worm Virus" in 2003.  Re-installing and patching the security holes are, I think, the top priority.  Thank you!

  11. 18 hours ago, bruticus0 said:

    No Jim, she meant recovery tools like EaseUS Data Recovery and such.  They scan a hard drive for deleted and older versions of files if they still exist.  If they find anything, you can see if you can recover them.  Tools like this basically scan every byte of your hard drive and shows you what files are still there.  You can try it and see if any of your old non-encrypted files show up.

    Dear bruticus0,

      Thanks for your explanation.  I took it in the wrong way...

      I will try your way, but I think it would be very complicated. Q_Q

      Good luck to myself!

    ----- update -----

      I just tried to use Data Recovery Tools to see if there is any luck.

      Just so you know, it turned out to be in vain. Q___Q

  12. Dear Sarah, Emsisoft,

      You wouldn't know how glad I was when reading your reply.


      Since we are at the topic.  Here is the deal.

      I myself run the FBWF (File-Based Write Filter) on my Win7, and when I reboot, everything changed in Drive C: would be erased.

      Last week when I sat at my desk, I found all the icons on the desktop changed to "unidentified items."

      It seemed that almost everything in my computer was encrypted, so I then started searching for a solution, which led me to your site.

      After one reboot, I got my C: back intact and clean.  However, all the other files in other drives were not so lucky.

      So I started reading information about this virus, and I also tried your Cry128, finding it infeasible to brute force the key.

      It might mean the virus that my computer was infected with was a variant.

      Since I could not solve the problem, I left it on hold, waiting for your breakthrough for this.


      The next day, something unbelievable happened --- my computer was infected with the same virus!!!  AGAIN!!!  For the SECOND time!!!

      Now, I have two layers of encryption on my files.  Maybe no one on earth is as unfortunate as I am.  Q_Q

      Hence, I began to look into what might have caused the two infections, and the following are my conditions.

      1. I was using PPPOE connection for ADSL and have a real IP instead of a virtual one (192.168.xxx.xxx).

      2. I didn't have the system updates after 2016.06.

        (All the other computers in my place, not updated either, using NAT, have not been infected with this virus.  Only mine was attacked.)

      What I think is that I didn't get the virus because of the fake flash player update like others but because of a Win7 security problem.

      Now, I have updated most of the Win7 updates, changed from PPPOE to NAT, and closed DMZ function.

      Everything seems to work fine except for the encrypted files, so I am still waiting.

      Enclosed are the infected and twice-infected files.  Hope they can be of help.


      Also, hope the genius that is working on this virus is getting better.  It was said that he or she was a little bit under the weather last week.

      Please send my regards to him or her.  Thanks!


      Best regards,

      Jimmy from Taiwan


  13. Dear Bruticus,

      Thanks for your comfort as well as advice.

      Paying the ransom would be the last resort for me to retrieve my precious data.

      I was really furious about the virus makers!  How could they destroy others' things for sake of money!

      I know it is no use blaming them here, but I believe every victim feels the same thing!

      We victims' only hope lies on you technological supermen and superwomen!

      I will keep checking on the new releases of the decryption tools!

      Let's all get informed if any new hope comes up!


      Hope everything will turn out to be fine!  (With fingers crossed!)

  14. Dear Emsisoft Staff,
      I felt helpless after I came home today, finding all my files in my computer encrypted.
      I didn't even touch it today, and I didn't know how the virus got in my Win7.
      In fact, I disabled the RDP (remote desktop services) long ago.
      After my system was infected with the virus, I tried to search for a solution.
      However, everything seemed to be in vain.
      I read your instructions in emsisoft_howto_cry128.pdf and did as told.
      Unfortunatedly, decrypt_Cry128.exe told me it couldn't find the key to decrypting my files.
      What should I do?
      The following are some files for your reference.
      Hope I can hear good news from you soon, or I will have to pay the ransom... Weeping...
      Please Help!!!  A million thanks for everything!










  • Create New...