enzi

Nedd help ! Where is my password ?

Recommended Posts

Hello everyone.

May the New Year 2020 bring Good Health, Happiness, Joy and Prosperity to you and your family.

I come to you to ask help.
My hard disk has been corrupted by .djvuq virus. 
The app STOPDjvu.exe does decrypt my files but NOT all.
As I wish to decrypt all remaining files so I would like inject into the app my personal ID given by the ransomer but I do not know how to get the password.
If you could help me I would be grateful.
My personal ID is : 0190aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo

My deep thanks in advance for  your kindness and time.
Best regards,
enzi

Walking The Nile - Part 02 - South Sudan - YouTube.MKV.djvuq

Cannelle-ecorce.docx.djvuq

Share this post


Link to post
Share on other sites
6 hours ago, enzi said:

My hard disk has been corrupted by .djvuq virus.

That is one of the earliest of the old variants of the STOP/Djvu ransomware. I'm not certain what the offline ID was for that one (it's early enough that I don't think offline ID's ended in "t1" for every variant), however the odds are it's an online ID. You'll probably need to supply file pairs via our online submission form in order to help the decrypter "learn" how to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
21 hours ago, enzi said:

My personal ID is : 0190aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo

I've been told that this is an online ID, so I was correct that you'll have to submit file pairs. If you need any help or have any questions then let me know.

Share this post


Link to post
Share on other sites

Note that if you reply to the forum notifications via e-mail, they don't go directly to me. Please be sure to click the link in the e-mails to visit the forum topic, and reply there instead of by e-mail.

If your file pairs are too large to upload via the submission form, then you may use a file sharing network to upload them and send me the download link via a private message. For everything else, the submission form at the following link will be much faster:
https://decrypter.emsisoft.com/submit/stopdjvu/

Share this post


Link to post
Share on other sites

Hello GT500,

Thank you ever so much for your reply.

May I send you 2 files, the original and the same encrypted. Each one has 11 863 Kb.
The maximum of bytes allowed is 249.83 Mb
But I do not know why I can not upload them.

So I have to send you their links :

 

https://drive.google.com/file/d/19qgALbdXURVjQR0OZmwTvuIXalPxzGdl/view?usp=drive_web

https://drive.google.com/file/d/1tMXvQBK2U4ODMXqvt497LWC8HP0iNv3E/view?usp=drive_web

I hope that you can download them.

My deep thanks in advance for your kindness and time
Best regards,
enzi

Post-Scriptum : Following your valuable advice I sumitted my 2 files to https://decrypter.emsisoft.com/submit/stopdjvu/
and I got response like this:

 

Your file pair for ".doc" files was processed.

Please note this will only allow the tool to decrypt files that match the following criteria:

  • • Starts with the bytes: 7B5C727466
  • • Were encrypted with ID: 0aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo

 

Would you, please, mind telling me what I can do with these ?
Thanks.

 

Share this post


Link to post
Share on other sites
On 2/2/2020 at 12:39 AM, enzi said:

Each one has 11 863 Kb

That's less than 12 MB. You're not able to upload them?

Share this post


Link to post
Share on other sites

Hello GF500,

Thank you for your reply.
I hope you are doing well.
Following your valuable advice, I submitted 2 identical files with the extension .mkv, one normal and the other encrypted.
But I don't know why I didn't get any results.
The second time, I submitted a list of 2 files with the extension .ts and I got no results too !
Do you know why?
May I send you 2 files with the extension .mkv?
I would appreciate if you could help me.
My deep thanks in advance for your kindness and time.

Best regards,
enzi

https://drive.google.com/file/d/1dc9ruey-Wq_24-1fpOmJHobvr2x-uw0p/view?usp=drive_web
https://drive.google.com/file/d/1X8zKkXUo-AbU_XOslnePQfUodfJkHdos/view?usp=drive_web

Share this post


Link to post
Share on other sites
29 minutes ago, enzi said:

Following your valuable advice, I submitted 2 identical files with the extension .mkv, one normal and the other encrypted.
But I don't know why I didn't get any results.
The second time, I submitted a list of 2 files with the extension .ts and I got no results too !
Do you know why?

Did the submission form display any error messages?

 

30 minutes ago, enzi said:

May I send you 2 files with the extension .mkv?

Yes, as long as they are larger than 150 KB we can manually process them.

Share this post


Link to post
Share on other sites

@enzi

The files you submitted are both the exact same file. You just copied the file and removed the .djvuq extension from one of them... that will not work. It has to be the same file before the encryption.

Share this post


Link to post
Share on other sites

Hello CT500,
Hello Demonslay335,

Thank you so much for having been kind enough to reply me.

