romario roges 0 Posted August 22, 2019 Report Share Posted August 22, 2019 sorry to disturb, but I need help to decry-pt my archives. "Do you really want to restore your files? Write to email [email protected] or [email protected]" .ADAME is the ransomware .. i need help, guys. I have very important photographs and i cannot lose them. it is a SCARAB TYPE. ALL YOUR FILES ARE ENCRYPTED.txt l28Ovwatc4cIeo7GOXmxj+uK7BxE=FvdR7HY6ekHWJMEx0nTmkN9oan3jb9fw51zgjLIFT9hEosw4GJoddQCbqv2qFX82=Hp7mRXjT=GsbBnlfYsfzLaWXMlyeuGyns3uJxXPWd3VZVLuE=s.Adame Quote Link to post Share on other sites
GT500 854 Posted August 23, 2019 Report Share Posted August 23, 2019 I would believe that the post by "quietman7" at the following link details the only currently known options for this ransomware:https://www.bleepingcomputer.com/forums/t/651855/scarab-mich78-ransomware-scarab-scorpio-mich78usacom-support-topic/page-42#entry4854076 Quote Link to post Share on other sites
Amigo-A 136 Posted August 23, 2019 Report Share Posted August 23, 2019 Yes. This is new variant of Scarab Ransomware There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.https://support.drweb.com/process/?ticket=NPPH-TU22 Even if there is a sample, it is very difficult to calculate the decryption key now. 1 Quote Link to post Share on other sites
romario roges 0 Posted August 23, 2019 Author Report Share Posted August 23, 2019 8 hours ago, Amigo-A said: Yes. This is new variant of Scarab Ransomware There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.https://support.drweb.com/process/?ticket=NPPH-TU22 Even if there is a sample, it is very difficult to calculate the decryption key now. thank you so much. okay, man. I understand that in the moment, this .adame doesn't have a decryption yet. I have to wait. Quote Link to post Share on other sites
romario roges 0 Posted August 23, 2019 Author Report Share Posted August 23, 2019 10 hours ago, Amigo-A said: Yes. This is new variant of Scarab Ransomware There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file.https://support.drweb.com/process/?ticket=NPPH-TU22 Even if there is a sample, it is very difficult to calculate the decryption key now. if you want, i cant send you screens of how i got this. do you want? I can show you the "Crack" I was trying to use to register the office i had downloaded by torrent. Quote Link to post Share on other sites
Amigo-A 136 Posted August 23, 2019 Report Share Posted August 23, 2019 @romario roges Quote Please, make the registry export HKEY_USERS\ for analyse your problem. Run regedit.exe then find HKEY_USERS\ right click "export". Attach export file to this ticket. This request of specialists from DrWeb. It may be useful to decryption specialists. Put the "crack" file in the archive with the password "infected" and upload it to www.sendspace.com. Later give me a link for download the "crack" file and the exported from registry file to the PM. Quote Link to post Share on other sites
romario roges 0 Posted August 25, 2019 Author Report Share Posted August 25, 2019 On 8/23/2019 at 3:05 PM, Amigo-A said: PM what is this? kkk On 8/23/2019 at 3:05 PM, Amigo-A said: @romario roges This request of specialists from DrWeb. It may be useful to decryption specialists. Put the "crack" file in the archive with the password "infected" and upload it to www.sendspace.com. Later give me a link for download the "crack" file and the exported from registry file to the PM. https://www.sendspace.com/file/9fjoyn PROFESSOR, I THINK i've got the ransom from this keygen. I was trying to crack the office so, i only clicked in the office option and tried to crack it. i cant upload my regedit. it gives me an error. "-200" Quote Link to post Share on other sites
Amigo-A 136 Posted August 25, 2019 Report Share Posted August 25, 2019 2 hours ago, romario roges said: i cant upload my regedit. it gives me an error. "-200" The file must be archived and as the zip-file attached to message or upload to www.sendspace.com. --- PM - this is Personal Message Quote Link to post Share on other sites
Amigo-A 136 Posted August 25, 2019 Report Share Posted August 25, 2019 2 hours ago, romario roges said: PROFESSOR, Quote Link to post Share on other sites
Amigo-A 136 Posted August 25, 2019 Report Share Posted August 25, 2019 2 hours ago, romario roges said: I THINK i've got the ransom from this keygen. I downloaded this archive. You can remove it from the site 'sendspace' , if you saved a link to manage the file, or it will be deleted automatically after a while. Quote Link to post Share on other sites
Amigo-A 136 Posted August 25, 2019 Report Share Posted August 25, 2019 2 hours ago, romario roges said: i've got the ransom from this keygen. Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offerhttps://sharewareonsale.com/ - daily discounts, excluding 100% Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Officehttps://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux. Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs. 1 Quote Link to post Share on other sites
romario roges 0 Posted August 25, 2019 Author Report Share Posted August 25, 2019 12 hours ago, Amigo-A said: Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offerhttps://sharewareonsale.com/ - daily discounts, excluding 100% Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Officehttps://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux. Download ImageDownload Image Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs. thank you so much for the recommendations. https://www.sendspace.com/file/smsvl2 my HKEY_USERS Quote Link to post Share on other sites
Amigo-A 136 Posted August 26, 2019 Report Share Posted August 26, 2019 Ok, I sent the registry file and your the archive. Quote Link to post Share on other sites
