Jump to content

Amigo-A

Visiting Expert
  • Posts

    2438
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. Malicious modules can remain in any case, except when you erase (nulled) a disk, connected as a secondary to another PC. The wiping procedure is not always sufficient for the complete destruction of information on conventional media. Info in SSDs are stored otherwise - in the form of blocks or pages of NAND transistor chips, which must be erased with electronically method before being reused. Only check that the Windows installer makes a quick formatting (in its understanding).
  2. These functions are easily captured, bypassed and used by malware. You need to save the ransom notes and encrypted files for the future. Then you can do with your PC, whatever you want. You can upload a note here so that I can compare with my information or compare it yourself.
  3. @rajarathinamsuntv Hello. You need as soon as possible to attach to the message the original file of ransom note and several encrypted files (png, jpg, doc, txt). I will quickly check this and tell you what kind of extortionist has encrypted your files. I already know this Ransomware, but I need confirmation. No make search anywhere still , you can be deceived and forced to install fake programs.
  4. Hello @M Yaseen This is the result of the STOP Ransomware attack. The variant with extension .browsec was active in April. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  5. Hello @Vegetto GlobeImposter Ransomware does not delete itself after encryption. Copies of it are kept in several places. Ransomware often take additional malicious functional, for example, to steal information and set up a remote control. Therefore, without complex anti-virus and additional measures of protection, the PC can be attacked once again. --- You have a lot of different ideas, so it's amazing how you could catch a virus. Disconnect all external drives while check and clean the system. But you can connect external drives only after Antivirus is installed on your PC. Antivirus protection must be active, actual and complex (antivirus, firewall, other security features). While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components for encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ You can use Emsisoft Anti-Malware Home (30 days for free) to scan your system, disks and be safe until you decide how to protect your PC and information on external drives. Try not to use free antivirus software, because their security capabilities are very limited. It is better, safer and smarter to use a paid comprehensive antivirus product. It has more functionality and is able to protect your PC and your online privacy. The choice is yours...
  6. @kiki While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components for encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  7. Hello @RockyS If this has encrypted your files, then it is urgent to file a complaint with the administration of github.com --- Compare this information with yours. All the same as by you? This is in the Update June 3, 2019 in my article GlobeImposter Ransomware. Victims sent me samples. Test results: VT + VMR - Perhaps they will help decryption specialists figure out something. There is no free way and free tool to decrypt files. Alas.
  8. Hello @swarup anand GT500 will answer you later. Let's put some order in the anti-virus protection of your PC by looking at the logs you provided. How does all this live in your computer? Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program. Uninstall ESET Online Scanner. This is a quick scan tool and it will not protect your PC from threats. Uninstall AVAST Software modules or using an official tool 'avastclear'. Perhaps they are left from the previous installation. https://www.avast.com/uninstall-utility --- Why is Quick Heal Total Security inactive? Is the license expired or have you disabled it yourself? If over, then uninstall. If turned off and forgot, turn it on after you finish cleaning. --- I recommend choosing something that previously protected your PC better, and another to uninstall. Antivirus protection must be active, actual and complex (antivirus, firewall, other security features). If the licenses has expired and you do not plan to renew - immediately uninstall. --- If nothing is left and all inactive antiviruses are removed, then you can download and install Emsisoft Anti-malware (30 days free) after restarting the PC. --- Try not to use free antivirus software, because their security capabilities are very limited. It is better, safer and smarter to use a paid comprehensive antivirus product. It has more functionality and is able to protect your PC and your online privacy. The choice is yours.
  9. Hello @Anand812 In the screenshot in the lower right corner there is a logo PHOBOS. This is Phobos Ransomware. I have been tracking activity this Ransomware since October 2017. Until now, no one has released a free decryptor who could decrypt files of different versions. --- You can attach the original memo file and several encrypted files to your message so that I can catalog this variant. --- You can subscribe to this topic and receive notifications about any new cases and attempts to decrypt, if it will be in the future.
  10. Need still file _readme.txt He is in your C:\_readme.txt Tomorrow the @GT500 will transfer your information to the STOPDecrypter developer. Perhaps this will help.
  11. Also attach this files: STOPDecrypter-log.txt _readme.txt
  12. @mdaher Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program. Uninstall McAfee Security Scan. This is a quick scan tool and it will not protect your PC from threats.
  13. @Blacksharks Compare this information with yours. All the same as by you? This is in the Update June 3, 2019 in my article GlobeImposter Ransomware. Victims sent me samples. Test results: VT + VMR - Perhaps they will help decryption specialists figure out something. There is no free way and free tool to decrypt files. Alas.
  14. @GK sharma Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  15. @Toby1222 Hello This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> First try to decrypt several files, previously by making copies of this files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  16. Yes, use the site www.sendspace.com to upload such an archive. It is advisable to set an password 'infected' so that the service does not delete it.
  17. @Rachwell Gorblimy! Here are files from several encryptors and other malicious files. It is better to wait for the answer of the Emsisoft specialist @GT500, since it's their tool. It may be necessary to take samples of encryptor from Quarantine.
  18. @Mohamad Ajmal See the answer to your request.
  19. @vivek choudhary This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  20. @Mohamad Ajmal This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter >>> If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, which infect and will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check PC and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  21. @Rachwell No. First you need to get rid of malware. Otherwise, encryption may be repeated or restarted with other components. I did not look deeply, but all the anti-virus programs and on-demand scanners that are on your PC, as it became clear, turned out to be useless. You can remove them all and install them to fully check the "Emsisoft Emergency Kit". Check PC and agree to send quarantined malware files. Attach the results to the message for the Emsisoft experts to see.
  22. @Rachwell There are malicious files in the logs! Be careful! Wait for a response of a support service Emsisoft.
  23. @Thinh Dang Attach a ORIGINAL ransom note to your new post and report the approximate time when the files were encrypted. or upload them to the site www.sendspace.com
  24. @Thinh Dang Good! Good that you answered! Everything is as I said. Previously was the result, which pointed to the GlobeImposter 2.0 Ransomware. But I noticed the differences a long time ago and separated some variants into the article Maoloa Ransomware and Alco Ransomware After a detailed analysis, Demonslay335 reported that there are differences that make it possible to isolate some options into a separate identification - Maoloa Ransomware. Researchers recognize that after the GlobeImposter 2.0 Ransomware, it is impossible to decrypt files after the buyout to the extortionists. For Maoloa Ransomware there is no such certainty. It has not been studied enough to decrypt files or to recognize the impossibility of decryption. That is, for Maoloa Ransomware and Alco Ransomware there is still hope for decrypting, but there is no decryptor yet.
×
×
  • Create New...