axelyma

Ransomware Amnesia/Amnesia 2 help

Recommended Posts

Hello, Its been like 4 months that my pc got infected with a ransomware which has been changing since it first appeared, at first, my data had the original name with the extension .crypted, then like a month after, it changed the extension to .02 and soon after that, like in 15 days it totally changed the names of my files to something like this: 3w000000003V-VuJrqtypMh5lXiBltSd.02
They all look like that.

Right after it got infectced, i tried to get rid of it, i did some research and tried to remove it before trying to decrypt, but what i only got was installing some clickbait programs, which you can download for free and run a scan and say they've found the ransomware and was removable, but asked for purchase in order to remove it. I think one of that programs was Spy Hunter or something like that. In any case to the date i havent been able to get rid of it, nor decrypt my files, i used you decryptor for Amnesia and Amnesia 2, but didnt work, i suppose its because the ransom is still in my pc. What can i do to recover my files?

I'll attach some images in order to make this clearer, as well as your requested logs

I could use any help, thank you :)

Addition.txt

FRST.txt

Scan_171104-094453.txt

hydyh.PNG
Download Image

jioh.PNG
Download Image

RECOVER-FILES.HTML

Captura.PNG
Download Image

Share this post


Link to post
Share on other sites

Do you use some form of remote access, such as Microsoft's Remote Desktop (RDP)? It's possible that someone has compromised the computer, and is manually running the ransomware on your system.

That being said, there was no sign of any protection on the computer, so unless an attacker has uninstalled it then it would have been very easy to ransomware to have run on the system and encrypted all of the files, so it's entirely possible that you've simply stumbled upon several different types of ransomware over the past few months.

Did these ransomwares leave behind any sort of ransom message?

You can use ID Ransomware to help identify what ransomware you are currently dealing with, however it more than likely won't tell you what ransomwares had encrypted your files before the latest one:
https://id-ransomware.malwarehunterteam.com/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.