Jump to content

Amigo-A

Visiting Expert
  • Posts

    2281
  • Joined

  • Last visited

  • Days Won

    56

Everything posted by Amigo-A

  1. To identify the Ransomware and confirm my information, you can use the service ID Ransomware. He will give you a link to the support topic on the BleepingComputer forum, you need to read the first post of the topic and inform the requested information there or here - Mac-address of network device.
  2. This variant of STOP Ransomware with .rectot extension appeared 3 days ago. See my posts and post GT500 in next topic - in the same order. This also applies to your case. It's first best to check PC and make sure that no malware components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Let us know about the results.
  3. WELA Hello. This is also the result of the STOP Ransomware attack. The variant with .forasom extension was spreaded before (since May 6, 2019) See my posts above and post GT500 - in the same order. This also applies to your case.
  4. int80 Attach to your new post an original ransom note JURASIK-DECRYPT or upload to the service www.sendspace.com and give us a download link. Or do it there. https://www.bleepingcomputer.com/forums/t/698141/jurasik-changed-my-files/
  5. Anky I see several malicious files here. Do not do anything yet. Wait for a response from a support service specialist.
  6. Hung Hello. This is also the result of the STOP Ransomware attack. See my posts above and post GT500 - in the same order. This also applies to your case. On the advice of the support service, a new recommendation was made for the case, like yours. This is here. It's best to check and make sure that no malware components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Let us know about the results.
  7. Surya dinata You have shown the "Logs" tab. Are there objects in the "Quarantine" tab? In this case, your need export the TrojanGenericKD.31967470 file for expert analysis.
  8. Only candidate in this list - TrojanGenericKD.31967470 in CupVAUuPRKt.dll In my list him is not. But my list is also not complete, it is only what I was able to collect.
  9. Dear Anky In principle, this can be done if you save all the files and notes on the redemption where they are. Sometimes files can be encrypted in several steps. Some are encrypted with one key, others with another, it depends on how your PC worked at the time of encryption - was turned on, then off, connected to the Internet or not. For Demonslay335 may need to search for files, if there are no other samples of the malicious file, that was active on your system. Wait for Demonslay335 answer and make the final decision.
  10. Dear sunny parmar Above, GT500 wrote you what need to do according to his instructions. This can help to developer of STOPDecrypter, and you, of course.
  11. Dear sunny parmar The solution is possible, but not immediately. You can view other topics to familiarize yourself with the process. First, the Ransomware is created, then it is distributed through the sites, then the user downloads something, starts it.., then malware infects the PC and encrypts the files. After that, the user discovers that the files are encrypted. Then he turns for help ... How to help him if the files are his PC and encryption occur on his side? Specialists are ready to help, but they need to examine the encrypted files and get the keys for decrypt in order to make decryption possible and more simple. This is a more complicated process than to smear an injured finger with antiseptic, iodine and cure it.
  12. Surya dinata When using the tool Emsisoft Emergency Kit, detected threats can be quarantined or deleted. Emsisoft recommends quarantining threats. In this case, the threat will not be active and will not cause harm, but will be useful for recovery, if it is a false detection, or for research, as in your case. But if you chose to delete, the files were safely deleted without the possibility of recovery.
  13. Many victims managed to find and download malicious files for Demonslay335. This is possible even in spite of the fact that the STOP Ransomware does a wipe of its files. You can carefully and safely collect malware files from temporary directories and (only do not run anything!) and put into a common archive with a password. Probably, experts Emsisoft could make instructions for manual collection or expand the functionality of the Emsisoft Emergency Kit program for collecting such files in hot pursuit from temporary directories, to put them in a special archive, and not in Quarantine. Something like Temp Files Collector..
  14. After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance. --- If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Received information you need insert into your new message. I hope that you still get lucky return your files.
  15. Hello, Hirudineaxxx Hello, cesar_dotmap We are pity this happened. I can say that probably STOP Ransomware encrypted your files. Extension .ferosas and .dotmap is his new variants. Special service ID Ransomware can confirm this fact, and can let you know if STOPDecrypter can recover your files. --- Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  16. After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  17. Sophal You correctly think this site with kmspico is the source of the infection! Due to the launch of a malicious file from there STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  18. Since there was not given answer from the victim, it is important in any case not to leave the topic hanging on mid of word. In the case of this Ransomware, antivirus engines may be mistaken. Most likely they will call it the GlobeImposter Ransomware, but this is most likely another Ransomware. Apparently, it has the code from GlobeImposter in order to mislead. Service ID Ransomware id has recently also identified it as GlobeImposter. We have collected various variants as part of the updates in the article Maoloa Ransomware. Demonslay335 only recently discovered that some variants are not GlobeImposter, but are defined as GlobeImposter. This question still needs to be studied in detail and elaborated in detail, and there may be more such fake GlobeImposter. Recently another fake GlobeImposter was found, for him I have a separate article and updates, but it does not apply to this topic.
  19. Surya dinata Your data will be recorded. Today is the weekend. Smart heads must sometimes rest in order to work well afterwards. 😊
  20. After checking the PC and folders with encrypted files, you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  21. If your files are encrypted and now have an .fordan extension, then this is the result of an attack from the STOP Ransomware. STOP Ransomware encrypts files of users in many countries due to the fact that they download and run hacked software (MS Windows, MS Office, other repacked or patched programs), from which someone removed the activation, making them free and dangerous at the same time due of this malicious code. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. If you need help checking your PC for malware, you can make a request in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  22. Did you read the text file that was in the archive with the STOPDecrypter? Did you open the links 'Support Topic' and 'FAQ'? At these links is all the necessary information. Your now need to copy the information from the STOPDecrypter window and paste it here or on the Support Topic. Then Demonslay335 - the developer STOP Decrypter will see your information.
  23. After checking the PC and folders with encrypted files, you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  24. After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  25. After checking the PC and folders with encrypted files, you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
×
×
  • Create New...