sunny parmar 0 Report post Posted May 19 sir my pc infect fordan malware (ransomeware) please solve my problem Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted May 19 If your files are encrypted and now have an .fordan extension, then this is the result of an attack from the STOP Ransomware. STOP Ransomware encrypts files of users in many countries due to the fact that they download and run hacked software (MS Windows, MS Office, other repacked or patched programs), from which someone removed the activation, making them free and dangerous at the same time due of this malicious code. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. If you need help checking your PC for malware, you can make a request in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer. Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted May 19 After checking the PC and folders with encrypted files, you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance. Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted May 20 That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 22 not solve my problem Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 22 a.txt.fordan Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted May 22 Dear sunny parmar The solution is possible, but not immediately. You can view other topics to familiarize yourself with the process. First, the Ransomware is created, then it is distributed through the sites, then the user downloads something, starts it.., then malware infects the PC and encrypts the files. After that, the user discovers that the files are encrypted. Then he turns for help ... How to help him if the files are his PC and encryption occur on his side? Specialists are ready to help, but they need to examine the encrypted files and get the keys for decrypt in order to make decryption possible and more simple. This is a more complicated process than to smear an injured finger with antiseptic, iodine and cure it. Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted May 22 Dear sunny parmar Above, GT500 wrote you what need to do according to his instructions. This can help to developer of STOPDecrypter, and you, of course. Quote If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
shoaib 0 Report post Posted May 22 i have same problem my files encrypted with fordan how can i know is key offline or online? Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted May 22 16 hours ago, sunny parmar said: not solve my problem Yes, that was expected. First we need your ID and MAC addresses from the infected computer, and they there's a possibility that the creator of STOPDecrypter may be able to figure out your decryption key. Or you could get lucky and have an offline ID, so that when support for the variant of STOP/Djvu that encrypted your files is added to STOPDecrypter it will be able to decrypt them on its own. 49 minutes ago, shoaib said: how can i know is key offline or online? Attach a copy of the ransom note to a reply and I'll let you know if it looks like an offline ID. You can also follow the instructions at the link below for getting your ID and MAC addresses with STOPDecrypter, which may help in figuring out your decryption key if you don't have an offline ID:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted May 22 FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 23 sir I send my files details Decrypted 0 files! Skipped 5 files. [!] No keys were found for the following IDs: [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.teamxpart ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.fordan ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.txt ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:11:22:98:76:54, 0C:9D:92:80:F0:3E This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted May 23 13 hours ago, sunny parmar said: I send my files details OK, I've forwarded your information to the creator of STOPDecrypter, and he will archive it in case he is able to figure out your key at some point in the future. Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 24 ok sir Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 26 please solve my problem sir..... Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted May 26 sunny parmar Please, be patient. Support specialists may not respond during the weekend. This is indicated in the forum rules. The solution of the problem may come not very quickly. Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision. Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted May 27 19 hours ago, sunny parmar said: please solve my problem sir..... No one has an immediate solution for this. If you can give the analysts a little time, they may be able to come up with a way for you to decrypt your files. Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted May 27 ok sir.... Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted June 1 please help sir I again send you [!] No keys were found for the following IDs: [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.teamxpart ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.fordan ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.txt ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:11:22:98:76:54, 0C:9D:92:80:F0:3E 1.ai.fordan Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted June 3 On 6/1/2019 at 12:49 AM, sunny parmar said: I again send you There's no need to send the information again. It's already been archived. Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted June 4 Just hold on a bit longer, and we'll come up with a solution for you. Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted June 5 thanks sir☺️ Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted June 12 sir my problem not solve...please help me... Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted June 12 sorry for late _readme.txt 006.jpg.fordan Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted June 12 18 hours ago, sunny parmar said: sir my problem not solve...please help me... Just give us some time, and we'll come up with a solution for you. Quote Share this post Link to post Share on other sites
sunny parmar 0 Report post Posted July 3 sir please solve my problem Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted July 4 12 hours ago, sunny parmar said: sir please solve my problem It's not possible to speed up the process. Figuring out decryption keys is random, so we just have to wait. Quote Share this post Link to post Share on other sites
GT500 595 Report post Posted October 19 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites