decrypt_Nemucod not working.

Haris Shabbir · December 16, 2016

Hi,

My pc is infected with this crap Nemucod thing and all the files have gone to .crypted format. I have tried everything but no use. even tried decrypt_Nemucod.exe but when I try to install the software, it gives the error that not a valid key and couldnt install it.

I have attached a sample file which is infected. Can you please check?

AMICO - Payments.xls.crypted

Kevin Zoll · December 17, 2016

Hello,

Try using an image file. You must have the original and the encrypted copy for the decrypter to work. Encrypted files cannot be decrypted otherwise.

Haris Shabbir · December 17, 2016

Actually all the MS office files have been encrypted and dont know where to get the image file now. I have had a malware scan and got the following results.

Scan start:   12/17/2016 9:26:21 AM
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe    Gen:Variant.Mikey.35617 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png    Trojan.PHP.Ransom.G (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png    Trojan.GenericKD.3881767 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe    Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe    Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe    Trojan.GenericKD.3512135 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe    Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe    Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe    Gen:Variant.Graftor.301472 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe    Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe    Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe    Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe    Gen:Variant.Graftor.312393 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe    Gen:Variant.Mikey.53159 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6    Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000067315A002D4DA75E7    Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000090497765CB19E941F    Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4    Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E    Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593    Trojan.Generic.13113315 (B) [krnl.xmd]

Scanned 85846
Found 20

Scan end: 12/17/2016 9:40:22 AM
Scan time: 0:14:01

C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593   Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E   Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4   Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000090497765CB19E941F   Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000067315A002D4DA75E7   Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6   Quarantined: Trojan.Generic.13113315 (B)
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe   Quarantined: Gen:Variant.Mikey.53159 (B)
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe   Quarantined: Gen:Variant.Graftor.312393 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe   Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe   Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe   Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe   Quarantined: Gen:Variant.Graftor.301472 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe   Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe   Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe   Quarantined: Trojan.GenericKD.3512135 (B)
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe   Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe   Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png   Quarantined: Trojan.GenericKD.3881767 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png   Quarantined: Trojan.PHP.Ransom.G (B)
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe   Quarantined: Gen:Variant.Mikey.35617 (B)

Quarantined: 20

Kevin Zoll · December 19, 2016

Any picture file that has been encrypted that you have the original copy of also will work.

Kevin Zoll · December 22, 2016

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Sign In

decrypt_Nemucod not working.

Recommended Posts

Haris Shabbir 0

Link to post

Share on other sites

Kevin Zoll 309

Link to post

Share on other sites

Haris Shabbir 0

Link to post

Share on other sites

Kevin Zoll 309

Link to post

Share on other sites

Kevin Zoll 309

Link to post

Share on other sites

Recently Browsing 0 members

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

Browse

Activity