Eng_Chetan 0 Report post Posted January 7 My PC got affected on 5-Jan 2019 evening with this ransomware ".DJVUR"n ad all media files (JPG, PDH, MP4, MS Office etc) got affected with change in extension. I tried everything possible to remove the Ransomware. My PC was creating lot of issues so I got it formatted and Now I am left with the encrypted files most of them is my personal photos, videos and reading material. I am looking for suitable decryptor to recover my files. Please help me to recover back my data. Thanks in advance Share this post Link to post Share on other sites
imdead 0 Report post Posted January 7 me too...my PC on 5 -Jan 2019 morning got this ransomware its the first time i got this kind of bad virus - and some of my files encrypted with .djvur extension specially the books and multimedia and some rar and iso i could able to stop it by formatting my PC but i still have those files encrypted with _openme.txt note file any idea how to decrypte the files even maybe with a tool ----i need to rescue this files Share this post Link to post Share on other sites
GT500 495 Report post Posted January 8 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Share this post Link to post Share on other sites
imdead 0 Report post Posted January 8 (edited) job done here you are sir: https://id-ransomware.malwarehunterteam.com/identify.php?case=f267a9e1718ebfe18e19bf9956fd9b2c7a744c70 i hope you find help for us if you need anything just ask also ...i think this is the infected file: http://snowfiles.com/tyubog90pdyk be careful don't download and use this file on your PC it will destroy your data with .djvur encryption only use it in a restricted machine-----------let me know if anything new found Edited January 8 by GT500 Made link non-clickable. Share this post Link to post Share on other sites
GT500 495 Report post Posted January 8 That link is to one of those obnoxious download sites that hides the read download link under a bunch of ads. I was told by one of our malware analysts that you have to click on the close button in one of the ads three times before it would show the real download button. Do you remember if you did that, or if you clicked on the download button in one of the ads? Share this post Link to post Share on other sites
imdead 0 Report post Posted January 9 20 hours ago, GT500 said: That link is to one of those obnoxious download sites that hides the read download link under a bunch of ads. I was told by one of our malware analysts that you have to click on the close button in one of the ads three times before it would show the real download button. Do you remember if you did that, or if you clicked on the download button in one of the ads? no --it works fine .but it has some stupid ads you must click the blue button until it stops showing ads then you can download it also be careful a gain run it on a restricted PC or vm Share this post Link to post Share on other sites
GT500 495 Report post Posted January 9 1 hour ago, imdead said: you must click the blue button until it stops showing ads then you can download it One of our malware analysts already did that, and the downloaded file did not appear to be ransomware. Share this post Link to post Share on other sites
askkali 0 Report post Posted January 10 (edited) https://monova.to/0493A0CC721FD6BA5505AA3818068E3E9E6610B1 i found djuvr from here. Edited January 10 by GT500 Made link non-clickable. Share this post Link to post Share on other sites
GT500 495 Report post Posted January 10 15 hours ago, askkali said: https://monova.to/0493A0CC721FD6BA5505AA3818068E3E9E6610B1 i found djuvr from here. Thank you. I have forwarded that to our malware analysts so that they can take a look at it. I'll let you know if they find anything useful. Share this post Link to post Share on other sites
infecteddjvur 0 Report post Posted January 12 hi, is there any update on this ransomware .djvur? anyway to decrypt the file? Share this post Link to post Share on other sites
infecteddjvur 0 Report post Posted January 12 i have uploaded a sample file https://id-ransomware.malwarehunterteam.com/identify.php?case=d32adb657034fd2e416b4b7f28aa7d5fcd9d69bc Share this post Link to post Share on other sites
GT500 495 Report post Posted Tuesday at 12:15 AM It's been identified as a variant of the STOP ransomware. Michael Gillespie is still analyzing the encryption method, however there is someone who has offered to assist people with possibly decrypting their files. There is more information at the following links:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-15#entry4663667https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-16#entry4663935 Share this post Link to post Share on other sites
imdead 0 Report post Posted Tuesday at 06:42 PM if any one has an infected setup file or .exe file with this kind of ransom **** share it with us here or paste the link I'm proud to check it Share this post Link to post Share on other sites
GT500 495 Report post Posted Tuesday at 08:58 PM 2 hours ago, imdead said: if any one has an infected setup file or .exe file with this kind of ransom **** share it with us here or paste the link I'm proud to check it We discourage sharing of potentially malicious files with others on these forums. It's best to upload things to VirusTotal, and send a link to the analysis to us. Or to send them to us privately. Share this post Link to post Share on other sites
nemo74 0 Report post Posted Wednesday at 02:01 PM On 1/15/2019 at 1:15 AM, GT500 said: It's been identified as a variant of the STOP ransomware. Michael Gillespie is still analyzing the encryption method, however there is someone who has offered to assist people with possibly decrypting their files. There is more information at the following links:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-15#entry4663667https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-16#entry4663935 Thanx for this info.. I have now sent him my info Share this post Link to post Share on other sites
GT500 495 Report post Posted Wednesday at 09:25 PM Just so that everyone knows, Michael Gillespie is still working on analyzing the encryption method of the ransomware. There appears to be some conditions under which it might be decryptable, and if he can find a way to help with recovery of files then he will more than likely let me know (or BleepingComputer will announce it in their news). Share this post Link to post Share on other sites
Bikash586 0 Report post Posted Thursday at 02:08 PM Hi , My PC got infected with DJVUT extension is there any solution to get rid of it . Since I formatted my PC I am left with with this extension . Hope I will get help from this site. 01 - Track.MP3.djvut _openme.txt Share this post Link to post Share on other sites
imdead 0 Report post Posted Thursday at 10:17 PM 8 hours ago, Bikash586 said: Hi , My PC got infected with DJVUT extension is there any solution to get rid of it . Since I formatted my PC I am left with with this extension . Hope I will get help from this site. 01 - Track.MP3.djvut _openme.txt i think it is another variant of stop ransomware but this topic about djvur only hmmm.if they found a way to break djvur then that might work with your too-----be patient Share this post Link to post Share on other sites
GT500 495 Report post Posted Thursday at 10:33 PM Michael Gillespie made a decrypter for this ransomware, however please note that it only works if the ransomware was unable to contact its Command and Control servers when it encrypted your files. A detailed explanation (including a download) is available at the following link:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-21#entry4667165 Share this post Link to post Share on other sites
imdead 0 Report post Posted yesterday at 11:27 AM 12 hours ago, GT500 said: Michael Gillespie made a decrypter for this ransomware, however please note that it only works if the ransomware was unable to contact its Command and Control servers when it encrypted your files. A detailed explanation (including a download) is available at the following link:https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-21#entry4667165 it doesn't work for me... Unfortunately it doesn't accept my id how to send my id to him...maybe he found a key for me Share this post Link to post Share on other sites
GT500 495 Report post Posted 21 hours ago You can contact Michael privately on BleepingComputer, Twitter, or on our forums:https://www.bleepingcomputer.com/forums/u/726225/demonslay335/https://twitter.com/demonslay335https://support.emsisoft.com/profile/44427-demonslay335/ Share this post Link to post Share on other sites
imdead 0 Report post Posted 1 hour ago 20 hours ago, GT500 said: You can contact Michael privately on BleepingComputer, Twitter, or on our forums:https://www.bleepingcomputer.com/forums/u/726225/demonslay335/https://twitter.com/demonslay335https://support.emsisoft.com/profile/44427-demonslay335/ yes-- i send him samples....may be he will find a solution Share this post Link to post Share on other sites
