Pavlin_S

.topi extension ransomware

Recommended Posts

Today I got infected. I don't remember how, but I performed scan with malwarebytes. It cleaned up, also I removed every single program that the virus put in my pc. Now the only rest remain is that all my files in my external hard drive are encrypted with .topi extension. I trait your decryptor, but it wont help me. 

Is there any chance for me to get back my files? I am desperated, beause a lot fo them are .exe's. I am flight simulation player and all my software for it is encrypted. I do this for YT gaming. So, basically I need all of that to work in order for me to do my content. Please, tell me there's hope. 

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Здравей! @Pavlin_S

Also attach a ransom note and several encrypted files to your new message. 

Също така прикачете към новото си съобщение бележка за откуп и няколко криптирани файла.

 

Share this post


Link to post
Share on other sites

This is the newest variant of STOP Ransomware.

The Decryptor will not be able to decrypt the files until it has the decryption key for this variant .
First developers need to find it and add it to the decryption service. We need to look at your ID, which is in the ransom note, to tell you what to expect from this case.

Share this post


Link to post
Share on other sites

Here's the message in the drop down files over there.  @Amigo-A I am surprised you know Bulgarian so clearly, never knew people from my country in this forum.But here some airbrushes for Photoshop and other smaller things to demonstrate the problem. Added zip archive, small exe file from driver for my laptop and log file for a Virtual Airline software. I am not able to upload anything else, most of my data is EXE's and MP4's in that hard drive. And all of them are too big to upload here. 

_readme.txt 20_Architect_PS_Brushes_abr_vol_5.zip.topi tfdi_installer.log.topi BrightnessFix.exe.topi

Edited by Pavlin_S
remove part of the messae stuck in the reply
  • Like 1

Share this post


Link to post
Share on other sites
котировка

Ваш личный ID:
0200a7d6a8sda5fiEhw3LP92z7K64zdKSeh5D0TLLdYhoveBF9C5a

Аз не говоря български, за да може да се води сложен диалог. Това изисква дълга практика. :)

---

The problem is that your ID does not have “t1” at the end. It tell us that it is an online ID and not give hope that the files can be decrypted in the future, when support for this this variant is added to the Emsisoft Decryptor. 

Share this post


Link to post
Share on other sites

But this fact can only be confirmed when the Decryptor will supports this variant. Then he will say for sure that the files cannot be decrypted.

Here a detailed Help .

 

Share this post


Link to post
Share on other sites

@Demonslay335 made this decryptor and supports it with the help of Emsisoft.

Here and on the BleepingComputer forum. He will look at your files when he comes here. 

Share this post


Link to post
Share on other sites

This is my .topi ID and includes t1

Do you think it is offline and can be decrypted?

Could you please show me what to do now?

0200a7d6a8sda7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

Share this post


Link to post
Share on other sites

@akin

The ID is any offline ID.  The only way to know if it is decryptable or not is to run the decryption tool.

 

Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

 

Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation.

While it is very rare that it helps, you might try using undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation and will communicate on your behalf with the criminals that created the ransomware.

Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies that specialize in ransomware negotiation.

Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice. choice.

Share this post


Link to post
Share on other sites

Mine have been encrypted with the same ware

personal ID:
095Asdjh74yiUSHdfh74y7wlgj03aBeU43xA1mJMBMvyvGs6wERcrV31xRrt1

 

Tried using the decryptor and this is what i get for every file

 

File: F:\Documents\kebe APPOINTMENT CARD.docx.topi
Unable to decrypt Old Variant ID: z8NmjELd7txFYso2TeFqBPO3933BwbBmxX7Tplc1
First 5 bytes: 504B030414

File: F:\Documents\Finders Keepers (1991).mp4.topi
Unable to decrypt Old Variant ID: z8NmjELd7txFYso2TeFqBPO3933BwbBmxX7Tplc1
First 5 bytes: 0000002066

 

Any help will be greatly appreciated

 

Share this post


Link to post
Share on other sites
6 hours ago, traggs444 said:

Tried using the decryptor and this is what i get for every file

It's not abnormal for files to have different ID's than the ones in ransom notes. Unfortunately it's the ID's for the files that matter. You may have some files with offline ID's, however all of the others that have online ID's won't be decryptable.

