Haris Shabbir

decrypt_Nemucod not working.

By Haris Shabbir, in Help, my PC is infected!

Recommended Posts

Haris Shabbir    0

Haris Shabbir
Posted

Hi,

My pc is infected with this crap Nemucod thing and all the files have gone to .crypted format. I have tried everything but no use. even tried decrypt_Nemucod.exe but when I try to install the software, it gives the error that not a valid key and couldnt install it.

I have attached a sample file which is infected. Can you please check?

 

AMICO - Payments.xls.crypted

Share this post

Link to post
Share on other sites

Kevin Zoll    309

Kevin Zoll
Posted

Hello,

Try using an image file.  You must have the original and the encrypted copy for the decrypter to work.  Encrypted files cannot be decrypted otherwise.

Share this post

Link to post
Share on other sites

Haris Shabbir    0

Haris Shabbir
Posted

Actually all the MS office files have been encrypted and dont know where to get the image file now. I have had a malware scan and got the following results.

 

Scan start:    12/17/2016 9:26:21 AM
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe      Gen:Variant.Mikey.35617 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png      Trojan.PHP.Ransom.G (B) [krnl.xmd]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png      Trojan.GenericKD.3881767 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe      Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe      Gen:Variant.Mikey.53488 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe      Trojan.GenericKD.3512135 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe      Gen:Variant.Graftor.301472 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe      Gen:Variant.Zusy.207196 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe      Gen:Variant.Graftor.312393 (B) [krnl.xmd]
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe      Gen:Variant.Mikey.53159 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000067315A002D4DA75E7      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000090497765CB19E941F      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E      Trojan.Generic.13113315 (B) [krnl.xmd]
C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593      Trojan.Generic.13113315 (B) [krnl.xmd]

Scanned    85846
Found    20

Scan end:    12/17/2016 9:40:22 AM
Scan time:    0:14:01

C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP0000005C549BAFC2365917B4    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000090497765CB19E941F    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000067315A002D4DA75E7    Quarantined: Trojan.Generic.13113315 (B)
C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6    Quarantined: Trojan.Generic.13113315 (B)
C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe    Quarantined: Gen:Variant.Mikey.53159 (B)
C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe    Quarantined: Gen:Variant.Graftor.312393 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe    Quarantined: Gen:Variant.Graftor.301472 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe    Quarantined: Gen:Variant.Zusy.207196 (B)
C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe    Quarantined: Trojan.GenericKD.3512135 (B)
C:\Users\User\AppData\Local\Temp\FE8.tmp.exe    Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Temp\49BC.tmp.exe    Quarantined: Gen:Variant.Mikey.53488 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png    Quarantined: Trojan.GenericKD.3881767 (B)
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png    Quarantined: Trojan.PHP.Ransom.G (B)
C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe    Quarantined: Gen:Variant.Mikey.35617 (B)

Quarantined:    20

 

Share this post

Link to post
Share on other sites

Kevin Zoll    309

Kevin Zoll
Posted

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
 

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.