Recommended Posts

Please archive the following info in case of future decryption:
[*] ID: 0ryQHV5U2tFCCjQsJG79LlChV9SyfLIPJLCCr9pb
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 58:00:E3:73:70:BF, 58:00:E3:73:70:BF, C8:D3:FF:F4:A2:6A, 58:00:E3:73:70:C0
This info has also been logged to STOPDecrypter-log.txt
 

Share this post


Link to post
Share on other sites
10 hours ago, swarup anand said:

Please archive the following info in case of future decryption:
[*] ID: 0ryQHV5U2tFCCjQsJG79LlChV9SyfLIPJLCCr9pb
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 58:00:E3:73:70:BF, 58:00:E3:73:70:BF, C8:D3:FF:F4:A2:6A, 58:00:E3:73:70:C0
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post


Link to post
Share on other sites
On 6/15/2019 at 4:25 AM, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

pls help me.....

 

Share this post


Link to post
Share on other sites
On 6/15/2019 at 4:25 AM, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

 

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hello @swarup anand

GT500 will answer you later. Let's put some order in the anti-virus protection of your PC by looking at the logs you provided. 

Quote

Quick Heal Total Security
Malwarebytes Anti-Malware
EnigmaSoft SpyHunter
GridinSoft Anti-Malware
ESET Online Scanner
AVAST Software modules

How does all this live in your computer?

Uninstall SpyHunter first. Then restart the PC, even if there is no such request from this program.
Uninstall ESET Online Scanner. This is a quick scan tool and it will not protect your PC from threats.
Uninstall AVAST Software modules or using an official tool 'avastclear'. Perhaps they are left from the previous installation.

https://www.avast.com/uninstall-utility
---
Why is Quick Heal Total Security inactive? Is the license expired or have you disabled it yourself?
If over, then uninstall. If turned off and forgot, turn it on after you finish cleaning.
---

Quote

Malwarebytes Anti-Malware
GridinSoft Anti-Malware

I recommend choosing something that previously protected your PC better, and another to uninstall.
Antivirus protection must be active, actual and complex (antivirus, firewall, other security features).
If the licenses has expired and you do not plan to renew - immediately uninstall.

---

If nothing is left and all inactive antiviruses are removed, then you can download and install Emsisoft Anti-malware (30 days free) after restarting the PC.

---

Try not to use free antivirus software, because their security capabilities are very limited. It is better, safer and smarter to use a paid comprehensive antivirus product. It has more functionality and is able to protect your PC and your online privacy. The choice is yours.

Share this post


Link to post
Share on other sites
On 6/16/2019 at 8:10 AM, swarup anand said:

Please download the following fixlist.txt file and save it to the Desktop:

https://www.gt500.org/emsisoft/fixlist/swarup_anand/2019-06June-17/fixlist.txt

NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop.

  1. Run the FRST download from earlier, and press the Fix button just once and wait.
  2. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do.
  3. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.

Share this post


Link to post
Share on other sites

hola buenos dias...  gracias por compartir su experiencia y sobre todo gracias por ayudar... al igual que a los demas me paso (mi computador esta contagiado con .GEROSAN)....  LO FORMATIE  vasrias veces, le cambie de sitemas operativo y NADA, las particiones CON MIS ARCHIVOS siguen igual de contagiadas...  ME URGEN recuperar los archivos en eespecial uno ( mi tesis de grado) ya que estaba a punto der terminarla y necesito recuperarla urgente ya que estoy a pocos dias de presentarr proyecto y defenderla... por favor ayudenme no quiero perder la oportunidad de presentar mi tesis, eso aplazaria  mi graduacion... por favor ayudemen....  tengo 2 disco duros, uno de 500 gb donde esta el sistemas operativo y otro de 2tb que es el que tengo mis archivos (ya el de 500gb los formatie, le cambie el sistemas operatio de w7 a w10 y nada89 por favor ayudenme... anexo el scan que mas me importa (donde esta mi proyecto de grado) antemano gracias, disculpme la molestia... saludos desde venezuela....

 

Decrypted 118 files!
Skipped 11698 files.

[!] No keys were found for the following IDs:
[*] ID: 9BQtzbasZ8ti90rN2m4AeEaJQIz4dDCE7ykvUI4l (.gerosan )
[*] ID: GXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI (.gerosan )
[*] ID: 9BQtzbasZ8ti90rN2m4AeEaJQIz4dDCE7ykvUI4l (.JPG )

Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:25:11:CF:C3:15
This info has also been logged to STOPDecrypter-log.txt


 mi correo es: <censored>

ayudenme: tengo 3 dias que casi no duermo pensando en esto

Addition.txt FRST.txt Shortcut.txt

Edited by GT500
Removed e-mail address.

Share this post


Link to post
Share on other sites

Harap arsipkan info berikut untuk dekripsi berikutnya:
[*] ID: CxIECe1RtFqmPnEwUxOCnmMyzyeZUc5CVuDJJSwS (.gerosan)
MAC: 5C: AC: 4C: 09: 10: 88, 5C: AC: 4C: 09: E: 0: BA: 0: BA: 0: BA :: 49
Info ini juga telah dimasukkan ke dalam STOPDecrypter-log.txt

cover.docx.goresan

Share this post


Link to post
Share on other sites
7 hours ago, swarup anand said:

OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects.

