Robinnnn

Help, my pc is infected!

Recommended Posts

all my restore points were deleted as well, closed the rdp connection for now, after changing the password into something hard and changing the port.

Share this post


Link to post
Share on other sites
Just now, Abhi said:

Hello,

 

i got the same virus infected in my machine. is there a decryption to get back the files ?

No not that i know of yet, but please keep me posted as well if you find anything!

Share this post


Link to post
Share on other sites

@Robinnnn there is a slim chance this could be Dharma (.wallet).  if the Rakhani Decrypter does not work, then it is Cry36.  Currently, Cry36 encrypted files are not decryptable without paying the ransom.

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

Share this post


Link to post
Share on other sites

Paying the ransom to the ransomware author.  Never call them hackers they do not deserve that dignity.  We do not recommend paying the ransom, as there is a good chance that you will not get a decrypter and decryption key.  Alternatively, you could employ the services for data recovering company, that specializes in forensic data recovery.  That can be quite expensive.

Share this post


Link to post
Share on other sites
6 hours ago, Kevin Zoll said:

@Robinnnn there is a slim chance this could be Dharma (.wallet).  if the Rakhani Decrypter does not work, then it is Cry36.  Currently, Cry36 encrypted files are not decryptable without paying the ransom.

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

https://www.nomoreransom.org/uploads/RakhniDecryptor_how-to_guide.pdf

Hello Kevin,

I tried the latest version of the decryptor, but it did not work, so all i can do now is wait i guess..

Thanks for that suggestion!

Share this post


Link to post
Share on other sites
2 hours ago, Fabian Wosar said:

You can try the newer version:

http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip

Kaspersky got their hands on some of the keys for Cry36/Nemesis. So that may work. Make sure the version is 1.21.2.0 or later.

Unsupported encypted file type.. too bad but thanks for the update :)

 

What i am thinking.. in a different topic it says the 5 characters are random in the file extension, but now we have 2 cases with exactly the same extension : 47kv5 so it does not seem that random at all.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.