handtrix 0 Report post Posted April 26, 2017 Hi! My PC is infected with this. I was able to follow an instruction from another thread related to this problem. Here is my generated files. ----------------------------------------------------------------------------------------------------------------------------------------------- ATTENTION! All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. To restore your files you have to pay 0.20556 BTC (bitcoins). Please follow this manual: 1. Create Bitcoin wallet here: https://blockchain.info/wallet/new 2. Buy 0.20556 BTC with cash, using search here: https://localbitcoins.com/buy_bitcoins 3. Send 0.20556 BTC to this Bitcoin address: 15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR 4. Open one of the following links in your browser to download decryptor: http://minneapolisarborist.com/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://dophotography.nyc/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://boris-nikitin.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://abv-mebelshop.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://boom71.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR 5. Run decryptor to restore your files. PLEASE REMEMBER: - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES. - Nobody can help you except us. - It`s useless to reinstall Windows, update antivirus software, etc. - Your files can be decrypted only after you make payment. - You can find this manual on your desktop (DECRYPT.txt). Addition.txt FRST.txt Quote Share this post Link to post Share on other sites
Sarah W 26 Report post Posted April 27, 2017 Hi handtrix, I see you downloaded decrypt_Nemucod.exe, you will need to drag an encrypted and unencrypted version of the the same file onto the decrypter and then you can decrypt all your files. Regards, Sarah Quote Share this post Link to post Share on other sites
handtrix 0 Report post Posted May 1, 2017 Hi Sarah, I already did this steps but i couldn't find an uncrypted copy of my files. all of them are already crypted. I wont be able to run the decrypter. Quote Share this post Link to post Share on other sites
handtrix 0 Report post Posted May 1, 2017 Hi there again! My computer had been infected with RSA 1024 a.k.a. Nemucod 5 days ago. (below is a decrypt letter) I did not pay the perpetrators for a code. I already seek advice from experts and nothing solved. I was adviced to use emsisoft decryptor but I couldn't find a original uncrypted file to drag unto the icon together with an identical crypted version. All I can see all over my PC are crypted files. I tried renaming, & restore system still nothing happend. When I double click a file to open, only codes will apear. So today, after 5 days from the date of infection. When I open my PC "I CAN'T LOG INTO WINDOWS PERSONAL ADMINISTRATIVE ACCOUNT" i know the password but it says its wrong. I wanna know if this an aftermath of not solving the infection after 3 days as they threaten me on the letter? WHAT ARE THE WORSE THINGS THAT COULD HAPPEN AFTER UNSOLVED NEMUCOD? What can I do? May I be able to open my user account ever again? or is there any means I may be able to retrieve my file? PLEASE HELP! ----------------------- ATTENTION! All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. To restore your files you have to pay 0.20556 BTC (bitcoins). Please follow this manual: 1. Create Bitcoin wallet here: https://blockchain.info/wallet/new 2. Buy 0.20556 BTC with cash, using search here: https://localbitcoins.com/buy_bitcoins 3. Send 0.20556 BTC to this Bitcoin address: 15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR 4. Open one of the following links in your browser to download decryptor: http://minneapolisarborist.com/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://dophotography.nyc/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://boris-nikitin.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://abv-mebelshop.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR http://boom71.ru/counter/?15b3KTBda2ZPjXvt9qdF3jwDRSjS5bpdzR 5. Run decryptor to restore your files. PLEASE REMEMBER: - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES. - Nobody can help you except us. - It`s useless to reinstall Windows, update antivirus software, etc. - Your files can be decrypted only after you make payment. - You can find this manual on your desktop (DECRYPT.txt). Quote Share this post Link to post Share on other sites
bruticus0 3 Report post Posted May 1, 2017 You should be able to find something original. One of your programs, download and install them again somewhere to get an original .exe file. The readme.txt files from programs are often the same even through updates. Stuff like this. Doesn't have to originate from your hard drive. Just has to be unmodified version of the original file. If you have a picture you know is encrypted, find the original off your phone, or your facebook or something. Quote Share this post Link to post Share on other sites
bruticus0 3 Report post Posted May 1, 2017 I'm not an expert or anything. But i would take your whole hard drive, and set it to the side. Especially if you think they're still messing with you. They might be using Remote Desktop to take control of your computer. Anyway, get those encrypted files set off to the side away from computer. Get a old hard drive out and put a fresh copy of windows on it. You should then be able to hook up your infected drive and see the files there. Just be sure you don't boot from the infected drive after you hook it up. I posted this in your other topic, but I'm sure you can find an unencrypted file for pairing. What this means is, you don't need the file to originate from your own hard drive. If you downloaded microsoft word recently, download it again and use the Word.exe as your original, the find your encrypted Word.exe and drag them onto the decryptor. The readme.txt that come with most programs are all the same thorugh different versions of the programs. Notepadd++, winrar, chrome. If you know you have a program like that, try to download the same version from the internet. Anyway, be sure on your new windows to turn off Remote Desktop. I've also enabled firewall and antivirum and the annoying user account control too. At least for the time being. Good Luck. Quote Share this post Link to post Share on other sites
handtrix 0 Report post Posted May 1, 2017 @bruticus0 thanks! the brilliant idea of getting an original file is such a big help. I will follow your advice. Quote Share this post Link to post Share on other sites
Sarah W 26 Report post Posted May 1, 2017 Hi handtrix, Nemucod doesn't come via RDP usually, however, they may have downloaded more malware which caused this issue. If you want to deal with the password, this article has a few steps you can try. bruticus0 is correct in that you can use any files or programs you downloaded which were encrypted as the file pair. Regards, Sarah Quote Share this post Link to post Share on other sites