 

6 hours ago, traggs444 said:

File: F:\Documents\kebe APPOINTMENT CARD.docx.topi
Unable to decrypt Old Variant ID: z8NmjELd7txFYso2TeFqBPO3933BwbBmxX7Tplc1

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

It's not abnormal for files to have different ID's than the ones in ransom notes. Unfortunately it's the ID's for the files that matter. You may have some files with offline ID's, however all of the others that have online ID's won't be decryptable.

 

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Many thanks for the reply. The personal id I posted is from a ransom note relating to a minor DAVDA attack about a year ago. Sadly the new ransom note has the id ending in c1. I usually let my laptop hibernate but yesterday i ran out of battery and restarted it for the first time in a while. That's when it all started playing up. I'm not familiar as to how online keys manifest but I cut the internet connection of less than a minute after my restart and a few minutes later I saw my files getting encrypted one by one. Resarted the laptop in safe mode and salvaged what I could but as my external drive was attached I have lost about 50% of my entire files.

Share this post


Link to post
Share on other sites

Mine have been encrypted with the same ware

File: F:\10.jpg.topi
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: FFD8FFE000

File: F:\10.jpg
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: FFD8FFE000

File: F:\1006020_160893127429715_1851905161_n.jpg.topi
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: FFD8FFE000

File: F:\cozinha.bak.topi
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: 4143313032

File: F:\3159.jpg.topi
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: FFD8FFE100

Any help will be greatly appreciated

  • Sad 1

Share this post


Link to post
Share on other sites
15 hours ago, GT500 said:

It's not abnormal for files to have different ID's than the ones in ransom notes. Unfortunately it's the ID's for the files that matter. You may have some files with offline ID's, however all of the others that have online ID's won't be decryptable.

 

That's a newer variant, not and older variant. We're looking in to why the decrypter is making that mistake, however our assumption at the moment is that it is defaulting to saying that when it can't connect to our database.

Do you think this problem about .topi will be solved for offline ID soon?

Is there any team who are working on this issue right now?

 

Share this post


Link to post
Share on other sites

Hi

I am also infected with this .topi extension for many important files.

please help me.

I use tool decrypt but show this message:

Quote

 

Starting...

File: C:\Users\chanh\Documents\New fol\Question and answers - stage 1.png.topi
Unable to decrypt Old Variant ID: RQt5E0X2eP2Npqr8PbfxeVehz7XOmQpj2ov1ISO4
First 5 bytes: 89504E470D

Finished!

 

I am uploading both original and encrypted file. there is also a _readme file

original file is : Question and answers - stage 1.png

encrypted is :Question and answers - stage 1.png.topi

_readme

Thanks.

Question and answers - stage 1.png
Download Image

_readme.txt Question and answers - stage 1.png.topi

Share this post


Link to post
Share on other sites

I've fixed the decryptor to no longer give the false-positive when it is really a New Variant (which .topi is).

@akin

Please read the FAQ. Everything there still applies to you since .topi is New Djvu. We can only get offline keys after a victim has paid and provided it to us. There's no "work" to really be done on our part. I'd recommend running the decryptor on some of your files maybe once every week or so; unfortunately we cannot announce to everyone as soon as we receive new offline keys.

  • Sad 1
  • Upvote 1

Share this post


Link to post
Share on other sites
On 1/25/2020 at 4:42 AM, traggs444 said:

I'm not familiar as to how online keys manifest but I cut the internet connection of less than a minute after my restart and a few minutes later I saw my files getting encrypted one by one.

