Tekendra 0 Posted January 21, 2020 Report Share Posted January 21, 2020 my all files on computer encrypted into .kodc files. how to get them back? Class6 and 7.docx.kodc Quote Link to post Share on other sites
GT500 883 Posted January 22, 2020 Report Share Posted January 22, 2020 This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Quote Link to post Share on other sites
ostrick5465 0 Posted January 23, 2020 Report Share Posted January 23, 2020 Quote To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0198nTsddKHLQ36C96dsoqr6abmwWX1HNK93TCkLtlKlQaUCQ Is my key a online key? Who can help me :( Quote Link to post Share on other sites
GT500 883 Posted January 23, 2020 Report Share Posted January 23, 2020 1 hour ago, ostrick5465 said: Quote Your personal ID: 0198nTsddKHLQ36C96dsoqr6abmwWX1HNK93TCkLtlKlQaUCQ Is my key a online key? Who can help me That's an online ID. Quote Link to post Share on other sites
ostrick5465 0 Posted January 23, 2020 Report Share Posted January 23, 2020 1 hour ago, GT500 said: That's an online ID. There is no way to decrypt my files without paying the hacker??? Can you help me? Quote Link to post Share on other sites
mado 1 Posted January 23, 2020 Report Share Posted January 23, 2020 0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 that is my ID got kodc extension ransomware vrius is offline key ? in case yes i run the emisoft decryptor it did not works please is there any solution ? 1 Quote Link to post Share on other sites
isaiah11 0 Posted January 23, 2020 Report Share Posted January 23, 2020 plz is my id online ID: iQatyF7PV7euq0PuNHH70JdFGuuTS71l53BVtEBe heelp plz Quote Link to post Share on other sites
Amigo-A 142 Posted January 23, 2020 Report Share Posted January 23, 2020 3 hours ago, mado said: 0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Hello @mado with t1 - offline iD But so that you can decrypt your files, developers need to add support for the variant with the .kodc extension to the Emsisoft Decryptor. While this is the latest version of STOP Ransomware and there is no data that can be added for decryption. You need to wait until this is done. First you need scan PC to deactivate the malware end eliminate re-encryption processes. We saw active malware processes in PCs other affected users that encrypted new files in real time after the encryption is already done. This is much worse than the first, because new encryption may begin to use the online key. 1 Quote Link to post Share on other sites
mado 1 Posted January 23, 2020 Report Share Posted January 23, 2020 thank you so much i ran the antimalware deleted the malicious virus and made a reset to pc is this enough ? Quote Link to post Share on other sites
Amigo-A 142 Posted January 23, 2020 Report Share Posted January 23, 2020 19 minutes ago, mado said: a reset to pc is this enough ? It is difficult to say how much your PC and files were damaged and how the PC was reset. Sometimes a rollback may not fix the situation. It will be better if you do as recommended in the message — with Farbar Recovery Scan Tool Quote Link to post Share on other sites
Amigo-A 142 Posted January 23, 2020 Report Share Posted January 23, 2020 Also check the PC with this tool so that the specialists from Emsisoft can check the security of using a PC. http://dl.emsisoft.com/EmsisoftEmergencyKit.exe Quote Link to post Share on other sites
MrSalazar 2 Posted January 23, 2020 Report Share Posted January 23, 2020 2 hours ago, Amigo-A said: Hello @mado with t1 - offline iD But so that you can decrypt your files, developers need to add support for the variant with the .kodc extension to the Emsisoft Decryptor. While this is the latest version of STOP Ransomware and there is no data that can be added for decryption. You need to wait until this is done. First you need scan PC to deactivate the malware end eliminate re-encryption processes. We saw active malware processes in PCs other affected users that encrypted new files in real time after the encryption is already done. This is much worse than the first, because new encryption may begin to use the online key. Yeah, This's my ID too. I need to wait for updates?! I ran the decryptor uninternet-free, because I'm afraid to call again, but I read on a website that the program needs internet. Quote Link to post Share on other sites
Amigo-A 142 Posted January 23, 2020 Report Share Posted January 23, 2020 @MrSalazar Theoretically, your cases may be identical, but practically computers are different and need to study each in detail. 1 Quote Link to post Share on other sites
MrSalazar 2 Posted January 23, 2020 Report Share Posted January 23, 2020 16 minutes ago, MrSalazar said: I ran a program on my computer and suddenly programs started to be installed on my system, and the memory started to get full and everything got slow, so I disconnected the internet and stopped, then I used SpyHunter 4 and did a cleanup (77 threats) and then how much of the internet i turned on the problem again the problem had not solved and started all over again, so I turned off the internet again, but this time Ransom had already installed itself and then everything got the extension .KODC, and after that I scanted with AdwCleaner; Avira and WinDefender. I tried using decrypter here from the site, but instead of scanning the folder I selected it started scanningall, and gave error in 9 8% of the files scanned until I abort. Then I read in a post that needs to be connected to the internet, but I'm afraid to connect again and happen all over again. PS: I cleaned the Win Scheduler; I used the Disk Cleaning toolto clean up some temporary files. Config: Win 10 x64 Addition.txt 46.33 kB · 1 download FRST.txt 136.24 kB · 1 download Can you analyze my post, plz. 15 minutes ago, Amigo-A said: @MrSalazar Theoretically, your cases may be identical, but practically computers are different and need to study each in detail. i'm downloading NET framework 4.8 now. Quote Link to post Share on other sites
