Jump to content

The decrypter could not determine a valid key for your system


Recommended Posts

Hello,

I am trying to get back files encrypted by Nemucod (.crypted extension files) but when I drop the two versions of the file ( encrypted and original ), I get the error "The decrypter could not determine a valid key for your system....."

On another topic with the same issue I tried to reply but could not: http://support.emsisoft.com/topic/20092-new-variant-of-nemucodcrypted-decrypter-not-working/

I saw in that Topic that Forum Veteran Elise was asking to the user dtwestoz to provide the  dropper of the infection in order to verify if the decryption is possible or not.

I think I did find the file that originated the encryption of my case ( it is named 00000514022.doc.js ).

I tried to attach it to my post but the system is not allowing the upload of that kind of file.

Let me know how to proceed.

I look forward to hearing from you and send my best regards.

 

Patrick

Link to post
Share on other sites

Hello,

I'm sorry to hear about this. Could you please try to upload the .js file to www.virustotal.com and post the link to the scan results?

 

Also, can you let me know what the name of the ransom note and the format of the encrypted files is?

Link to post
Share on other sites

Hello Elise,

thanks for your prompt reply.

 

Here is the link to the scan results: https://www.virustotal.com/en/file/f145dfac9e39a2643b2c6ce08416411c19b939397ad7dbe57ef0edb4529a322c/analysis/1461935259/

 

The name of the ransom note which is located on the desktop is: DECRYPT.txt

It pops up automatically when you start the computer.

 

The format of the encrypted files is:   .crypted

 

In case you need, I have available one original file and the relative encrypted version.

 

I look forward to hearing from you.

Best regards.

 

Patrick

Link to post
Share on other sites

Thank you, unfortunately if the decrypter is not able to find a key, then decryption is not possible.

 

I can help you removing the active infection components, but this will do nothing to get your files back.

Link to post
Share on other sites

Hello Elise,

thanks for your reply.

I made a full clone copy of the hard drive and decided to format it and reinstall the OS from scratch.

I am following as well this topic on bleepingcomputer.com: http://www.bleepingcomputer.com/forums/t/608045/crypted-ransomware-nemucod-decrypttxt-support-and-help-topic/page-8

and it looks like the infection I am dealing with is the 7zip variant of Nemucod.

I hope you guys will be able to find a way to create a new version of your decrypter that implements this new version of Nemucod.

Wish you all the best.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...