The short explanation is that when the ransomware executes it will connect to its command and control servers via the Internet. If it's able to connect, the servers will generate a unique ID and unique public and private RSA keys, and then send the ID and public key to the ransomware. The ransomware will then begin encrypting files using the public key it received from the servers, adding the ID it received to the files and ransom notes for identification. Once the ransomware has received the ID and public key, disconnecting the Internet will have no effect, and the only way to stop it is to terminate the ransomware so that it is no longer running (for the average person shutting down the computer is the easiest way to do this).

 

On 1/25/2020 at 3:11 PM, Jefferson Sacani said:

File: F:\10.jpg.topi
Unable to decrypt Old Variant ID: OBmF9hDDG9PlAPggxJU6WbiMwKM0dPdUOWgj08C0
First 5 bytes: FFD8FFE000

As Demonslay335 already mentioned, this is actually a newer variant, and a bug in the decrypter was causing it to call it an old variant. The bug has been fixed, however this didn't effect decryption, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 1/26/2020 at 2:44 AM, Jitendra Choudhary said:

Please help me my data is encrypted and showing .topi extension after the all file name.

This is very important data for my study please help me. Give me solution for this problem.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 1/26/2020 at 8:46 AM, ravidubey said:

I am also infected with this .topi extension.

please help. 

I am uploading both original and encrypted file. there is also a _readme file

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 1/26/2020 at 11:05 PM, kamejoko said:

File: C:\Users\chanh\Documents\New fol\Question and answers - stage 1.png.topi
Unable to decrypt Old Variant ID: RQt5E0X2eP2Npqr8PbfxeVehz7XOmQpj2ov1ISO4
First 5 bytes: 89504E470D

As Demonslay335 already mentioned, this is actually a newer variant, and a bug in the decrypter was causing it to call it an old variant. The bug has been fixed, however this didn't effect decryption, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

1 hour ago, akin said:

They sent me a flie which is decrpted by them. Do you think it can help to get offline keys?

No, we'd need to extract the private key from the decrypter they send to victims who have paid the ransom.

Share this post


Link to post
Share on other sites

I ran the decrypter after DEMONSLAY335 debugged it. 
 

And I get:

Starting...

File: D:\san pd\Photos\pic 2.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\pic 3.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\Table (2).jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

 

And this for all the encrypted files.

So is it possible to work with file pairs and get the offline key?

And what if all victims pitch in and pay for one decrypter with emsisoft taking a lead. any thoughts?

 

 

 

 

 

Share this post


Link to post
Share on other sites

I ran the decrypter after DEMONSLAY335 debugged it. 
 

And I get:

Starting...

File: D:\san pd\Photos\pic 2.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\pic 3.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\Table (2).jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

 

And this for all the encrypted files.

So is it possible to work with file pairs and get the offline key?

And what if all victims pitch in and pay for one decrypter with emsisoft taking a lead and using the decrypter we receive to extract the key. 

My suggestion might sound absurd. Any thoughts?

 

 

 

 

 

Share this post


Link to post
Share on other sites
52 minutes ago, thegambler said:

I ran the decrypter after DEMONSLAY335 debugged it. 
 

And I get:

Starting...

File: D:\san pd\Photos\pic 2.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\pic 3.jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

File: D:\san pd\Photos\Table (2).jpg.topi
No key for New Variant offline ID: 7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

 

And this for all the encrypted files.

So is it possible to work with file pairs and get the offline key?

And what if all victims pitch in and pay for one decrypter with emsisoft taking a lead and using the decrypter we receive to extract the key. 

My suggestion might sound absurd. Any thoughts?

 

 

 

 

 

File pairs will not work with any 'new djvu' variant (of which .topi is one).

The  key received with the decrypter will only benefit you and the few others who have files encrypted with the offline key. Those whose files are encrypted by an online key are out of luck (and money).

It will decypt all of the encrypted files of the person whose ransom note and ID were used to get the decrypter and key.

  • Thanks 1

Share this post


Link to post
Share on other sites

@Joker(Whysoserious?)

TOPI is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool.  Any ID ending in t1 is an Offline ID anything else is an Online ID.  This is important as it tells us how the encryption key was generated.  There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection.  An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file.  An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files.

