abdulrhman

My computer is infected with a virus (.qpdqr)

Recommended Posts

Probably, this is GANDCRAB v.5

More precisely, it should be written in your note QPDQR-DECRYPT.txt, which you did not attach to the message ...

We don't have anything that can decrypt files that have been encrypted by GandCrab.

BitDefender does have a decrypter for GandCrab, however they obtain the decryption keys for it by working with law enforcement to gain access to the servers being used by the criminals...

I recommend making a backup of your encrypted files and the ransom notes before try decryption files. 

Decryption tool:
https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/

Share this post


Link to post
Share on other sites

BitDefender's decrypter for GandCrab doesn't work with v5.2, which has been the latest version of GandCrab since early this year.

You can verify if it is indeed GandCrab you're dealing with on ID Ransomware:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

The version should be written in a note QPDQR-DECRYPT.txt.
The QPDQR-DECRYPT.txt format is characteristic of previous versions that have been decrypted.

Share this post


Link to post
Share on other sites

---=    GANDCRAB V5.0.4  =--- 

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention! 

All your files, documents, photos, databases and other important files are encrypted and have the extension: .QPDQR        

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser 
| 2. Open Tor Browser 
| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/8f73e6a206758cf                         
| 4. Follow the instructions on this page 

----------------------------------------------------------------------------------------                    
    

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. 


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAIzGHOGWjAfuPjXFRvJ7mclVZQgzAA//Hedj4rFTlC3oUwVkynPhe0G/ljdn7XG3SYabXCXvVSGhXK5XmxExggQGz5xRKPLypFUwJVLrBFsvDBrm8EN0ApYekpW5/vl6EqY30mL2jJtO6YFrcE0pwQCr0SK/pv+VNReFtjNtO/nlRskbP/2bD02uN5JNDgNisaqhpWatea4fLLImSHAYD8MeR8eP3R8T1pGqt2J6NO2Ody0yHtu1YBYwVP/oU3xI6rWRszCT07N8JQ31esujEW3grkgP9258qPNTcXtU/YlSnDKsq2+zuID3Yo72zc5U5lo7SQsejekszg/lppJSqVwYCclO0DEZwM4HbGMBf8a2heN36WVhWsFVXzuIz4lVdjoOEICeNQrBqUpWG9RjF8706FVwJGg2dH1TXXDVe6k8klojjVY1ga7+t7D9jjCEoeRG0c2wvYB71JZgD0b5q4GKwcuIcmYCrggHvq3AZouYqT2a9XUMuZms+tlzvfksC653K/7nKyuJZ7rm3oV8wiwSUCfv6QJ0e7+QuQH7sQmDJTL+V35JA+ATU4aH4dEBYtWlGHkRUm4OePN0qtxHJd1KhSH3gR2FmK06vK8VfhhtlYxJhfpxLaCtE2btgtb33M1ACG3iBrsqktxqb3/TMBwE8EePLaV+mrPH5crrilic40+SsKVxkk0adbOsa5EZyG+3jQTlwp5trbjRVCqhSAMHk2nGRHkwwwAgqbv7FAk0PR211AHNwQeuQn9jtMwZy5RidZ+O9Ebc2+H64Mldqon8wwzL75EUkN1x1cQ0By45Q5qTpHgFRYhz5n4/13/WLXz+0lFKxt6RYs7ykbVxyoXPOSVzGTbt+seMos3fxBbl9hFwQDJCnEGu3Im5nMNRWtfhUVh+3QSOQUP5YqLxNmGKFmQ0BOc82YobyPYHiJIgmIBsnYmOmpN5XmS0LB7NhwSfwI9jZxsmk4LDEQvogMsdfS8LONYvx1CeNLpkDYhmQ3yT9jE7YjaRcmT4aU0ZMoF/6xNy+GYpHaOO3+eo5R5tqJxrX4BXNB+PkMMe2hu5m/EKFWpNkHhmvxXxiv7TPVcLM00G6oKmwZ1CEqDCB/5tSXJP1Ow1jSqCHvBGvbLx0Cx7SnOsnTnGql9y7fXvMO65vDbyZEGXiJL6qGRcrZR+cfFK5YH9ZoQHQvFXNh5EDzzUos86IU3z+kxlaeRzjZ2wpwJ6QoW9TZDBLSbmfTcz+4DhOH2w2zKaqPjwdv7xsAuCna6FcwYbBGXLNXUx0yJCHfez3hNy3mJvLqXbgRJrefrB4+VFrIqgd5d57nVl4V7B9owpXYi92wIOLbR3R+wtcexhvF91WyGSLeJdoEWtqsUV64QWEpf6nQKi3klarRMg6uyx099cp/qkcCsjlm2P+QALxeXDCZ+YcBNYat1JWGamINsy8YE1FDLisEGSD6zzlpn+hsAt/lSMKvC7JqZRV2GYDtODMfNuBmQ9Hd2JYZtCitZfzkStAMirYohfiysGD9EVYGb/tOhdiLuGYtB/vn6hQ/5v0KCjfRzJUYEZqF2DtCxP4vhT1sVL+pQ3GK07ILeuaQwv3UBOx1LUHd2Mk+ANNuVnkyYkh62J6U8qz29VR9p05Ye4yliY9baPhgB6N7Z8zWSfF7ULytM4cpOUsaN8mrJnVOMAUHzLzogL+wZz5kiZ499Shv7PHv10/Tb3UXgImUOWSayXskaXMbtiWPS71cS/zSLIp6iUPsO3vsy0Awrev00HfNhn0RqxFyjjHhVcI+RiDas5fmPAF9K0TaKnj5mrAaSe0gwErd7ZNhES45youGJMBuRabtlVJfBANapuxj9pBnMHcguRcAbPMU36n3zRFgprHLGY+cqJy8vBJyPYO7rseqwgtMw1zWBjZ8RJFMm/tPoSh0kk3xCZwAqj48HwXgfr86zKGLixq9FYVOTH3mZ9LBOIVR4J9R3CZxKE6DIUcSrcbOj99aRaMwXTq8+2OGdEaKHMmIUIS8Oft8REgNKS8ZpYsKQsDDrcIcAZAthjE9e9brdiiicVYT8tHeT4fwhalCqCcTZDxXsLlgF67CXdB/peDiWNusYAT0pfWR0Dng8H06/KpCA0mIaVxHeBZZV4YAnWhIKl2LFdNTx+WQGp5ZYau0PF/yG1A18u8dXL65MM0H1XTwcoNsBb04MW+BBhH0OVD9l+zgLpqueyhdovIh0pfZaFYDIHmU+3JCoxhG4ZzIEc5c1SEec=
---END GANDCRAB KEY---

