MadHawk 0 Report post Posted July 3 Hi, Its been 2 months. What are the updates of the .gerosan decryption ransomware? [+] Loaded 50 offline keys Please archive the following info in case of future decryption: [*] ID: JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 00:E0:4C:1C:17:29 This info has also been logged to STOPDecrypter-log.txt FRST.txt Addition.txt Quote Share this post Link to post Share on other sites
GT500 573 Report post Posted July 4 19 hours ago, MadHawk said: Its been 2 months. What are the updates of the .gerosan decryption ransomware? There are no updates. This is a process that won't be quick. All we can say is please be patient, and that this is still being worked on. Quote Share this post Link to post Share on other sites
Amigo-A 27 Report post Posted July 4 @MadHawk I looked at the attached logs. You need to clear browsers - reset the default settings. This function is in them. Undesirable add dubious plug-ins to browsers, they can monitor the entered information and make your PC more vulnerable under attack. The set of programs you use says that your PC is vulnerable to such attacks. If you want to continue to use these programs, you need to better protect your PC. Also need check PC with Emsisoft Emergency Kit to exclude re-encryption: http://www.emsisoft.com/en/software/eek/ Quote Share this post Link to post Share on other sites
GT500 573 Report post Posted July 4 13 hours ago, Amigo-A said: You need to clear browsers - reset the default settings. Resetting Google Chrome to default settings:https://support.google.com/chrome/answer/3296214 Resetting Firefox to default settings:https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them. Quote Share this post Link to post Share on other sites
Amigo-A 27 Report post Posted July 5 @MadHawk On 7/3/2019 at 12:41 PM, MadHawk said: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 00:E0:4C:1C:17:29 I did not see your message after updating STOPDecrypter on June 13, 2019. Have you decrypt your files with this ID? Quote Share this post Link to post Share on other sites
MadHawk 0 Report post Posted July 5 2 hours ago, Amigo-A said: @MadHawk I did not see your message after updating STOPDecrypter on June 13, 2019. Have you decrypt your files with this ID? I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. Quote Share this post Link to post Share on other sites
MadHawk 0 Report post Posted July 5 9 hours ago, GT500 said: Resetting Google Chrome to default settings:https://support.google.com/chrome/answer/3296214 Resetting Firefox to default settings:https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings Note: Doing this should delete all of your extensions. However, from what I saw in your FRST log, this will be a good thing. Keep in mind that you should only install extensions that you really need. A lot of extensions aren't safe, and neither Google nor Mozilla have the manpower to properly check all of them. Your basic adblock/content blocker extensions are OK (uBlock Origin, Adguard, Adblock Plus, and Adblock), however keep in mind that you only want one of them. I deleted most extensions and now only have adblock and grammarly. Quote Share this post Link to post Share on other sites
Amigo-A 27 Report post Posted July 5 8 hours ago, MadHawk said: Decrypted a few files but few were left as is. You need to restart the STOPDecryptor and copy the information from it. Something left overs. Quote Share this post Link to post Share on other sites
GT500 573 Report post Posted July 6 20 hours ago, MadHawk said: I tried using latest STOP decryptor yesterday and it gave same results. Decrypted a few files but few were left as is. Did it leave a log? It's possible that there's more than one ID in it. Quote Share this post Link to post Share on other sites
MadHawk 0 Report post Posted July 6 1 hour ago, GT500 said: Did it leave a log? It's possible that there's more than one ID in it. Yes. Here you go!STOPDecrypter-log.txt Quote Share this post Link to post Share on other sites
GT500 573 Report post Posted July 9 On 7/6/2019 at 3:15 AM, MadHawk said: Yes. Here you go!STOPDecrypter-log.txt OK, this is your ID:JVA5cC4uyeRWfgWlNCYNWypgIU9MQA2IvURCi81p This is not an offline ID, and thus STOPDecrypter will not be able to decrypt your files unless a decryption key is manually entered. Right now we're helping the creator of STOPDecrypter archive the ID's and MAC addresses supplied by victims in case he can figure out decryption keys for them, so I'm going to go ahead and send your information to him. The best thing you can do right now is wait. Give us time, and we'll do what we can to help you recover your files. Quote Share this post Link to post Share on other sites
