Luwie 0 Report post Posted June 11 I already reformat my Computer but I need a help for recovery of my files. Please help me with my problem. I still have all my files but with extension name .gerosan. I checked the extension name in https://id-ransomware.blogspot.com/2017/12/stop-ransomware.html but I can't find .gerosan. ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-hvv30uAtTY Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Your personal ID: _readme.txt SeagateExpansion.ico.gerosan Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted June 11 Quote extension .gerosan This is a new variant of STOP Ransomware has been encrypt your files. You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse. I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected. Demonslay335 (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. At the moment, it not been added to ID Ransomware (not been message), but it will soon be added. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 11 That is a variant of the STOP/Djvu ransomware. STOPDecrypter can't recover your files yet, however it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 12 Thank you guys for fast reply. This is the FRST logs I attached it here in my reply. I hope you guys can help me to recover my files. Thank you in advance. This is the StopDecrypter log. Decrypted 0 files! Skipped 72 files. [!] No keys were found for the following IDs: [*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 78:AC:C0:BD:AB:1F This info has also been logged to STOPDecrypter-log.txt FRST.txt Addition.txt Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 12 Thank you guys for helping me, you guys are great. I hope no one will become a victim with this kind of ransomware again. Quote Share this post Link to post Share on other sites
Yug 0 Report post Posted June 12 1 hour ago, Luwie said: Can u please explain it step to step my pc will suffering to this encryption Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 12 35 minutes ago, Yug said: Can u please explain it step to step my pc will suffering to this encryption Demonslay335 (the developer of the decoder) collects information from the victims. He will PM you and just follow his instruction. I don't know if the instruction that Demonslay335 gave me is going to fix your issue. Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted June 12 Luwie There is nothing in the logs indicating absolute malware, but there are several PUP and some dangerous downloads that you may suffer from. \Downloads\DirectX_11_Setup_2083197489.exe\Downloads\Recuva v1.53 setup + crack If you have already installed this software, then remove it and delete the installation files. Quote Share this post Link to post Share on other sites
Yassine 0 Report post Posted June 12 Please, i need help to recover my files, i realy need them for work, im a photographer and i really need my files back, thanks Here is my info : Decrypted 0 files! Skipped 8 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: C8:CB:B8:02:B5:45, E2:06:E6:36:52:AC, E2:06:E6:36:5A:AC, 00:FF:2B:FB:79:3E, E0:06:E6:36:52:AC This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 12 9 hours ago, Luwie said: Thank you guys for helping me, you guys are great. I hope no one will become a victim with this kind of ransomware again. You're welcome. 7 hours ago, Yug said: Can u please explain it step to step my pc will suffering to this encryption Just follow the instructions I posted at the following link: 1 hour ago, Yassine said: [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: C8:CB:B8:02:B5:45, E2:06:E6:36:52:AC, E2:06:E6:36:5A:AC, 00:FF:2B:FB:79:3E, E0:06:E6:36:52:AC This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. 1 Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 12 5 hours ago, Amigo-A said: Luwie There is nothing in the logs indicating absolute malware, but there are several PUP and some dangerous downloads that you may suffer from. \Downloads\DirectX_11_Setup_2083197489.exe\Downloads\Recuva v1.53 setup + crack If you have already installed this software, then remove it and delete the installation files. Thank you for the warning I will immediately delete those two files specially Recuva it didn't help me recover my files anyway. Thank you guys again for all the help. Quote Share this post Link to post Share on other sites
Yassine 0 Report post Posted June 13 2 hours ago, GT500 said: thank you so much; i will be waiting, God bless Thank Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 13 The ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) The old ID that I decrypted is [*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan ) I left my computer overnight for decrypting but when I wake up and check if the decrypting is done I saw that only 25% of my family pictures and videos are restored. I tried 5x if the STOPdecrypter can decrypt one picture but it failed to restore one picture because the ID is different from the 25% of my files .gerosan ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) instead of [*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan ). Decrypted 0 files! Skipped 1 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 78:AC:C0:BD:AB:1F This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
