Tekendra

.kodc decryption : help

By Tekendra, in Help, my files are encrypted!

Recommended Posts

GT500    654

GT500
Posted

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post

Link to post
Share on other sites

GT500    654

GT500
Posted
1 hour ago, ostrick5465 said:
Quote

Your personal ID:
0198nTsddKHLQ36C96dsoqr6abmwWX1HNK93TCkLtlKlQaUCQ

Is my key a online key? Who can help me :(

That's an online ID.

Share this post

Link to post
Share on other sites

mado    1

mado
Posted

0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

 

that is my ID  got kodc extension ransomware vrius is offline key ?

in case yes  i run the emisoft decryptor it did not works please is there any solution ?

  • Like 1

Share this post

Link to post
Share on other sites

Amigo-A    63

Amigo-A
Posted
3 hours ago, mado said:

0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

Hello @mado

with t1 - offline iD

But so that you can decrypt your files, developers need to add support for the variant with the .kodc extension to the Emsisoft Decryptor.

While this is the latest version of STOP Ransomware and there is no data that can be added for decryption. You need to wait until this is done.

First you need scan PC to deactivate the malware end eliminate re-encryption processes. We saw active malware processes in PCs other affected users that encrypted new files in real time after the encryption is already done. This is much worse than the first, because new encryption may begin to use the online key.

  • Like 1

Share this post

Link to post
Share on other sites

mado    1

mado
Posted

thank you so much i ran the antimalware deleted the malicious virus  and made a reset to pc  is this enough ?

Share this post

Link to post
Share on other sites

Amigo-A    63

Amigo-A
Posted
19 minutes ago, mado said:

a reset to pc  is this enough ?

It is difficult to say how much your PC and files were damaged and how the PC was reset. Sometimes a rollback may not fix the situation.
It will be better if you do as recommended in the message — with Farbar Recovery Scan Tool

 

Share this post

Link to post
Share on other sites

MrSalazar    2

MrSalazar
Posted
2 hours ago, Amigo-A said:

Hello @mado

with t1 - offline iD

But so that you can decrypt your files, developers need to add support for the variant with the .kodc extension to the Emsisoft Decryptor.

While this is the latest version of STOP Ransomware and there is no data that can be added for decryption. You need to wait until this is done.

First you need scan PC to deactivate the malware end eliminate re-encryption processes. We saw active malware processes in PCs other affected users that encrypted new files in real time after the encryption is already done. This is much worse than the first, because new encryption may begin to use the online key.

Yeah, This's my ID too. I need to wait for updates?!

I ran the decryptor uninternet-free, because I'm afraid to call again, but I read on a website that the program needs internet.

Share this post

Link to post
Share on other sites

Amigo-A    63

Amigo-A
Posted

@MrSalazar

Theoretically, your cases may be identical, but practically computers are different and need to study each in detail.

 

  • Like 1

Share this post

Link to post
Share on other sites

MrSalazar    2

MrSalazar
Posted
16 minutes ago, MrSalazar said:

I ran a program on my computer and suddenly programs started to be installed on my system, and the memory started to get full and everything got slow, so I disconnected the internet and stopped, then I used SpyHunter 4 and did a cleanup (77 threats) and then how much of the internet i turned on the problem again the problem had not solved and started all over again, so I turned off the internet again, but this time Ransom had already installed itself and then everything got the extension .KODC, and after that I scanted with AdwCleaner; Avira and WinDefender.

I tried using decrypter here from the site, but instead of scanning the folder I selected it started scanningall, and gave error in 9 8% of the files scanned until I abort. Then I read in a post that needs to be connected to the internet, but I'm afraid to connect again and happen all over again.


PS: I cleaned the Win Scheduler; I used the Disk Cleaning toolto clean up some temporary files.

Config:

Win 10

x64

Addition.txt 46.33 kB · 1 download FRST.txt 136.24 kB · 1 download

Can you analyze my post, plz.

15 minutes ago, Amigo-A said:

@MrSalazar

Theoretically, your cases may be identical, but practically computers are different and need to study each in detail.

 

i'm downloading NET framework 4.8 now.

Share this post

Link to post
Share on other sites

Amigo-A    63

Amigo-A
Posted

You have created a new topic, it is better to stick to it so that help is individual.

