handtrix

PLEASE HELP! RSA-1024 Algorithm infection

Recommended Posts

Hi! My PC is infected with this. I was able to follow an instruction from another thread related to this problem.

Here is my generated files.


-----------------------------------------------------------------------------------------------------------------------------------------------
 

ATTENTION!

All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.20556 BTC (bitcoins).
Please follow this manual:

1. Create Bitcoin wallet here:

      https://blockchain.info/wallet/new

2. Buy 0.20556 BTC with cash, using search here:

      https://localbitcoins.com/buy_bitcoins

3. Send 0.20556 BTC to this Bitcoin address:

      15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR

4. Open one of the following links in your browser to download decryptor:

      http://minneapolisarborist.com/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://dophotography.nyc/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://boris-nikitin.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://abv-mebelshop.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://boom71.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR

5. Run decryptor to restore your files.

PLEASE REMEMBER:

      - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
      - Nobody can help you except us.
      - It`s useless to reinstall Windows, update antivirus software, etc.
      - Your files can be decrypted only after you make payment.
      - You can find this manual on your desktop (DECRYPT.txt).
 

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hi handtrix,

I see you downloaded decrypt_Nemucod.exe, you will need to drag an encrypted and unencrypted version of the the same file onto the decrypter and then you can decrypt all your files.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi Sarah, I already did this steps but i couldn't find an uncrypted copy of my files. all of them are already crypted. I wont be able to run the decrypter.

Share this post


Link to post
Share on other sites

Hi there again!

My computer had been infected with RSA 1024 a.k.a. Nemucod 5 days ago. (below is a decrypt letter)

I did not pay the perpetrators for a code. I already seek advice from experts and nothing solved. I was adviced to use emsisoft decryptor but I couldn't find a original uncrypted file to drag unto the icon together with an identical crypted version. All I can see all over my PC are crypted files. I tried renaming, & restore system still nothing happend. When I double click a file to open, only codes will apear.

So today, after 5 days from the date of infection. When I open my PC "I CAN'T LOG INTO WINDOWS PERSONAL ADMINISTRATIVE ACCOUNT" i know the password but it says its wrong. I wanna know if this an aftermath of not solving the infection after 3 days as they threaten me on the letter? WHAT ARE THE WORSE THINGS THAT COULD HAPPEN AFTER UNSOLVED NEMUCOD? What can I do? May I be able to open my user account ever again? or is there any means I may be able to retrieve my file? PLEASE HELP!

-----------------------

ATTENTION!

All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.20556 BTC (bitcoins).
Please follow this manual:

1. Create Bitcoin wallet here:

      https://blockchain.info/wallet/new

2. Buy 0.20556 BTC with cash, using search here:

      https://localbitcoins.com/buy_bitcoins

3. Send 0.20556 BTC to this Bitcoin address:

      15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR

4. Open one of the following links in your browser to download decryptor:

      http://minneapolisarborist.com/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://dophotography.nyc/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://boris-nikitin.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://abv-mebelshop.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR
      http://boom71.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR

5. Run decryptor to restore your files.

PLEASE REMEMBER:

      - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
      - Nobody can help you except us.
      - It`s useless to reinstall Windows, update antivirus software, etc.
      - Your files can be decrypted only after you make payment.
      - You can find this manual on your desktop (DECRYPT.txt).

Share this post


Link to post
Share on other sites

You should be able to find something original.  One of your programs, download and install them again somewhere to get an original .exe file.  The readme.txt files from programs are often the same even through updates.  Stuff like this.  Doesn't have to originate from your hard drive.  Just has to be unmodified version of the original file.  If you have a picture you know is encrypted, find the original off your phone, or your facebook or something.

Share this post


Link to post
Share on other sites

I'm not an expert or anything.  But i would take your whole hard drive, and set it to the side.  Especially if you think they're still messing with you.  They might be using Remote Desktop to take control of your computer.  Anyway, get those encrypted files set off to the side away from computer.  Get a old hard drive out and put a fresh copy of windows on it.  You should then be able to hook up your infected drive and see the files there.  Just be sure you don't boot from the infected drive after you hook it up.

I posted this in your other topic, but I'm sure you can find an unencrypted file for pairing.  What this means is, you don't need the file to originate from your own hard drive.  If you downloaded microsoft word recently, download it again and use the Word.exe as your original, the find your encrypted Word.exe and drag them onto the decryptor.  The readme.txt that come with most programs are all the same thorugh different versions of the programs.  Notepadd++, winrar, chrome.  If you know you have a program like that, try to download the same version from the internet. 

Anyway, be sure on your new windows to turn off Remote Desktop.  I've also enabled firewall and antivirum and the annoying user account control too.  At least for the time being.

Good Luck.

Share this post


Link to post
Share on other sites

Hi handtrix,

Nemucod doesn't come via RDP usually, however, they may have downloaded more malware which caused this issue. If you want to deal with the password, this article has a few steps you can try.

bruticus0 is correct in that you can use any files or programs you downloaded which were encrypted as the file pair.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.