João Victor 0 Report post Posted June 22, 2019 Hello, recently more precisely on the 20/06/2019 my notebook was infected with the virus .Neras I do not know what to do, I already managed to remove the virus but I need to decrypt the files, does anyone help me out? Quote Share this post Link to post Share on other sites
GT500 810 Report post Posted June 22, 2019 That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to:https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Quote Share this post Link to post Share on other sites
Amigo-A 132 Report post Posted June 23, 2019 Quote extension .neras Michael updated STOPDecrypter v2.1.0.13 with the OFFLINE key for .neras.OFFLINE ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Quote Share this post Link to post Share on other sites
Yuri 0 Report post Posted June 23, 2019 [+] Loaded 46 offline keys Please archive the following info in case of future decryption: [*] ID: yOKj7Yiy7zHqLNoay4dKKiXUvAs2CZxQlXVXfKkk [*] ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 [*] MACs: A8:1E:84:52:11:BB, 3E:A0:67:7C:50:75, 4E:A0:67:7C:50:75, 3C:A0:67:7C:50:75, 3C:A0:67:7C:50:76 This info has also been logged to STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 810 Report post Posted June 25, 2019 On 6/23/2019 at 12:10 PM, Yuri said: [+] Loaded 46 offline keys Please archive the following info in case of future decryption: [*] ID: yOKj7Yiy7zHqLNoay4dKKiXUvAs2CZxQlXVXfKkk [*] ID: fl1QN31tuQBZKd6Q43Bemee0EycF0HBYEjwpQTt1 [*] MACs: A8:1E:84:52:11:BB, 3E:A0:67:7C:50:75, 4E:A0:67:7C:50:75, 3C:A0:67:7C:50:75, 3C:A0:67:7C:50:76 This info has also been logged to STOPDecrypter-log.txt I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you. Quote Share this post Link to post Share on other sites
GT500 810 Report post Posted October 19, 2019 We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Quote Share this post Link to post Share on other sites
