THG

Decrytion File Gerosan

Recommended Posts

Hello

I need help. My PC was infected by gerosan and I need my database back.

Here the txt.

Your personal ID:
101nHfssdMnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK

Share this post


Link to post
Share on other sites

If STOPDecrypter can't recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter 

Share this post


Link to post
Share on other sites

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Share this post


Link to post
Share on other sites

Hello guys

My files are encrypted, and I really need my data base, but when I run stop decrypter I got this message.

[+] Loaded 44 offline keys
Please archive the following info in case of future decryption:
[*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK
[*] MACs: 00:40:A7:27:6B:AD
This info has also been logged to STOPDecrypter-log.txt
Selected directory: C:\Users\Thays\Documents
Starting decryption...

[+] File: C:\Users\Thays\Documents\SISGER.FDB.gerosan
[-] No key for ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan )
[-] Fatal Error: (5) Acesso negado: [C:\Users\Thays\Documents\Meus Vídeos]
[-] Aborting

Decrypted 0 files!
Skipped 1 files.

[!] No keys were found for the following IDs:
[*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:40:A7:27:6B:AD
This info has also been logged to STOPDecrypter-log.txt
 

Can someone help me. I dont't care my other files, but I really need this one.

Share this post


Link to post
Share on other sites
10 hours ago, THG said:

[!] No keys were found for the following IDs:
[*] ID: Mnzu5JDUeJIYz2PeJ4U98MWbvy9facb1VuzehJAK (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:40:A7:27:6B:AD
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

 

10 hours ago, THG said:

My files are encrypted, and I really need my data base, but when I run stop decrypter I got this message.

STOPDecrypter won't be able to decrypt your files yet. Please note that it will take some time to figure out that decryption key for you.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.