TCO Jason 0 Posted March 23, 2017 Report Share Posted March 23, 2017 (edited) Thank you in advance for your help! Copied text was removed, I misread the instructions. Addition_22-03-2017 23.16.18.txt FRST_22-03-2017 23.16.18.txt scan_170322-112558.txt Edited March 23, 2017 by TCO Jason Copied text was removed, I misread the instructions. Quote Link to post Share on other sites
Kevin Zoll 309 Posted March 23, 2017 Report Share Posted March 23, 2017 Hello, Please try using the Rakhni Decryptor by Kaspersky Download: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip Usage Guide: https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf Quote Link to post Share on other sites
TCO Jason 0 Posted March 26, 2017 Author Report Share Posted March 26, 2017 Hi Kevin, Thank you for the quick reply. It's been running for a few days now and hasn't been successful in decrypting any yet. If this is unsuccessful, are there any other options? Thank you again for your help. Quote Link to post Share on other sites
Sarah W 26 Posted March 27, 2017 Report Share Posted March 27, 2017 Hi TCO Jason, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah Quote Link to post Share on other sites
Gusi 0 Posted March 31, 2017 Report Share Posted March 31, 2017 Hi - infected with .Wallet and when running Rakhni Decryptor by Kaspersky , I get a "processing error" - any ideas? help will be greatly appreciate it... 20:47:49.0429 0x2438 Trojan-Ransom.Win32.Rakhni decryption tool 1.17.17.0 Mar 1 2017 23:11:54 20:47:51.0433 0x2438 ============================================================ 20:47:51.0433 0x2438 Current date / time: 2017/03/30 20:47:51.0433 20:47:51.0433 0x2438 SystemInfo: 20:47:51.0434 0x2438 20:47:51.0434 0x2438 OS Version: 6.1.7601 ServicePack: 1.0 20:47:51.0434 0x2438 Product type: Server 20:47:51.0434 0x2438 ComputerName: ARES 20:47:51.0434 0x2438 UserName: administrator 20:47:51.0434 0x2438 Windows directory: C:\Windows 20:47:51.0434 0x2438 System windows directory: C:\Windows 20:47:51.0434 0x2438 Running under WOW64 20:47:51.0434 0x2438 Processor architecture: Intel x64 20:47:51.0434 0x2438 Number of processors: 4 20:47:51.0434 0x2438 Page size: 0x1000 20:47:51.0434 0x2438 Boot type: Normal boot 20:47:51.0435 0x2438 ============================================================ 20:47:51.0535 0x2438 Initialize success 20:48:19.0785 0x2410 Number of worker threads: 4 20:48:30.0253 0x2410 File path: C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt.id-0C677459.[[email protected]].wallet 20:48:30.0284 0x2410 Password recovered 20:48:30.0285 0x2410 Known suspicious file: C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt.id-0C677459.[[email protected]].wallet 20:48:32.0951 0x2410 DecryptIO (C:\Users\administrator.TEA\Desktop\test2\License_SQLNCLI_ENU.txt) error ---- 20:48:37.0821 0x2410 Folder scan statistic (C:\Users\administrator.TEA\Desktop\test2): 20:48:37.0821 0x2410 Processed: 3 20:48:37.0821 0x2410 Found: 3 20:48:37.0821 0x2410 Decrypted: 0 20:48:37.0821 0x2410 ================================================================================ 20:48:37.0821 0x2410 Scan finished 20:48:37.0821 0x2410 Quote Link to post Share on other sites
Sarah W 26 Posted April 2, 2017 Report Share Posted April 2, 2017 Hi Gusi, Wallet Dharma is unfortunately not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. RDP is how these criminals usually enter, so please secure it with a strong password. Regards, Sarah Quote Link to post Share on other sites
Demonslay335 26 Posted May 20, 2017 Report Share Posted May 20, 2017 @TCO Jason @Gusi If you haven't seen, Kaspersky and Avast have released decrypters for the .wallet variant of Dharma, since the keys were released this week. https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.