Jump to content

Amigo-A

Visiting Expert
  • Posts

    2436
  • Joined

  • Last visited

  • Days Won

    61

Everything posted by Amigo-A

  1. @Usman Apparently have on your PC for encryption was used online key, which is impossible to pick up.
  2. Of course, they are not yet deciphered. These were safety recommendations for the future. But you need to clean the system thoroughly. In many cases, we have observed re-encryption of decrypted files. Therefore, while specialists are trying to update the STOP Decrypter and find a positive solution, you need to prepare your PC for safe use. Or all efforts will be in vain ...
  3. @Usman Attach your file _readme.txt from extortionists
  4. @Usman I wrote to another user. 😃 I do not know your ID, most likely you have another one and files cannot be decrypted now.
  5. @EricN You will need the help of a support professional to clean your PC. I do not have the authority to cure PC. There are some malicious elements in the logs that can cause harm again. But I can help in more secure use of your PC. There are many free or cheaper programs that can be replaced by programs that you installed from unofficial sites. I will not list them, you yourself know. If you need to prepare a list of safe replacement programs, tell me in PM. --- I did a selective review of what is installed in your PC. This is not a complete list, but only important. Norton Security Scan is a quick scan tool, instead you need to use Norton Security, which protects your PC from modern threats. Norton Security would be a great choice! I recommend! --- ShadowExplorer - it need to install long before the attack, so that it periodically saves shadow copies of files. It is useless to set after encryption. -------------------- These programs will not protect your PC from encryptors (You can safely remove them!): Smadav Software - a doubtful tool GridinSoft Anti-Malware - a doubtful tool SpyHunter - a dubious tool --- Windows Defender - he deleted 2 files of STOP Ransomware, but the third one has penetrated and encrypted files. This should prove that it will not protect against encryptors! --- RansomwareFileDecryptor - a dubious tool for decrypt Ransom_Decryptor - a dubious tool for decrypt --- iCare Data Recovery Pro - in this case will not help recover data ParetoLogic Data Recovery Pro - in this case will not help recover data /// I know all these programs well, but in this deed their use does not be benefit you.
  6. You can also check the PC using Emsisoft Anti-Malware (30 days free), but do not remove the quarantine.
  7. @Din @Yassine @Luwie New variant STOPDecrypter supports your ID https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  8. You will need the help of a support professional to clean your PC. I do not have the authority to cure PC. There are some malicious elements in the logs that can cause harm again. There are also PUP and unwanted extensions in the browser Google Chrome. You can yourself reset the settings to default.
  9. New version of STOP Decrypter releasedhttps://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  10. New version of STOP Decrypter released https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  11. Yassine New variant STOPDecrypter supports your ID https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  12. You say you removed the malicious program, but it can leave behind itself hidden copies that attack the PC in the same way. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, that will encrypt any new files saved and will encrypt any files you manage to decrypt. We recommended to check PC before trying to decrypt the files and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious now on your computer/ https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Please attach the log files FRST saves to a reply to this topic. It is recommended to send the log files FRST as soon as possible.
  13. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.
  14. What is a potentially unwanted program (PUP)? https://blog.emsisoft.com/en/31451/how-to-perform-manual-pup-removal/ Antivirus, Anti-Malware, Anti-PUP? What is Emsisoft really? https://blog.emsisoft.com/en/14175/antivirus-anti-malware-anti-pup-what-is-emsisoft-really/
  15. Yes. Only leave all ransom notes in folders with files, in which they were at the time of encryption. Files can be encrypted with different keys. Transfer it all to free disk space or external drive and reinstall Windows. You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.
  16. Of course. Leave all ransom notes in folders with files. Send to free disk space or external drive and reinstall Windows.
  17. Surya dinata We wait and hope together with you.
  18. depe look PM We hope together with you.
  19. @Din From logs you can see that your browser Google Chrome has turned into something terrible. Several dangerous extensions that can not only show ads and redirect you to a bad sites, but also keep track of your preferences and steal your personal information. I recommend that you remove all (!!!) browser extensions manually and later reset the browser settings to their defaults. Then you can reinstall AdBlock from the official page. https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en Other extensions are unreliable or dangerous.
  20. Yassine You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible.
  21. @Din No. This site offers to use the SpyHunter tool that does not decrypt files. There are a lot of such sites on the Internet that advertise SpyHunter, which will not do anything to decrypt. We have provided all the necessary information above. See the 2st and 3st post of topic.
  22. Luwie There is nothing in the logs indicating absolute malware, but there are several PUP and some dangerous downloads that you may suffer from. \Downloads\DirectX_11_Setup_2083197489.exe \Downloads\Recuva v1.53 setup + crack If you have already installed this software, then remove it and delete the installation files.
  23. You say you removed the malicious program, but it can leave behind itself hidden copies that attack the PC in the same way. We recommended to check PC before trying to decrypt the files and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious now on your computer/ https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Please attach the log files FRST saves to a reply to this topic. It is recommended to send the log files FRST as soon as possible.
  24. Hello This is the result of an attack a new variant of STOP Ransomware. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. --- ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.
  25. You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.
×
×
  • Create New...