Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by SDM

  1. Thanks a lot for kind help. 

    I have attached fixlog also for your kind review.

    System is working fine except at startup it is taking bit too long time.

    I will not be deleting any of the encrypted file (Extension with .lqqw).

    As and when solution will be available at your end I will try to decrypt, till then I will wait.

    I have also forwarded the details to cyber crime department in India for their information. I know nothing is  in their hand.




  2. Should I Delete below files?


    C:\windows\System32\Drivers\7b4tV3HOPXa.sys     detected: Trojan.GenericKD.46846801 (B) [krnl.xmd]

    And also below deleted

    C:\Users\sdmis\AppData\Local\Temp\jamesnew.exe -> (AutoIT Script) -> (unicode)     detected: AIT:Trojan.Nymeria.4747 (B) [krnl.xmd]
    C:\Users\sdmis\AppData\Local\Temp\md3_3kvm.exe     detected: Trojan.GenericKD.37499169 (B) [krnl.xmd]
    C:\Users\sdmis\AppData\Roaming\2821170.exe -> (Embedded 0)     detected: Trojan.Stealer.FL (B) [krnl.xmd]

  3. Need help to decrypt file.

    We have identified "STOP (Djvu)". This ransomware may be decryptable under certain circumstances.
    Please refer to the appropriate guide for more information.

    Identified by:

    ransomnote_filename: _readme.txt
    ransomnote_email: [email protected]
    sample_bytes: [0x293C - 0x2962] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
    Click here for more information about STOP (Djvu).
    Case number: bf2fa31c000f94097a7c33e5dba0d3da655d230d1630265749




  • Create New...