GT500 854 Posted August 27, 2019 Report Share Posted August 27, 2019 On 8/25/2019 at 4:15 AM, Amigo-A said: Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Office There's also LibreOffice, which was based on OpenOffice.org:https://www.libreoffice.org/ Quote Link to post Share on other sites
Amigo-A 136 Posted August 27, 2019 Report Share Posted August 27, 2019 Hello @romario roges The files were analyzed and an answer came about the impossibility of decrypting the files at this point in time. Link to this informationhttps://support.drweb.com/process/?ticket=ZTD7-7Y9D Quote Hello. A case of Trojan.Encoder.18000v2 Decryption is not feasible. We are unable to decrypt files enciphered by this malware. I knew this result, but I was hoping that something had changed since the moment when a new version of this ransomware appeared 1 year ago. Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances. Quote Link to post Share on other sites
romario roges 0 Posted August 28, 2019 Author Report Share Posted August 28, 2019 21 hours ago, Amigo-A said: Hello @romario roges The files were analyzed and an answer came about the impossibility of decrypting the files at this point in time. Link to this informationhttps://support.drweb.com/process/?ticket=ZTD7-7Y9D I knew this result, but I was hoping that something had changed since the moment when a new version of this ransomware appeared 1 year ago. Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances. thank you, man. thank you for the attention and everything. Quote Link to post Share on other sites
romario roges 0 Posted August 28, 2019 Author Report Share Posted August 28, 2019 On 8/27/2019 at 12:39 AM, GT500 said: There's also LibreOffice, which was based on OpenOffice.org:https://www.libreoffice.org/ thank you so much .. Quote Link to post Share on other sites
GT500 854 Posted August 29, 2019 Report Share Posted August 29, 2019 You're welcome. Quote Link to post Share on other sites
cosmos74 0 Posted September 1, 2019 Report Share Posted September 1, 2019 Quote hello, my pc is infected by adame virus (or phobos). there is a manner to decrypt all the infected files. thank you in advance info.hta info.txt Quote Link to post Share on other sites
Amigo-A 136 Posted September 1, 2019 Report Share Posted September 1, 2019 Hello @cosmos74 Attach 2 encrypted files to your message. Quote Link to post Share on other sites
cosmos74 0 Posted September 2, 2019 Report Share Posted September 2, 2019 hello Amigo-A, These are two encrypted files. 19C1255008.pdf.id[961C02D8-2275].[[email protected]].Adame ROSE MERCATO A1 CON SCAMBI.xls.id[961C02D8-2275].[[email protected]].Adame Quote Link to post Share on other sites
Amigo-A 136 Posted September 2, 2019 Report Share Posted September 2, 2019 Quote .id[961C02D8-2275].[[email protected]].Adame This is format of extension which is used Phobos Ransomware At the beginning of the topic was Scarab Ransomware, which from that day began to use the extension .Adame. To our regret, there are no free decryption methods for Phobos, and only ransomware has a paid decryptor. Quote Link to post Share on other sites
cosmos74 0 Posted September 2, 2019 Report Share Posted September 2, 2019 hello, how much cost the ransomware decryptor tool ? Quote Link to post Share on other sites
Amigo-A 136 Posted September 2, 2019 Report Share Posted September 2, 2019 I could not know that. In the notes there are contacts for communication: 1. Jabber contact - [email protected] 2. Bitmessage contact address - BM-2cVoXfF2BdYyfxBrady3hopZN6izutPyEr Also read here:https://www.emsisoft.com/ransomware-decryption-tools/ Quote Link to post Share on other sites
GT500 854 Posted September 3, 2019 Report Share Posted September 3, 2019 22 hours ago, cosmos74 said: hello, how much cost the ransomware decryptor tool ? I recommend contacting a company like Coveware which has experience negotiating with such criminals. They may be able to help negotiate a lower price for you if you decide you do need to pay, and it's also safer to have a third-party contact criminals like this for you rather than doing so yourself. Quote Link to post Share on other sites
jilsk8 0 Posted October 1, 2019 Report Share Posted October 1, 2019 Hello everyone ! I was infected by Adame yesterday ([email protected]) when i saw that some extension 's files was changing i turned off my computer then i turned it on again and gone to the task manager and found 2 stranges processes (i forgot the name) i turn them off and i saw that there was one of my hdd was not infected. I never saw a wallpaper with a message who advert about the ransom. So i concluded that the infection process was interrupted. i tried restoration point from window but it doesn t work so i format system hdd and install a "new" window 10. (maybe i should let the system hdd as it was ... ? ) Amigo-A said (in this discussion) : Paradox: If encryption was be interrupted by an abnormal shutdown of the PC (reset), then there would be more chances What are those chances ? I have some files in two version : one, not infected from an external backup and the same infected. Is it better to increase decryption process ? Is there some tool i could use ? Thanks for all of your advices ! Quote Link to post Share on other sites
Amigo-A 136 Posted October 1, 2019 Report Share Posted October 1, 2019 This is format of extension which is used Phobos Ransomware At the beginning of the topic was Scarab Ransomware, which from that day began to use the extension .Adame. To our regret, there are no free decryption methods for Phobos, and only ransomware has a paid decryptor. 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.