axelyma

Ransomware Amnesia/Amnesia 2 help

Recommended Posts

Hello, Its been like 4 months that my pc got infected with a ransomware which has been changing since it first appeared, at first, my data had the original name with the extension .crypted, then like a month after, it changed the extension to .02 and soon after that, like in 15 days it totally changed the names of my files to something like this: 3w000000003V-VuJrqtypMh5lXiBltSd.02
They all look like that.

Right after it got infectced, i tried to get rid of it, i did some research and tried to remove it before trying to decrypt, but what i only got was installing some clickbait programs, which you can download for free and run a scan and say they've found the ransomware and was removable, but asked for purchase in order to remove it. I think one of that programs was Spy Hunter or something like that. In any case to the date i havent been able to get rid of it, nor decrypt my files, i used you decryptor for Amnesia and Amnesia 2, but didnt work, i suppose its because the ransom is still in my pc. What can i do to recover my files?

I'll attach some images in order to make this clearer, as well as your requested logs

I could use any help, thank you :)

Addition.txt

FRST.txt

Scan_171104-094453.txt

hydyh.PNG
Download Image

jioh.PNG
Download Image

RECOVER-FILES.HTML

Captura.PNG
Download Image

Share this post


Link to post
Share on other sites

Do you use some form of remote access, such as Microsoft's Remote Desktop (RDP)? It's possible that someone has compromised the computer, and is manually running the ransomware on your system.

That being said, there was no sign of any protection on the computer, so unless an attacker has uninstalled it then it would have been very easy to ransomware to have run on the system and encrypted all of the files, so it's entirely possible that you've simply stumbled upon several different types of ransomware over the past few months.

Did these ransomwares leave behind any sort of ransom message?

You can use ID Ransomware to help identify what ransomware you are currently dealing with, however it more than likely won't tell you what ransomwares had encrypted your files before the latest one:
https://id-ransomware.malwarehunterteam.com/

Share this post


Link to post
Share on other sites

Did either decrypter give an error message when they failed to decrypt the files?

Share this post


Link to post
Share on other sites

Also, would you be able to attach a couple of encrypted files to a reply for us to look at?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.