Haris Shabbir

decrypt_Nemucod not working.

Recommended Posts

Hi,

My pc is infected with this crap Nemucod thing and all the files have gone to .crypted format. I have tried everything but no use. even tried decrypt_Nemucod.exe but when I try to install the software, it gives the error that not a valid key and couldnt install it.

I have attached a sample file which is infected. Can you please check?

 

AMICO - Payments.xls.crypted

Share this post


Link to post
Share on other sites

Hello,

Try using an image file.  You must have the original and the encrypted copy for the decrypter to work.  Encrypted files cannot be decrypted otherwise.

Share this post


Link to post
Share on other sites

Actually all the MS office files have been encrypted and dont know where to get the image file now. I have had a malware scan and got the following results.

 

Scan start:    12/17/2016 9:26:21 AM
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe      Gen:Variant.Mikey.35617 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png      Trojan.PHP.Ransom.G (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png      Trojan.GenericKD.3881767 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe      Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe      Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe      Trojan.GenericKD.3512135 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe      Gen:Variant.Graftor.301472 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe      Gen:Variant.Graftor.312393 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe      Gen:Variant.Mikey.53159 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000067315A002D4DA75E7      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000090497765CB19E941F      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593      Trojan.Generic.13113315 (B) [krnl.xmd]

Scanned    85846
Found    20

Scan end:    12/17/2016 9:40:22 AM
Scan time:    0:14:01

C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000090497765CB19E941F    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000067315A002D4DA75E7    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6    Quarantined: Trojan.Generic.13113315 (B)
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe    Quarantined: Gen:Variant.Mikey.53159 (B)
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe    Quarantined: Gen:Variant.Graftor.312393 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe    Quarantined: Gen:Variant.Graftor.301472 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe    Quarantined: Trojan.GenericKD.3512135 (B)
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe    Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe    Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png    Quarantined: Trojan.GenericKD.3881767 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png    Quarantined: Trojan.PHP.Ransom.G (B)
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe    Quarantined: Gen:Variant.Mikey.35617 (B)

Quarantined:    20

 

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.