Jump to content

Merry Christmas infected, Decrypter v 1.0.0.50 not working


Recommended Posts

Hi there. My girlfriend's laptop got infected with the Merry Christmas ransomware after she opened a Chrome_Font.exe. I tried using your decrypter, v1.0.0.50, but it won't detect any keys, unfortunately. Do you think the problem is a new encryption that's not in your decrypter? I've included six files (3 corrupted, 3 normal). Thank you for all the help. 

PD_2_File_001.jpg

PD_2_File_001.jpg.MERRY

PD_8_File_002.jpg

PD_8_File_002.jpg.MERRY

PD_9_File_001.JPG

PD_9_File_001.JPG.MERRY

  • Upvote 1
Link to post
Share on other sites

Great acall! I found it quarantined, restored it, then uploaded it here. There were a few other suspicious files in the same folder as the FONT_UPDATE.EXE, such as DRIVER-UPDATER-SETUP.EXE and WIPERSOFT-INSTALLER.EXE that were quarantined by Malwarebytes. I'm not sure if they have anything to do with the virus though, so I didn't restore and upload them, but can do that if you want.

And thank you so so much for helping us with this problem, we really appreciate it. Thank you.

PS: I tried decrypting using the v.53 software, didn't work either.

FONT_UPDATE.EXE

Link to post
Share on other sites

Hej,  Version: 1.0.0.53 doesnt work for me either. It says that the decrypter could not determine key for my system. It repeats with different kind of files (I dont have jpg I think). I have Windows 10, I don't know if that matters. I got my laptop back from service point where they deleted virus by files are still blocked. Thanks for any help!

jak-nie-czuć-się-zerem.mobi

jak-nie-czuć-się-zerem.mobi.MERRY

Link to post
Share on other sites

@gostevie, I just published a new version. Would you mind checking that new version? :)

EDIT: Just tested it with your files. The correct key should be "4:2:Z_h_r_H_t_D_S_t_F_n_". Used the PF_2_File_001.jpg files you provided for the comparison. Results in 4 keys. The third one decrypts all the files you provided.

  • Upvote 1
Link to post
Share on other sites

Hi gostevie,

I'm glad that our software could help us recover your files.

No need to donate, however as a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it.

Regards,

Sarah

Link to post
Share on other sites
  • 1 month later...

Hello, several months trying to decrypt virus merry christmas with your Decrypter for MRCR different versions, but unfortunately we do not always decode the picture. Please, could you look at this, I'm sending 10 photos (5 infected a good 5). Thank you

DSC06719.JPG

DSC06719.JPG.MERRY

DSC08851.JPG

DSC08851.JPG.MERRY

DSC08868.JPG

DSC08868.JPG.MERRY

DSC08876.JPG

DSC08876.JPG.MERRY

Mazda_mpv.JPG

Mazda_mpv.JPG.MERRY

MERRY_I_LOVE_YOU_BRUCE.HTA

Link to post
Share on other sites

Hi Jarin81,

You need to download the decrypter from here, and you will need to drag and drop DSC06719.JPG.MERRY and DSC06719.JPG files onto the decrypter. It will find 4 keys, you need to go into Options tab and select the 3rd option (-2:1:2_n_A_B_r_b_D_) in the Key Selection. Then you can switch to the Decrypter tab and click Decrypt.

Regards,

Sarah

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...