EricN 0 Report post Posted June 13 Please Help my file invected by .gerosanAddition.txtFRST.txt Quote Share this post Link to post Share on other sites
JGEthan 0 Report post Posted June 13 On 6/11/2019 at 10:28 PM, Luwie said: I already reformat my Computer but I need a help for recovery of my files. Please help me with my problem. I still have all my files but with extension name .gerosan. I checked the extension name in https://id-ransomware.blogspot.com/2017/12/stop-ransomware.html but I can't find .gerosan. ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool:https://we.tl/t-hvv30uAtTY Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Your personal ID: _readme.txtUnavailable SeagateExpansion.ico.gerosanUnavailable Same here mY all Files are infected about 3.5 to 4 tb data encrypted (.Gerosan) Plz plz Help me How to decypt my files 😥😥 Quote Share this post Link to post Share on other sites
Din 1 Report post Posted June 13 sorry, i just want to know. it is safe to not decyrpt the file and just delete the extension .gerosan? Quote Share this post Link to post Share on other sites
Din 1 Report post Posted June 13 https://www.pcrisk.com/removal-guides/15211-gerosan-ransomware is this link good to decyrpt the file? Quote Share this post Link to post Share on other sites
Sg123 0 Report post Posted June 13 Hi, can you help me decrypt my files. All file names have .gerosan extension. Tried using Stop decrypter. It said key no key was found and it skipped all files. Please help me. Really important academic work encrypted. Quote Share this post Link to post Share on other sites
stapp 130 Report post Posted June 13 26 minutes ago, Din said: sorry, i just want to know. it is safe to not decyrpt the file and just delete the extension .gerosan? Follow the instructions here https://support.emsisoft.com/topic/31280-gerosan-file-encrypted-please-help/?tab=comments#comment-193731 Quote Share this post Link to post Share on other sites
Rizkifebian 2 Report post Posted June 13 This my result. hope u can fix the problem...all the data is very importent Decrypted 101 files! Skipped 4551 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.bak ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.docx ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.pptx ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.exe ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.goresan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 98:29:A6:89:B3:2C, F8:34:41:2F:05:72, FA:34:41:2F:05:71, F8:34:41:2F:05:71, F8:34:41:2F:05:75 This info has also been logged to STOPDecrypter-log.txt Addition.txt FRST.txt Quote Share this post Link to post Share on other sites
Sg123 0 Report post Posted June 13 [!] No keys were found for the following IDs: [*] ID: Ys6AMqyvxA6taF8tEp1OOr9eH3ZmFTXvTorRSCjp (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 50:9A:4C:BF:80:1C, AC:ED:5C:A7:94:C4, AE:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C7 This info has also been logged to STOPDecrypter-log.txt Please help me. These are the ID and MAC addresses. My really important files got encrypted. Thank you so much. Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted June 13 2 hours ago, Din said: https://www.pcrisk.com/removal-guides/15211-gerosan-ransomware is this link good to decyrpt the file? @Din No. This site offers to use the SpyHunter tool that does not decrypt files. There are a lot of such sites on the Internet that advertise SpyHunter, which will not do anything to decrypt. We have provided all the necessary information above. See the 2st and 3st post of topic. Quote Share this post Link to post Share on other sites
MadHawk 0 Report post Posted June 13 On 6/12/2019 at 4:06 AM, GT500 said: ow to get this information with STOPD Please help.It is really important for me to decrypt the files. Please. The stopdecrypter just showed "[+] Loaded 42 offline keys". Help.Attached the FRST and Addition files. FRST.txt Addition.txt Quote Share this post Link to post Share on other sites
Din 1 Report post Posted June 13 26 minutes ago, MadHawk said: Please help.It is really important for me to decrypt the files. Please. The stopdecrypter just showed "[+] Loaded 42 offline keys". Help.Attached the FRST and Addition files. FRST.txtUnavailable Addition.txtUnavailable i also have the same message like this. "[+] Loaded 32 offline keys". Quote Share this post Link to post Share on other sites
kiki 0 Report post Posted June 13 Please Help Me I have Same Problem +] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] MACs: 18:5E:0F:A2:DA:3D, 1A:5E:0F:A2:DA:3C, 18:5E:0F:A2:DA:3C This info has also been logged to STOPDecrypter-log.txt STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