You can attach a copy of the scan report here for me to review. They are usually in the following location:

C:\EEK\Reports

 

Share this post


Link to post
Share on other sites
26 minutes ago, Kevin12 said:

Harap arsipkan info berikut untuk dekripsi berikutnya:
[*] ID: CxIECe1RtFqmPnEwUxOCnmMyzyeZUc5CVuDJJSwS (.gerosan)
MAC: 5C: AC: 4C: 09: 10: 88, 5C: AC: 4C: 09: E: 0: BA: 0: BA: 0: BA :: 49
Info ini juga telah dimasukkan ke dalam STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Share this post


Link to post
Share on other sites
1 hour ago, TecnoMania2020 said:

[!] No keys were found for the following IDs:
[*] ID: 9BQtzbasZ8ti90rN2m4AeEaJQIz4dDCE7ykvUI4l (.gerosan )
[*] ID: GXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI (.gerosan )
[*] ID: 9BQtzbasZ8ti90rN2m4AeEaJQIz4dDCE7ykvUI4l (.JPG )

Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:25:11:CF:C3:15
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

BTW: I removed your e-mail address. Posting it publicly only invites spam, scams, and the criminals who made the ransomware to contact you to let you know that they can decrypt your files (for a "small" fee of course).

Share this post


Link to post
Share on other sites
31 minutes ago, Kevin12 said:

Harap arsipkan info berikut untuk dekripsi berikutnya:
[*] ID: CxIECe1RtFqmPnEwUxOCnmMyzyeZUc5CVuDJJSwS (.gerosan)
MAC: 5C: AC: 4C: 09: 10: 88, 5C: AC: 4C: 09: E: 0: BA: 0: BA: 0: BA :: 49
Info ini juga telah dimasukkan ke dalam STOPDecrypter-log.txt

Now that I take a second look at this, something has messed up the log output from STOPDecrypter too badly for it to be useful. Could you try running STOPDecrypter again? It might also help if you attach STOPDecrypter's log to a reply (if you followed the instructions here then it will be in your Downloads folder in a folder named STOPDecrypter).

Share this post


Link to post
Share on other sites
On 6/19/2019 at 3:25 AM, GT500 said:

OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects.

You can attach a copy of the scan report here for me to review. They are usually in the following location:

C:\EEK\Reports

 

Dear i attached Report.but tell me are you decrypt may file....

.gerosan topic here.

scan_190622-082024.txt

Share this post


Link to post
Share on other sites
20 hours ago, swarup anand said:

scan_190622-082024.txt 944 B · 0 downloads

The scan appears to have detected nothing, which is good. Your computer is more than likely clean at this point. Be sure to change your passwords, as STOP/Djvu variants have been installing the Azorult trojan (which steals passwords) for the past few months now.

 

20 hours ago, swarup anand said:

Dear i attached Report.but tell me are you decrypt may file....

That should be possible, but it will take time.

Share this post


Link to post
Share on other sites
On 6/18/2019 at 4:53 AM, GT500 said:

Please download the following fixlist.txt file and save it to the Desktop:

https://www.gt500.org/emsisoft/fixlist/swarup_anand/2019-06June-17/fixlist.txt

NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop.

 

  1. Run the FRST download from earlier, and press the Fix button just once and wait.
  2. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do.
  3. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.

 

 

On 6/19/2019 at 3:25 AM, GT500 said:

OK, FRST reported that it was able to delete everything. Go ahead and run a scan with something like Emsisoft Emergency Kit, and be sure to Quarantine anything it detects.

You can attach a copy of the scan report here for me to review. They are usually in the following location:

C:\EEK\Reports

 

 

On 6/23/2019 at 5:21 AM, GT500 said:

The scan appears to have detected nothing, which is good. Your computer is more than likely clean at this point. Be sure to change your passwords, as STOP/Djvu variants have been installing the Azorult trojan (which steals passwords) for the past few months now.

 

That should be possible, but it will take time.

pls i am waiting.......what are the next step ...how to decrpt file .gerosan

Share this post


Link to post
Share on other sites
On 7/4/2019 at 11:31 PM, swarup anand said:

pls i am waiting.......what are the next step ...how to decrpt file .gerosan

We're not holding back information. Once the creator of STOPDecrypter is able to figure out your decryption key, then he will send it to you along with further instructions.

Share this post


Link to post
Share on other sites
11 hours ago, swarup anand said:

pls add this key ID: 0ryQHV5U2tFCCjQsJG79LlChV9SyfLIPJLCCr9pb

The creator of STOPDecrypter can't add an ID that he doesn't have the corresponding key for.

Share this post


Link to post
Share on other sites
On 7/21/2019 at 3:28 AM, swarup anand said:

ID: 0ryQHV5U2tFCCjQsJG79LlChV9SyfLIPJLCCr9pb
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1

 

PLS ADD THIS KEY ID

It's not possible to add support for an ID to the decrypter if no one has the key for it.

Share this post


Link to post
Share on other sites

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.