SAMbI4

Nemucod crypter

Recommended Posts

Hello all.

I have a problem, encrypt the server, there is no shadow copy, standard images are not.
I found the original encrypted file, but when you try to start decrypt_Nemokod his writing me (look attache)

some one have any idea?

 

Thanks yoy!

 

Untitled.jpg
Download Image

Share this post


Link to post
Share on other sites

Are you getting the message from when you drag & drop the files together onto the decrypter, or are you trying to open the decrypter first?

You should be dragging and dropping the files together onto the decrypter.

Share this post


Link to post
Share on other sites
4 hours ago, Kevin Zoll said:

Are you getting the message from when you drag & drop the files together onto the decrypter, or are you trying to open the decrypter first?

You should be dragging and dropping the files together onto the decrypter.

I try to move both of the file and have this message. that problem

Share this post


Link to post
Share on other sites

OK,

I need to get a couple of logs.

Download Farbar Recovery Scan Tool and save it to your desktop.

 

For 32-bit (x86) systems download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

For 64-bit systems download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system; that will be the right version.

 

  • Double-click to run it. When the tool opens, click "Yes" to the disclaimer.
  • Press "Scan" button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Attach it to your reply. 

Share this post


Link to post
Share on other sites
4 hours ago, Kevin Zoll said:

OK,

I need to get a couple of logs.

Download Farbar Recovery Scan Tool and save it to your desktop.

 

For 32-bit (x86) systems download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

For 64-bit systems download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system; that will be the right version.

 

  • Double-click to run it. When the tool opens, click "Yes" to the disclaimer.
  • Press "Scan" button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Attach it to your reply. 

Done

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

I only see a couple of encrypted files in the FRST logs.  I see no signs of malware in the logs.  It is entirely possible that those files cannot be decrypted.

Share this post


Link to post
Share on other sites
12 hours ago, Kevin Zoll said:

I only see a couple of encrypted files in the FRST logs.  I see now signs of malware in the logs.  It is entirely possible that those files cannot be decrypted.

all files?

Share this post


Link to post
Share on other sites

I only saw a couple of encrypted files in the logs.  If the decrypter cannot determine the encryption key, then the files cannot be decrypted.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.