Amigo-A 142 Posted January 23, 2020 Report Share Posted January 23, 2020 You have created a new topic, it is better to stick to it so that help is individual. 1 Quote Link to post Share on other sites
FlakaShlaka 0 Posted January 23, 2020 Report Share Posted January 23, 2020 Hello , I have same problem with KODC files that were encrypted , that happend earlier today. I'm not following what should i do - should i open a new topic here and attach my files from the Farbar Recovery Scan Tool ? I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help, I would be glad if you can maybe share instructions on how you can help me de-encrypt them ? Thanks Quote Link to post Share on other sites
MrSalazar 2 Posted January 23, 2020 Report Share Posted January 23, 2020 8 minutes ago, FlakaShlaka said: Hello , I have same problem with KODC files that were encrypted , that happend earlier today. I'm not following what should i do - should i open a new topic here and attach my files from the Farbar Recovery Scan Tool ? I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help, I would be glad if you can maybe share instructions on how you can help me de-encrypt them ? Thanks First activates 2-step verification on all your possible accounts, then searches for your virus's Personal ID" (_readme.txt), if you end up with t1 has offline key and is easier to solve.I'm on guard now to see if it's possible to decrypt my files. PS: I've learned that by researching since yesterdayI've learned that by researching since yesterday. Quote Link to post Share on other sites
FlakaShlaka 0 Posted January 23, 2020 Report Share Posted January 23, 2020 15 minutes ago, MrSalazar said: First activates 2-step verification on all your possible accounts, then searches for your virus's Personal ID" (_readme.txt), if you end up with t1 has offline key and is easier to solve.I'm on guard now to see if it's possible to decrypt my files. PS: I've learned that by researching since yesterdayI've learned that by researching since yesterday. Thanks, I have 2 - stepped already , thanks that was my first thing. About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Guess i can remain optimistic ? How about those files - should i attach them here ? what shall i do now? Thanks for the explanation by the way. Quote Link to post Share on other sites
MrSalazar 2 Posted January 23, 2020 Report Share Posted January 23, 2020 5 minutes ago, FlakaShlaka said: Thanks, I have 2 - stepped already , thanks that was my first thing. About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Guess i can remain optimistic ? How about those files - should i attach them here ? what shall i do now? Thanks for the explanation by the way. I think just like me, you should create a topic with your log files (Addition and FRST), so that some technician here from the forum can analyze your system specifically and thus try to help in the best possible way. I believe we should remain optimistic, yes, because our case has a better chance of a solution than others. I believe we should remain optimistic, yes, because our case has a better chance of a solution than others. I particularly nI'm ready to lose my data now. GOOD LUCKY TO US! 1 Quote Link to post Share on other sites
GT500 883 Posted January 24, 2020 Report Share Posted January 24, 2020 22 hours ago, ostrick5465 said: There is no way to decrypt my files without paying the hacker??? Can you help me? Unfortunately there's nothing we can do with newer variants of STOP/Djvu that have an online ID. Since newer variants use RSA keys, they're impervious to known attacks, and the keys are too complex to brute force (even the most powerful super computer would take thousands of years to do it). 19 hours ago, isaiah11 said: plz is my id online ID: iQatyF7PV7euq0PuNHH70JdFGuuTS71l53BVtEBe heelp plz That's an online ID as well. 15 hours ago, MrSalazar said: Yeah, This's my ID too. I need to wait for updates?! If your ID is an offline ID, then once we're able to find the private key for this variant (which we may have already), then our decrypter should be able to decrypt your files. 12 hours ago, FlakaShlaka said: I have same problem with KODC files that were encrypted , that happend earlier today. I'm not following what should i do - should i open a new topic here and attach my files from the Farbar Recovery Scan Tool ? I completed the scan and was generated with 2 files , should i attach them here? it seems that none of the STOP DJVU or others apps are at any help, I would be glad if you can maybe share instructions on how you can help me de-encrypt them ? This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ If you want to open a new topic to have your computer checked for remnants of the ransomware, then please feel free to do so. We'll need logs from FRST to look at in order to write a script, and this script will tell FRST what to delete. You can find instructions for downloading and running FRST at the following link:https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ 1 Quote Link to post Share on other sites
GT500 883 Posted January 24, 2020 Report Share Posted January 24, 2020 12 hours ago, FlakaShlaka said: About my ID :0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Guess i can remain optimistic ? Yes, that should be an offline ID. If the decrypter isn't able to decrypt your files right now, then try running it once every week or two to see when we've added the private key for this variant of STOP/Djvu. 1 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.