Why is this important?  The ID of the file(s) is how private encryption keys are identified.  If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s).  However, this is all contingent on us having a matching private encryption key in our database.  The downside of all this is that we are not currently in possession of private encryption keys for the TOPI variant of STOP/DJVU.

Share this post


Link to post
Share on other sites

File: J:\Fee\THR Zulda 2019.pdf.gesd
No key for New Variant online ID: V3RDVCfIwdMKZFVNEMtXn6JqYrMt9JuitmQIVVl7
Notice: this ID appears to be an online ID, decryption is impossible
 

 

is that can be solved ?

 

please help me... :(

Share this post


Link to post
Share on other sites

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-063L4ferhE
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0191gtd374y5iuhldV3RDVCfIwdMKZFVNEMtXn6JqYrMt9JuitmQIVVl7

Share this post


Link to post
Share on other sites
3 hours ago, Dazoel Hanzu said:

File: J:\Fee\THR Zulda 2019.pdf.gesd
No key for New Variant online ID: V3RDVCfIwdMKZFVNEMtXn6JqYrMt9JuitmQIVVl7
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-UdTNsLeiJA
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0200a7d6a8sdaRGej5g4wG2LOwkkxX4td8pTJH7gfVVJt1wPDLmQi

Share this post


Link to post
Share on other sites

No key for New Variant online ID: RGej5g4wG2LOwkkxX4td8pTJH7gfVVJt1wPDLmQi
Notice: this ID appears to be an online ID, decryption is impossible

File: D:\g-6-1.jpg.reha
No key for New Variant online ID: RGej5g4wG2LOwkkxX4td8pTJH7gfVVJt1wPDLmQi
Notice: this ID appears to be an online ID, decryption is impossible
 

contact.php.reha

Share this post


Link to post
Share on other sites

File: D:\downloads 16-06-2015\csm_2014_Result_WQ.pdf.topi
No key for New Variant online ID: 0l0UdriJzBpYByRCbwSEDQw7xAzPVOyTFxzryUii
Notice: this ID appears to be an online ID, decryption is impossible

please try helping me and other innocents who have fallen prey please i just cannot afford the money to pay them .i do not have any means to pay. somehow please help the poor like us.

Share this post


Link to post
Share on other sites

@test

Your IDs are Online IDs and cannot be decrypter using our tool.

@shiva

Only the criminals have the private decryption keys for online Ids, we do not have access to those.

Share this post


Link to post
Share on other sites

Hello @sulaiman,

 

Welcome to the Emsisoft Support Forums.

 

The ID in the ransom note is an Online ID.  Meaning that our tool more than likely cannot decrypt your files.  However, you files could have more different IDs.  Please run our decryption anyway.

 

To Download the STOP/DJVU decryption tool visit https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Share this post


Link to post
Share on other sites
13 hours ago, shiva said:

please try helping me and other innocents who have fallen prey please i just cannot afford the money to pay them .i do not have any means to pay. somehow please help the poor like us.

5 hours ago, sulaiman said:

please try helping me and other innocents who have fallen prey please i just cannot afford the money to pay them .i do not have any means to pay. somehow please help the poor like us.

Do you have two accounts?

Share this post


Link to post
Share on other sites
On 1/31/2020 at 4:09 AM, Demonslay335 said:

@akin @thegambler

Try running the decryptor again with an internet connection; we may have recently received the offline key matching that ID. 😉

@Demonslay335 Guys I cant tell you how happy I am and how grateful I am. 🤪
THANK YOU SO MUCH @Demonslay335 and Emsisoft @GT500 @Kevin Zoll 

You guys r awesome

  • Upvote 1

Share this post


Link to post
Share on other sites

Hi sir

this is the only key i found in my personal id file.  kZDsGIdXRTY7S4EEMB014Bfc2BfggTcKM0v4BcFG

couple of days ago when i installed a new windows 10 just after that i found all of my internal and external drives are infected by the .topi extension . please help me i have lost about 1Tb of my personal Data/ hope you do.

thanks

 

Share this post


Link to post
Share on other sites
On 2/1/2020 at 11:47 AM, thegambler said:

@Demonslay335 Guys I cant tell you how happy I am and how grateful I am. 🤪
THANK YOU SO MUCH @Demonslay335 and Emsisoft @GT500 @Kevin Zoll 

You guys r awesome

Congrats Buddy you r lucky that have an offline id. :) Please pray for us that we recover our data too.. may Emisoft get cirminal's database of online keys.. 

