SniperSpider 0 Report post Posted November 1 My files have being infected by NAKW virus. currently i have 2 drives C and D and from what i was able to see the C drive is safe but a lot of the data in D drive has been encrypted. i decided to download the decryptor application from emsisoft and decided to run it for the whole night but when i check the next day all of the files were having this error"Error: The remote name could not be resolved: 'decrypter.emsisoft.com'"and"Error: Access to the path 'C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\BD8225BB-0000-0000-0000-30F974000000-0.bin' is denied.". my personal id doesnt end with ti it ends with an car.jpg.nakw Quote Share this post Link to post Share on other sites
SniperSpider 0 Report post Posted November 1 another question while browsing through how to get rid of nakw and restore my files someone said that u should system restore to a date before the infection i guess i have a good idea when my pc got infected so is that a good option or will my files still be encrypted Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted November 1 Hello Attach also 2-3 encrypted files and the ransom note to your message. --- Very often, shadow copies of files and recovery points are deleted or may be infected. Quote Share this post Link to post Share on other sites
SniperSpider 0 Report post Posted November 1 here are some encrypted files. one more thing i noticed in d drive i have 6 folders. one is about old pc data one is for my games and rest is for each of my family member. other than games one all other folders in d drive got encrypted(even the games in my folder but nothing in the game folder was touched) car.jpg.nakw _readme.txt pics.jpg.nakw abc.html.nakw Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 2 This is a newer variant of STOP/Djvu. Since you have an online ID, it won't be possible to recover your files at this time. We recommend making a backup of any encrypted files, as there is a possibility that law enforcement may catch the criminals at some point in the future and release their database of keys for use in a decrypter. You can see more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Share this post Link to post Share on other sites
SniperSpider 0 Report post Posted November 4 earlier i decided to go to the https://wetransfer.com/downloads/397a45aada35a4ddad80d26bf035440320191029100751/3859e1 (the one given in the ransom note stating that it was a vid of decrytor tool overview) and it said files deleted in 5 days. i didnt look much into it thinking that it was just a scare tactic and now it says 19 hours. so i guess it means that in 19 hours all the encrypted files are going to be deleted so any suggestions or should i just wait for them to be deleted. luckily all the important files were backed up just some random stuff wasnt backed up. Quote Share this post Link to post Share on other sites
Amigo-A 43 Report post Posted November 4 Now the situation is different with the new STOP Ransomware variants: .gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec, Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files. To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world. Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 5 16 hours ago, SniperSpider said: so i guess it means that in 19 hours all the encrypted files are going to be deleted I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files. If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:https://www.emsisoft.com/en/home/emergencykit/ Quote Share this post Link to post Share on other sites
SniperSpider 0 Report post Posted November 6 On 11/5/2019 at 12:37 PM, GT500 said: I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files. If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it:https://www.emsisoft.com/en/home/emergencykit/ sorry for wrong info i read that wrong. by 5 days and 19 hours they meant the video and not my files Quote Share this post Link to post Share on other sites
GT500 593 Report post Posted November 7 Oh, you mean the file on WeTransfer. It's normal for WeTransfer to delete files after a few days. Their service is intended for one-time file sharing, and they don't keep shared files for more than a week (at least not for free). If it is a video showing their decrypter working, then its intention is to reassure you that paying the ransom will get your files back. The reality is that even if they send you video "proof", they don't actually have to send you a working decrypter. Granted I would believe the decrypter they send victims does usually work OK, and even if it doesn't then as long as they sent you the correct private key then we can add it to our database for our decrypter. Regardless, we don't recommend paying them money, or even contacting them yourself. Quote Share this post Link to post Share on other sites
