Recommended Posts

Please help me to decrypt my file back.

I got virus from this website.

 

i think i got this virus from this website / app

https://official-kmspico.com
 
password official-kmspico.com
 
Thanks before hand.
 

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-mVSS8cJcv3
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
086Hjh74389hUSf83yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1

 

Edited by GT500
Removed links.

Share this post


Link to post
Share on other sites

Sophal

You correctly think this site with kmspico is the source of the infection!

Due to the launch of a malicious file from there STOP Ransomware encrypted your files.

Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever.

As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor.
Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins.
Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section.

You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.

  • Like 1

Share this post


Link to post
Share on other sites

After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link)

This process should be approached with caution. Read the attached text file.
Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted.
We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.

  • Like 1

Share this post


Link to post
Share on other sites

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Share this post


Link to post
Share on other sites
10 hours ago, GT500 said:

That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

thank you GT500, and thank everyone

I have post and hope that they could me in future, because in his last version it does not work or mine is online_key 

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/page-213

Share this post


Link to post
Share on other sites

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

[!] No keys were found for the following IDs:
[*] ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 10:78:D2:31:55:87
This info has also been logged to STOPDecrypter-log.txt

 

Share this post


Link to post
Share on other sites
18 hours ago, Tony Sulyvam Miranda said:

[*] ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )

That looks like an offline ID. If that's the case, then once the creator of STOPDecrypter gets his hands on a copy of this variant of STOP/Djvu, he'll be able to key the decryption key for it.

Share this post


Link to post
Share on other sites

My files are attacked by ransomware (.radman). Kindly check this note below:

ATTENTION!

Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-mVSS8cJcv3
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

Please help me recover or decrypt my files. I tried with all available decryptors but it was unsuccessful.

Edited by ARNEST
To add a sentence

Share this post


Link to post
Share on other sites
18 hours ago, ARNEST said:

Your personal ID:
086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:
https://kb.gt500.org/stopdecrypter

 

Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

affected by radman virus

plz help

 

----------------------------------------
STOPDecrypter v2.1.0.6
OS Microsoft Windows NT 6.1.7601 Service Pack 1, .NET Framework Version 4.0.30319.42000
----------------------------------------

ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )
Unidentified ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman )
MACs: 00:27:0E:07:D1:B4


 

Share this post


Link to post
Share on other sites
4 hours ago, ARNEST said:

I don't see any leftovers from the STOP/Djvu ransomware, however I do some some files related to pirated software that I highly recommend getting rid of.

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.