Jump to content

Amigo-A

Visiting Expert
  • Posts

    2305
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. Hello @Anand812 In the screenshot in the lower right corner there is a logo PHOBOS. This is Phobos Ransomware. I have been tracking activity this Ransomware since October 2017. Until now, no one has released a free decryptor who could decrypt files of different versions. --- You can attach the original memo file and several encrypted files to your message so that I can catalog this variant. --- You can subscribe to this topic and receive notifications about any new cases and attempts to decrypt, if it will be in the future.
  2. Need still file _readme.txt He is in your C:\_readme.txt Tomorrow the @GT500 will transfer your information to the STOPDecrypter developer. Perhaps this will help.
  3. Also attach this files: STOPDecrypter-log.txt _readme.txt
  4. @mdaher Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program. Uninstall McAfee Security Scan. This is a quick scan tool and it will not protect your PC from threats.
  5. @Blacksharks Compare this information with yours. All the same as by you? This is in the Update June 3, 2019 in my article GlobeImposter Ransomware. Victims sent me samples. Test results: VT + VMR - Perhaps they will help decryption specialists figure out something. There is no free way and free tool to decrypt files. Alas.
  6. @GK sharma Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  7. @Toby1222 Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  8. Yes, use the site www.sendspace.com to upload such an archive. It is advisable to set an password 'infected' so that the service does not delete it.
  9. @Rachwell Gorblimy! Here are files from several encryptors and other malicious files. It is better to wait for the answer of the Emsisoft specialist @GT500, since it's their tool. It may be necessary to take samples of encryptor from Quarantine.
  10. @Mohamad Ajmal See the answer to your request.
  11. @vivek choudhary This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  12. @Mohamad Ajmal This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  13. @Rachwell No. First you need to get rid of malware. Otherwise, encryption may be repeated or restarted with other components. I did not look deeply, but all the anti-virus programs and on-demand scanners that are on your PC, as it became clear, turned out to be useless. You can remove them all and install them to fully check the "Emsisoft Emergency Kit". Check PC and agree to send quarantined malware files. Attach the results to the message for the Emsisoft experts to see.
  14. @Rachwell There are malicious files in the logs! Be careful! Wait for a response of a support service Emsisoft.
  15. @Thinh Dang Attach a ORIGINAL ransom note to your new post and report the approximate time when the files were encrypted. or upload them to the site www.sendspace.com
  16. @Thinh Dang Good! Good that you answered! Everything is as I said. Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware. But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware and Alco Ransomware After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware. Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists. For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption. That is, for Maoloa Ransomware and Alco Ransomware there is still hope for decrypting, but there is no decryptor yet.
  17. This operation can take a lot of time. Theoretically, even as much as we (we all) can not imagine.
  18. @Thinh Dang I ask you to publish the results of identification in ID Ransomware. I already know them in advance, but I need confirmation, because you may be given a double identification, one of which is erroneous and the other is correct. I will tell you which one is correct. Please attach a ransom note to your new post and report the approximate time when the files were encrypted.
  19. @Usman Apparently have on your PC for encryption was used online key, which is impossible to pick up.
  20. Of course, they are not yet deciphered. These were safety recommendations for the future. But you need to clean the system thoroughly. In many cases, we have observed re-encryption of decrypted files. Therefore, while specialists are trying to update the STOP Decrypter and find a positive solution, you need to prepare your PC for safe use. Or all efforts will be in vain ...
  21. @Usman Attach your file _readme.txt from extortionists
  22. @Usman I wrote to another user. 😃 I do not know your ID, most likely you have another one and files cannot be decrypted now.
  23. @EricN You will need the help of a support professional to clean your PC. I do not have the authority to cure PC. There are some malicious elements in the logs that can cause harm again. But I can help in more secure use of your PC. There are many free or cheaper programs that can be replaced by programs that you installed from unofficial sites. I will not list them, you yourself know. If you need to prepare a list of safe replacement programs, tell me in PM. --- I did a selective review of what is installed in your PC. This is not a complete list, but only important. Norton Security Scan is a quick scan tool, instead you need to use Norton Security, which protects your PC from modern threats. Norton Security would be a great choice! I recommend! --- ShadowExplorer - it need to install long before the attack, so that it periodically saves shadow copies of files. It is useless to set after encryption. -------------------- These programs will not protect your PC from encryptors (You can safely remove them!): Smadav Software - a doubtful tool GridinSoft Anti-Malware - a doubtful tool SpyHunter - a dubious tool --- Windows Defender - he deleted 2 files of STOP Ransomware, but the third one has penetrated and encrypted files. This should prove that it will not protect against encryptors! --- RansomwareFileDecryptor - a dubious tool for decrypt Ransom_Decryptor - a dubious tool for decrypt --- iCare Data Recovery Pro - in this case will not help recover data ParetoLogic Data Recovery Pro - in this case will not help recover data /// I know all these programs well, but in this deed their use does not be benefit you.
  24. You can also check the PC using Emsisoft Anti-Malware (30 days free), but do not remove the quarantine.
×
×
  • Create New...