Recommended Posts

Sir, I have infected by dotmap ransomware.All of my files are encrypted by dotmap format.I removed the ransomware but my files are still encrypted.How can i decrypt my files ? Please show me a way.I need Your favor highly. Please .If there is any software or tools for this please recommend me.

Share this post


Link to post
Share on other sites
On 6/12/2019 at 3:43 AM, GT500 said:

The creator of STOPDecrypter let me know that he's already archived your information a few weeks ago.

I know it's frustrating to have all of your files encrypted, however if you just give us some time we'll do our best to come up with a solution for you.

Hello Sir, My pc is also infected by this dotmap ransomware. Now I am free from the ransomware but my files are infected by dotmap format.There is any way to decrypt this? 
Everytime I try with stopderypter it says no files found. I think those are encrypted by online keys, i am not sure yet. When i launched stop decrypter it said it has founded  offline keys. 
Thats all I know about this. Please help me to recover my files ..Please Sir.

Share this post


Link to post
Share on other sites
Quote

extension .dotmap

This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017.
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected.

Demonslay335  (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.

A positive result and a lucky chance are not always possible.

Share this post


Link to post
Share on other sites

You say you removed the malicious program, but it can leave behind itself hidden copies that attack the PC in the same way.

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, that will encrypt any new files saved and will encrypt any files you manage to decrypt. 
We recommended to check PC before trying to decrypt the files and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious now on your computer/
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Please attach the log files FRST saves to a reply to this topic.

It is recommended to send the log files FRST as soon as possible. 

Share this post


Link to post
Share on other sites
11 minutes ago, Amigo-A said:

You say you removed the malicious program, but it can leave behind itself hidden copies that attack the PC in the same way.

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers, that will encrypt any new files saved and will encrypt any files you manage to decrypt. 
We recommended to check PC before trying to decrypt the files and make sure that no such components have been left behind, so following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious now on your computer/
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Please attach the log files FRST saves to a reply to this topic.

It is recommended to send the log files FRST as soon as possible. 

Ok Sir. I am doing the scanning. Within some moment i will give the feedback. Please stay with me.

 

Share this post


Link to post
Share on other sites

You will need the help of a support professional to clean your PC. I do not have the authority to cure PC. 

There are some malicious elements in the logs that can cause harm again.


There are also PUP and unwanted extensions in the browser Google Chrome. You can yourself reset the settings to default.

 

Share this post


Link to post
Share on other sites
8 hours ago, Shehan said:

Sir how can I recover my encrypted files? There is any way?

While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

Share this post


Link to post
Share on other sites
12 hours ago, Shehan said:

Here are the FRST result Sir.

Please download the following fixlist.txt file and save it to the Desktop:

https://www.gt500.org/emsisoft/fixlist/shehan/2019-06June-14/fixlist.txt

NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop.

  1. Run the FRST download from earlier, and press the Fix button just once and wait.
  2. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do.
  3. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.