mlonabaugh

Nemucod decryption not working

Recommended Posts

Never mind, I got it to work! Thank you!

 Hello, A friend of mine was infected with Nemucod. I cleaned up the virus but I cannot get his files decrypted. I took some encrypted files and found old backups of the files but when I drag them to the  decryptor I receive an error. "The decrypter could not determine a valid key for your system".  The infected machine is windows XP. It did not work on the local machine so I tried doing it on my windows 10 PC but I still get the same errors. I included a video of what I am doing. Any assistance would be deeply appreciated. Thanks!

Down On The Corner.mp3

Down On The Corner.mp3.crypted

The Comfort Zone Logo (sticker ).ai.crypted

The Comfort Zone Logo (sticker_).ai

2017-03-21_11-29-45.mp4

Edited by mlonabaugh
I fixed it

Share this post


Link to post
Share on other sites

Hello,

Often cleaning up the infection prior to decrypting is a mistake.  Some ransomware variants relay information stored on the drive and in the registry for reliable decryption.

I would like to get a couple of logs to see if there may be something blocking decryption.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Share this post


Link to post
Share on other sites

Hi mlonabaugh,

Glad we could help and that you got it to work :)

As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our decrypter, why not do yourself and your files a favour and check our product out, and consider buying it.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.