Jump to content


Visiting Expert
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Amigo-A

  1. https://translate.google.com/?hl=ru&tab=wT&sl=auto&tl=en&text=مرحبا ...عندى صيغة التشفير CHK ممكن اجد لها حل ؟ &op=translate


    Hello... I have the CHK encryption format, can I find a solution for it?

    Are you sure the files are encrypted?
    Or are you talking about files that are in FOUND folders on your drive? They most often occur after fixing disk errors with CHKDSK.

    In this case, you can use file recovery software. http://www.ericphelps.com/uncheck/



    But if your files were encrypted after a ransomware attack, then attach a zip-archive to the message, in which you put a ransom note and several small encrypted files.


  2. Hello.

    The extension .qnty belongs to a different version - 0393, but your screenshot shows version 0395.
    Probably, you had two encryptions. In this case, the files could get the extensions .ccps and .qnty

    Check folders with encrypted files, look at _readme.txt notes.
    It is possible that they have a different line with 'Your personal ID'.
    Put different notes in two different folders and zip archive them in one file.
    Attach the zip archive to the post.

  3. As mentioned above, files encrypted with these encryptors are unlikely to be decrypted. But specialists can investigate the specific case with your files. Sometimes, very rarely, some intermediate versions have flaws that allow some files to be decrypted. This is rare, but sometimes it happens. It's bad when the files are encrypted with 2-3 encryptors, in which case the probability of returning the files tends to 0...

  4. 2 hours ago, MNdrskv said:

    So if possible, I can just let it restore the files without any adverse effects to my PC?
    As long as I don't open them, right?

    Yes. Isolated files are safe as long as they have a neutral extension. But even in this form, antiviruses can detect these files as dangerous. When switching from one antivirus to another, users are faced with a problem when the new antivirus grabs isolated files from the remaining quarantine and reports the discovery of a malicious files. This gives reason to think that the new antivirus is better than the old one. Talk about all the nuances for a long time. 

  5. 9 hours ago, MNdrskv said:

    DiskWriter.gen - Hosts2.gen - SelfDel.pef amongst others. 
    Would any of these be of any use to you alongside the loader tool .exe?

    I will clarify. The files may be needed for analysis not by me, but by Emsisoft specialists.
    Kaspersky specialists use their own naming system. Sometimes, under one of these names, an encryptor or one of its components may be hidden.

    In rare cases, when an attack can be well researched and described with an article, they give it a unique name or use an international one. 

    To prevent Kaspersky antivirus from deleting files, you need to configure its action for malicious files.
    If you can recover files without quarantine, then do it by one.

    Upload each separately or all in one archive to the resource from the link.
    Indicate this subject and your contacts (if you want to receive a response by mail) in a message box.

  6. OK. We are in contact with different people, from different countries, using different PCs and OS, having different levels of preparedness or having no experience, therefore it is better to say, to warn, to advise than to say nothing.

    On 2/5/2022 at 2:00 PM, MNdrskv said:

    That file is still in quarantine somewhere

    What antivirus software quarantined the file? Is this an Emsisoft program or another Antivirus? What language is used?

  7. Yes, this is one of the most effective methods of attacking and infecting user computers.
    Another: using infected repackaged and hacked distributions of popular applications (Photoshop, Office, and others).
    For these programs is easier to find a free or low price alternative and not use repack, hacks and cracks.
    For Windows, finding an alternative is a little more difficult, but it is safer to buy and use a key for 1 activation. This is a legal method, available to everyone, and you don't have to use hacked and repackaged distributions from pirate sites. 


    On 2/5/2022 at 6:58 AM, Si-Li Qin said:

    I just realised that I do still remember the very site's link I downloaded

    For a more accurate analysis, you need a malicious file that did the encryption.

    Malware distributors and sites specially prepared for the attack may not store malicious content for a long time.
    Moreover, they may not deliver it to all visitors, for this they use exploits that work differently, depending on the version of the operating system, browser version, installed updates, and other parameters. Over time, the version of the malicious component may also change.

    If nothing has changed since the attack on your PC, then the provided link to the file can help in the analysis.

  • Create New...