Robinnnn

Help, my pc is infected!

Recommended Posts

received this in a txt message :

 

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

To decrypt your files you need to buy the special software – «Nemesis decryptor»
You can find out the details / buy decryptor + key / ask questions by email: [email protected]


Your personal ID: xxxxxxxxxxxxxxxxx

scan_170609-211304.txt

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites
Just now, Abhi said:

Hello,

 

i got the same virus infected in my machine. is there a decryption to get back the files ?

No not that i know of yet, but please keep me posted as well if you find anything!

Share this post


Link to post
Share on other sites

@Robinnnn there is a slim chance this could be Dharma (.wallet).  if the Rakhani Decrypter does not work, then it is Cry36.  Currently, Cry36 encrypted files are not decryptable without paying the ransom.

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

Share this post


Link to post
Share on other sites

Paying the ransom to the ransomware author.  Never call them hackers they do not deserve that dignity.  We do not recommend paying the ransom, as there is a good chance that you will not get a decrypter and decryption key.  Alternatively, you could employ the services for data recovering company, that specializes in forensic data recovery.  That can be quite expensive.

Share this post


Link to post
Share on other sites
6 hours ago, Kevin Zoll said:

@Robinnnn there is a slim chance this could be Dharma (.wallet).  if the Rakhani Decrypter does not work, then it is Cry36.  Currently, Cry36 encrypted files are not decryptable without paying the ransom.

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

Hello Kevin,

I tried the latest version of the decryptor, but it did not work, so all i can do now is wait i guess..

Thanks for that suggestion!

Share this post


Link to post
Share on other sites
2 hours ago, Fabian Wosar said:

You can try the newer version:

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

Kaspersky got their hands on some of the keys for Cry36/Nemesis. So that may work. Make sure the version is 1.21.2.0 or later.

Unsupported encypted file type.. too bad but thanks for the update :)

 

What i am thinking.. in a different topic it says the 5 characters are random in the file extension, but now we have 2 cases with exactly the same extension : 47kv5 so it does not seem that random at all.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.