 

18 hours ago, akin said:

Thanks Emsisoft!!! topi decrypted !!

Congrats.. :) Please pray for us that we recover our data too.. may Emisoft get cirminal's database of online keys.. 

Share this post


Link to post
Share on other sites
On 2/2/2020 at 7:05 AM, romi said:

this is the only key i found in my personal id file.  kZDsGIdXRTY7S4EEMB014Bfc2BfggTcKM0v4BcFG

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

On 2/2/2020 at 7:05 AM, romi said:

couple of days ago when i installed a new windows 10 just after that i found all of my internal and external drives are infected by the .topi extension .

KMSpico? It's pretty bad about installing the STOP/Djvu ransomware, however technically STOP/Djvu is distributed via numerous types of pirated software, music, and movies (for the later two it's usually fake downloads disguised as music and movies).

 

On 2/2/2020 at 11:54 AM, akin said:

hope u fix soon  too

Encrypted files aren't an error we can "fix". Since newer variants of STOP/Djvu use RSA public and private keys for encryption and decryption, we need the private keys so that we can decrypt files. Without private keys, decryption is impossible.

Share this post


Link to post
Share on other sites

Good day. my files were encrypted by this .topi virus and have the same personal ID with akin and thegambler. however i cant seem to install the djvu decryptor on my windows 7. Do i need to update to windows 10 in order for me to install it. thank you so much

here is my Personal id: 0200a7d6a8sda7757TLxCRXnSjhJoq4TruFpvTlag0OKn6hPITYt1

Share this post


Link to post
Share on other sites
14 hours ago, R_kent said:

Do i need to update to windows 10 in order for me to install it.

Now that support for Windows 7 has been discontinued by Microsoft, upgrading to Windows 10 is recommended. That being said, it is not a requirement for the decrypter to work.

Please refer to the following from About the STOP/Djvu Decrypter:

Quote

Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again.

Windows 7 comes with .NET version 3.5 if I remember correctly, and version 4 and newer are not automatically installed by Windows Update, so you have to install them manually on Windows 7.

Share this post


Link to post
Share on other sites

Microsoft .NET Framework 4.5
https://www.microsoft.com/en-US/download/details.aspx?id=30653

Microsoft .NET Framework 4.5.2 (Offline Installer)
https://www.microsoft.com/en-US/download/details.aspx?id=42642

Microsoft .NET Framework 4.6 Preview (Offline Installer) 
https://www.microsoft.com/en-US/download/details.aspx?id=44927

Microsoft .NET Framework 4.7 (Offline Installer)
https://www.microsoft.com/en-US/download/details.aspx?id=55167

Microsoft .NET Framework 4.8 Runtime
https://dotnet.microsoft.com/download/dotnet-framework/net48

There is an option to select the desired language. 

Version 4.5 or 4.5.2 will be sufficient for the Emsisoft Decryptor to work.

 

Share this post


Link to post
Share on other sites

If you have not previously installed, then you need to check if Microsoft Visual C ++ 2013 Redistributable (or newer) is installed on the your system.
For x64 systems, you must first install the package for x64, then for x86. For x86 systems install only the package for x86. It can be installed from here:

Visual C++ Redistributable Packages for Visual Studio 2013
https://www.microsoft.com/en-us/download/details.aspx?id=40784

Visual C++ Redistributable for Visual Studio 2015
https://www.microsoft.com/en-US/download/details.aspx?id=48145
https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.