kiki 0 Report post Posted June 13 Please Help Me for same problem +] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] MACs: 18:5E:0F:A2:DA:3D, 1A:5E:0F:A2:DA:3C, 18:5E:0F:A2:DA:3C This info has also been logged to STOPDecrypter-log.txt STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
Din 1 Report post Posted June 13 [+] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt --------------------------------------------------------------------------------------------------------------- Decrypted 0 files! Skipped 45 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt please help me STOPDecrypter-log.txt 1 Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted June 13 @Din From logs you can see that your browser Google Chrome has turned into something terrible. Several dangerous extensions that can not only show ads and redirect you to a bad sites, but also keep track of your preferences and steal your personal information. I recommend that you remove all (!!!) browser extensions manually and later reset the browser settings to their defaults. Then you can reinstall AdBlock from the official page.https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en Other extensions are unreliable or dangerous. Quote Share this post Link to post Share on other sites
Yassine 0 Report post Posted June 13 5 hours ago, Din said: [+] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt --------------------------------------------------------------------------------------------------------------- Decrypted 0 files! Skipped 45 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt please help me STOPDecrypter-log.txtUnavailable it seems like we both have the same ID Quote Share this post Link to post Share on other sites
Yassine 0 Report post Posted June 13 just noticed that almost 3 or 4 of us have this ID [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) Quote Share this post Link to post Share on other sites
JGEthan 0 Report post Posted June 13 Please Please Help me to back my data.. from childhood all my family photos videos are infected and there is no backup for this plz help me how to decrypt my data about 3 to 3.5tb is infected by {gerosan extention} StopDecrypter log. Decrypted 0 files! Skipped 20 files. [!] No keys were found for the following IDs: [*] ID: D6PgCK0v8J5ppCODraPkuA10EOifMVs2Y0uVf200 (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: C8:9C:DC:B4:9A:FB, 20:E2:17:05:5B:BE, 20:E2:17:05:5B:BF, 20:E2:17:05:5B:BC This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted June 13 21 hours ago, Yassine said: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) @Din @Yassine @Luwie New variant STOPDecrypter supports your ID https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Quote Share this post Link to post Share on other sites
Abichandra 1 Report post Posted June 13 Need help ! All my files have been corrupted with .gerosan Already downloaded the STOPDecrypter but there’s a warning about ‘Alphaleonis.Win32.Filesystem.NativeMethods’ threw an exception. Therefore I can’t decrypt my files What to do ?? Quote Share this post Link to post Share on other sites
Luwie 0 Report post Posted June 13 28 minutes ago, Amigo-A said: @Din @Yassine @Luwie New variant STOPDecrypter supports your ID https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Thank you very much. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 21 hours ago, Luwie said: The ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) Your computer is almost certainly still infected. Get me logs from FRST before you do anything else, or this will happen again. You can find instructions for downloading and running FRST at the following link:https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning. 18 hours ago, Din said: sorry, i just want to know. it is safe to not decyrpt the file and just delete the extension .gerosan? No, that won't solve your problem. 18 hours ago, Din said: https://www.pcrisk.com/removal-guides/15211-gerosan-ransomware is this link good to decyrpt the file? I recommend sticking to BleepingComputer.com or our forums for decryption help.https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 @EricN, @MadHawk, @Abichandra if you could follow the instructions at the link below and post the information they direct you to get in a reply for us, then I can forward it to the creator of STOPDecrypter:https://kb.gt500.org/stopdecrypter Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 @Yassine, @Luwie, @Rizkifebian, @Din please note that your ID's (PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1) is an offline ID, and support for it was added to STOPDecrypter this afternoon. Simply download STOPDecrypter again and run it, and then new version should be able to decrypt your files:https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip 1 Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 17 hours ago, Sg123 said: [!] No keys were found for the following IDs: [*] ID: Ys6AMqyvxA6taF8tEp1OOr9eH3ZmFTXvTorRSCjp (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 50:9A:4C:BF:80:1C, AC:ED:5C:A7:94:C4, AE:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C7 This info has also been logged to STOPDecrypter-log.txtPlease help me. These are the ID and MAC addresses. My really important files got encrypted. Thank you so much. I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 15 hours ago, kiki said: +] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] MACs: 18:5E:0F:A2:DA:3D, 1A:5E:0F:A2:DA:3C, 18:5E:0F:A2:DA:3C This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 9 hours ago, JGEthan said: [!] No keys were found for the following IDs: [*] ID: D6PgCK0v8J5ppCODraPkuA10EOifMVs2Y0uVf200 (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: C8:9C:DC:B4:9A:FB, 20:E2:17:05:5B:BE, 20:E2:17:05:5B:BF, 20:E2:17:05:5B:BC This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 3 hours ago, Abichandra said: there’s a warning about ‘Alphaleonis.Win32.Filesystem.NativeMethods’ threw an exception. What's giving you this warning? Your Anti-Virus software? Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted June 13 FYI: I recommend running a scan with Emsisoft Emergency Kit to make sure that there are no leftovers from the STOP/Djvu ransomware on your computer, otherwise any decrypted files will simply be encrypted again:https://www.emsisoft.com/en/home/emergencykit/ Quote Share this post Link to post Share on other sites
Mostafa Sayed 0 Report post Posted June 14 Hello can you help me ? I have been exposed to this injury Windows was reinstalled and the virus was deleted but the files are still encrypted [+] File:designer.jpg.gerosan [-] No key for ID: BKVV8ha08vR69G3Q56QeBziitayvnpRTuVH6MRaO (.gerosan ) Thank You , Quote Share this post Link to post Share on other sites
EricN 0 Report post Posted June 14 Please Help Me... [+] Loaded 43 offline keys Please archive the following info in case of future decryption: [*] ID: 4HPyKBFsnsZT5KqtZV4L5VkeBtOK4qQ9lrdK6BAt [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 98:28:A6:21:A5:DC, 32:D1:6B:DE:FA:9F, 42:D1:6B:DE:FA:9F, 30:D1:6B:DE:FA:9F This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
Rizkifebian 2 Report post Posted June 14 2 hours ago, GT500 said: @Yassine, @Luwie, @Rizkifebian, @Din please note that your ID's (PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1) is an offline ID, and support for it was added to STOPDecrypter this afternoon. Simply download STOPDecrypter again and run it, and then new version should be able to decrypt your files:https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip THANK U VERY MUCH...ALL THE DATA HAS BACK NOW 😍 1 Quote Share this post Link to post Share on other sites
JGEthan 0 Report post Posted June 14 2 hours ago, GT500 said: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Thanks Buddy I really need my Data back .. Its V.imp and there is no backup thats why Quote Share this post Link to post Share on other sites
JGEthan 0 Report post Posted June 14 5 minutes ago, Rizkifebian said: THANK U VERY MUCH...ALL THE DATA HAS BACK NOW 😍 How much size of ur data infected? Good U have all Back now Quote Share this post Link to post Share on other sites
Rizkifebian 2 Report post Posted June 14 22 minutes ago, JGEthan said: How much size of ur data infected? Good U have all Back now almost 20GB 1 Quote Share this post Link to post Share on other sites
EricN 0 Report post Posted June 14 @GT500 this my result... please help me... i really need the file... Please Help Me... [+] Loaded 43 offline keys Please archive the following info in case of future decryption: [*] ID: 4HPyKBFsnsZT5KqtZV4L5VkeBtOK4qQ9lrdK6BAt [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 98:28:A6:21:A5:DC, 32:D1:6B:DE:FA:9F, 42:D1:6B:DE:FA:9F, 30:D1:6B:DE:FA:9F This info has also been logged to STOPDecrypter-log.txt Addition.txt FRST.txt Quote Share this post Link to post Share on other sites
Abichandra 1 Report post Posted June 14 4 hours ago, GT500 said: What's giving you this warning? Your Anti-Virus software? The STOPDecrypter gave me this warning, but I've managed to solve this. It's because I need to update my Net Framework. And now the STOPDecrypter gave me this [+] Loaded 43 offline keys Please archive the following info in case of future decryption: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] ID: HgUNhAuveBRDLf4pEKIYrn6MGAEdovUjLQ4RNz9Z [*] MACs: 00:FF:15:DB:D5:11, 50:B7:C3:BB:37:96, 50:B7:C3:BB:37:95, 50:B7:C3:82:92:98 This info has also been logged to STOPDecrypter-log.txt and this Decrypted 0 files! Skipped 138 files. [!] No keys were found for the following IDs: [*] ID: HgUNhAuveBRDLf4pEKIYrn6MGAEdovUjLQ4RNz9Z (.gerosan ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:FF:15:DB:D5:11, 50:B7:C3:BB:37:96, 50:B7:C3:BB:37:95, 50:B7:C3:82:92:98 This info has also been logged to STOPDecrypter-log.txt Please help, thank you Quote Share this post Link to post Share on other sites
