Recommended Posts

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  • Like 1

Share this post


Link to post
Share on other sites

Hi, got the kodc attack, I believe I got lucky and went with the offline key (found on PersonalId):

v06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

 

Here is the content of the _readme.txt:

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-Oc0xgfzC7q
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

Share this post


Link to post
Share on other sites
7 hours ago, ferko85 said:

Hi, got the kodc attack, I believe I got lucky and went with the offline key (found on PersonalId):

v06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, GT500 said:

Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.

Great! Thanks!

 

3 hours ago, Amigo-A said:

@ferko85

What day did the encryption happen?

Yesterday

Share this post


Link to post
Share on other sites

First you need scan PC to deactivate the malware end eliminate re-encryption processes.

  • Like 1

Share this post


Link to post
Share on other sites

@ferko85

Let’s deal with the active malware infection before attempting to recover your files.

Download to your Desktop:

 

NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive.

 

  • Run Farbar Recovery Scan Tool (FRST):
    • Double-click to run it. When the tool opens click Yes to the disclaimer.

 

NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings.

 

    • Press the Scan button.
    • Farbar Recovery Scan Tool will produce the following logs:
      • FRST.txt
      • Addition.txt
  • Like 2

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

First you need scan PC to deactivate the malware end eliminate re-encryption processes.

Yes, already did that, but I'll follow Kevin's steps too to make sure it's gone for good.

 

6 hours ago, Kevin Zoll said:

@ferko85

Let’s deal with the active malware infection before attempting to recover your files.

Download to your Desktop:

 

NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive.

 

  • Run Farbar Recovery Scan Tool (FRST):
    • Double-click to run it. When the tool opens click Yes to the disclaimer.

 

NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings.

 

    • Press the Scan button.
    • Farbar Recovery Scan Tool will produce the following logs:
      • FRST.txt
      • Addition.txt

Thanks, came out clean. I can upload the txt files if you need them

Share this post


Link to post
Share on other sites
6 hours ago, ferko85 said:

Thanks, came out clean. I can upload the txt files if you need them

FRST doesn't tell you if your computer is clean. It just saves logs that an expert can analyze, and then the expert will tell you if your computer is clean or write a script to remove any further threats.

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

FRST doesn't tell you if your computer is clean. It just saves logs that an expert can analyze, and then the expert will tell you if your computer is clean or write a script to remove any further threats.

 

Share this post


Link to post
Share on other sites
12 hours ago, ferko85 said:

I'll follow Kevin's steps too to make sure it's gone for good.

Yes. Wait his response and script to clear malware. 

Share this post


Link to post
Share on other sites
23 hours ago, Kevin Zoll said:

@ferko85

Let’s deal with the active malware infection before attempting to recover your files.

Download to your Desktop:

 

NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive.

 

  • Run Farbar Recovery Scan Tool (FRST):
    • Double-click to run it. When the tool opens click Yes to the disclaimer.

 

NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings.

 

    • Press the Scan button.
    • Farbar Recovery Scan Tool will produce the following logs:
      • FRST.txt
      • Addition.txt

Done! Can i send to you too? plz.

Share this post


Link to post
Share on other sites

for all

Quote

FRST.txt
Addition.txt

The instruction for everyone is general. Reports need to be attached to your new post. 

Kevin Zoll or GT500 will look at the reports and say what to do.

  • Like 1

Share this post


Link to post
Share on other sites
2 minutes ago, Amigo-A said:

for all

The instruction for everyone is general. 
Reports need to be attached to your new post. 

It's safe?

Share this post


Link to post
Share on other sites

Farbar Recovery Scan Tool is quite safe. He generates reports for specialists.

I can view them, but if be need a script to deactivate and remove malware, it is better to get it from specialists the support team.

  • Like 1

Share this post


Link to post
Share on other sites
13 hours ago, MrSalazar said:

It's safe?

Only authorized helpers can download and view the logs. They are in plain text format, and can't spread infections.

  • Like 1

Share this post


Link to post
Share on other sites
4 minutes ago, GT500 said:

Only authorized helpers can download and view the logs. They are in plain text format, and can't spread infections.

But I attached them to my topic. (Public Topic)

Share this post


Link to post
Share on other sites
7 minutes ago, MrSalazar said:

But I attached them to my topic. (Public Topic)

If the topic is in the "Help, my files are encrypted!" or the "Help, my PC is infected!" sections of the forums, then only authorized helpers can view or download file attachments in those sections (with the exception of images/pictures).

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.