---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U4exPlaNOUnt7zxTOun1/FYMvMWWGh4NYbFd45ZITrlRn3Yy7l1W2LfUTGqH6B5IBL7zv9NI75v6eEGkDAHiQJJB8/7FY//fmE2oDJAuLqqj2PxO2UrxbpK2ioGhfUSSApgAqbZkONOX0LmSbUAkaXQIbYSWqsCgYZ5YF6SAxtUpW44e2+uAAlKnZBhV3gPAuUvcIiJ02K+MekP9MKkPxIpiLFOTCpxWmtsoUnYwP4A/UPrN1sNzizbyjdxAVHh4l9FnYt06CBUxfQ7fDMEr9X1sSj3FUA/vkdQtKdi0qdun/brg5+ti57FkkQrBseL6/yU2Tut7GrRYNVrXBirtpRGAEd4boidH4t+4aqbjY8tyb4yk2X6iyZRITTkqeFPnJNYJ95FlwKEoDhO+nNY+Yu4qAMuf4mE3g6lrLw3oxAZKwQ7yZizpARFO3vXLNea21w4ZNHQQRlKKfTnY1lbgdn8FmU7fnCzuQT1nl7JYlrawg3J7VfrpEzf1fBEce8BhP35NhH9VQ3jC3qZLEuPtKEi3BYBMZZHwHpwOdb/GRdoPpIl6V6Pu+rO9zMz9TnZ8h6Yznuw8RZJtX//SbjrWu+ISXpJeOtQo9ERhO1LU2rxgjWneLVAzkAsMfm75F2FWiTYEzbIET7bbAgEr+FrulOyI8=
---END PC DATA---

الرجاء المساعدة

Share this post


Link to post
Share on other sites

Yes, this is a previous version, whose files can be decrypted.
Link to the  decryption files you have. Try to decrypt files, as was written above.

On 6/10/2019 at 11:53 PM, Amigo-A said:

Important note.
Folders containing encrypted files must have English names (for example, New Folder) or numbers as 1234567890

Earlier there were cases when the letters other languages interfered with decoding. It is possible that the developers have already fixed this error. But you just keep that in mind.

Share this post


Link to post
Share on other sites
4 hours ago, abdulrhman said:

---=    GANDCRAB V5.0.4  =---

BitDefender's decrytion tool works with v5.0.4, so you should be able to use it to recover your files. Just follow Amigo-A's advise and you should be able to recover your files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.