Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by ComputerDirect

  1. They have a remote support client system running for support from an offsite technical contact, so yes that is legitimate.
  2. Have attached the requested files. PostDecrypt was run in Safe Mode with Networking after applying the decryption key on the affected PC. PreDecrypt was run in Safe Mode with Networking prior to applying the decryption key on the infected PC. Decrypt Soft.exe is the decryption program that we were provided. key.txt is a text file I copied the key to, from the email we received. Hope this helps. Addition_PostDecrypt.txt Addition_PreDecrypt.txt FRST_PostDecrypt.txt FRST_PreDecrypt.txt decrypt soft.exe key.txt
  3. One of our clients has been infected with ransomware from an unknown source. All of their HDD data files have been encrypted and .ntfs has been appended to the end of the file names. I have attached the sample emails.txt.ntfs encrypted file as well as their decrypted emails.txt file. Every directory on the drive has a file named info.txt added into it, including the startup folder. This ransomware MO looks similar to the reported Stroman or FAT32 one. Any help would be much appreciated because I am doing this for a friend from a medical practice. [Below is the info.txt
  • Create New...