  • Sad 1

Share this post

Link to post
Share on other sites

FlakaShlaka    0

FlakaShlaka
Posted

Hello ,

 

I have same problem with KODC files that were encrypted , that happend earlier today.

I'm not following what should i do - should i open a new topic here and attach my files from the  Farbar Recovery Scan Tool ? 

I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help,

I would be glad if you can maybe share instructions on how you can help me de-encrypt them ?

 

Thanks

 

Share this post

Link to post
Share on other sites

MrSalazar    2

MrSalazar
Posted
8 minutes ago, FlakaShlaka said:

Hello ,

 

I have same problem with KODC files that were encrypted , that happend earlier today.

I'm not following what should i do - should i open a new topic here and attach my files from the  Farbar Recovery Scan Tool ? 

I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help,

I would be glad if you can maybe share instructions on how you can help me de-encrypt them ?

 

Thanks

 

First activates 2-step verification on all your possible accounts, then searches for your virus's Personal ID" (_readme.txt), if you end up with t1 has offline key and is easier to solve.I'm on guard now to see if it's possible to decrypt my files.

PS: I've learned that by researching since yesterdayI've learned that by researching since yesterday.

Share this post

Link to post
Share on other sites

FlakaShlaka    0

FlakaShlaka
Posted
15 minutes ago, MrSalazar said:

First activates 2-step verification on all your possible accounts, then searches for your virus's Personal ID" (_readme.txt), if you end up with t1 has offline key and is easier to solve.I'm on guard now to see if it's possible to decrypt my files.

PS: I've learned that by researching since yesterdayI've learned that by researching since yesterday.

Thanks, 

I have 2 - stepped already , thanks that was my first thing.

 

About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

 

Guess i can remain optimistic ? 

 

How about those files - should i attach them here ? what shall i do now?

 

Thanks for the explanation by the way. 

 

 

 

Share this post

Link to post
Share on other sites

MrSalazar    2

MrSalazar
Posted
5 minutes ago, FlakaShlaka said:

Thanks, 

I have 2 - stepped already , thanks that was my first thing.

 

About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

 

Guess i can remain optimistic ? 

 

How about those files - should i attach them here ? what shall i do now?

 

Thanks for the explanation by the way. 

 

 

 

I think just like me, you should create a topic with your log files (Addition and FRST), so that some technician here from the forum can analyze your system specifically and thus try to help in the best possible way.

I believe we should remain optimistic, yes, because our case has a better chance of a solution than others. I believe we should remain optimistic, yes, because our case has a better chance of a solution than others. I particularly nI'm ready to lose my data now.

GOOD LUCKY TO US!

  • Upvote 1

Share this post

Link to post
Share on other sites

GT500    654

GT500
Posted
22 hours ago, ostrick5465 said:

There is no way to decrypt my files without paying the hacker??? Can you help me?

Unfortunately there's nothing we can do with newer variants of STOP/Djvu that have an online ID. Since newer variants use RSA keys, they're impervious to known attacks, and the keys are too complex to brute force (even the most powerful super computer would take thousands of years to do it).

 

19 hours ago, isaiah11 said:

plz is my id online 

ID: iQatyF7PV7euq0PuNHH70JdFGuuTS71l53BVtEBe
heelp plz
 

That's an online ID as well.

 

15 hours ago, MrSalazar said:

Yeah, This's my ID too. I need to wait for updates?!

If your ID is an offline ID, then once we're able to find the private key for this variant (which we may have already), then our decrypter should be able to decrypt your files.

 

12 hours ago, FlakaShlaka said:

I have same problem with KODC files that were encrypted , that happend earlier today.

I'm not following what should i do - should i open a new topic here and attach my files from the  Farbar Recovery Scan Tool ? 

I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help,

I would be glad if you can maybe share instructions on how you can help me de-encrypt them ?

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

If you want to open a new topic to have your computer checked for remnants of the ransomware, then please feel free to do so. We'll need logs from FRST to look at in order to write a script, and this script will tell FRST what to delete. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

  • Like 1

Share this post

Link to post
Share on other sites

GT500    654

GT500
Posted
12 hours ago, FlakaShlaka said:

About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1

Guess i can remain optimistic ?

Yes, that should be an offline ID. If the decrypter isn't able to decrypt your files right now, then try running it once every week or two to see when we've added the private key for this variant of STOP/Djvu.

  • Like 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.