Yes, I did submit 2 identical files (same size) for example:
- abcdef.ts
- abcdef.ts.djvuq 
that means the second file (abcdef.ts.djvuq) is encrypted by the djvuq virus
The size of each file size submitted is 96 844 KB.
After processing by  Emsisoft STOPDjvu application, there was no message displayed.

Thanks in advance for your help.
Bes regards

Share this post


Link to post
Share on other sites

The encrypted file would be exactly 78 bytes larger than the original if it is truly the same file before and after the encryption.

The MKV files you posted links to were the exact same file. Meaning the "original" was also encrypted.

Per the FAQ on the submission page, if the files are too large to submit (generally >10MB), then you need to supply the filepairs for us to manually add to the server.

I can see you have submitted valid filepairs for files starting with the following byte sequences so far:

0000001866

7B5C727466

Share this post


Link to post
Share on other sites

Hello Demonslay335,

Thanks for your reply.

I just realized that I got the wrong original file.
Thousand excuses.
I will try to send them to you again.
The size of each file is 96 844 KB.

Best regards,
enzi
Post-Scriptum :  Upload attached files fails !
I think the best way to send my files is by Google Drive.

Share this post


Link to post
Share on other sites

Hi Demonslay335,

I have just finished uploading the original file.
Please find below the links of my 2 files.

https://drive.google.com/file/d/1ZvoQqM6fJceg6a6FCHup7VfoQRkuEsru/view?usp=drive_web

https://drive.google.com/file/d/1dc9ruey-Wq_24-1fpOmJHobvr2x-uw0p/view?usp=drive_web

My personal ID: 0aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo

A lot of thanks in advance for your kindness,

Best  regards,
enzi 

Share this post


Link to post
Share on other sites

Ok, that was a good pair. You should be able to decrypt most of your MKV files now.

[+] ID: 0aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo
[+] Created keystream for files starting with: 1A45DFA301

 

Share this post


Link to post
Share on other sites

Hi Demonslay335.

You are great !  I do not know  how to thank you !
 Would you, please, mind telling me how to the include the key  1A45DFA301 into STOPDjvu ? Please excuse me,  I am very ignorant !

I have also used STOPDjvu to decrypt my .ts files but without success ! 
Thanks in advance for your time and help.

Best regards,
enzi

Share this post


Link to post
Share on other sites
2 hours ago, enzi said:

Would you, please, mind telling me how to the include the key  1A45DFA301 into STOPDjvu ? Please excuse me,  I am very ignorant !

There's no need for you to do anything. They keystream is saved in our database, and the decrypter will simply connect to our database and retrieve the keystream from it.

Just run the decrypter again, and most of your MKV files should be decrypted.

Share this post


Link to post
Share on other sites

Hello GT500
Hello Demonslay335,

A big thank to both of you.

Up to now, my .mkv files are perfectly decrypted..
It's very curious that decrypt_STOPDjvu decrypts some .mp4 but not all files !

I have a lot of .ts files.  I will send you the links of one pair of them and ask you to help me more more time.

Thanks ion advance for your precious help,

Best regards,
enzi

 

Share this post


Link to post
Share on other sites

Hello GT500
Hello Demonslay335,

As I said before.
Please find below the links of my 2 .ts files .

Thanks in advance for your kindness and time.

Best  regards,
enzi

https://drive.google.com/file/d/1_jVPLn7KpjjGKd1JRDYwk4tI1JyNPGTw/view?usp=drive_web
https://drive.google.com/file/d/1S-K59mNtn3eHRRY4tGorWTbmU9GdkXvF/view?usp=drive_web

 

 

Share this post


Link to post
Share on other sites

Ok, filestream for that first 5 bytes sequence has been added to the server.

[+] ID: 0aZtkyoY1nTxvQd50TNprSNj7jVZPwwCjh6KwJxo
[+] Created keystream for files starting with: 4740001100

As for the "some vs all", that is answered in the FAQ. Applies for any file format that doesn't have a 100% static 5 bytes at the start.

Quote

The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from.

 

Share this post


Link to post
Share on other sites


Hello Demonslay335.

Thank you ever so much for your kindness.

Except the 3 .ts files, the others were well decrypted.

Yes, I read the FAQ you mentioned.

However the remaining 3 files not decrypted came from the same television broadcast series. Mystery !

Best regards,
enzi

Edited by GT500
Fixed typo.

Share this post


Link to post
Share on other sites

enzi

Maybe there is some other secret.
Add these files too, maybe the decoder developer can do something for the sake of sports interest. 😄

Share this post


Link to post
Share on other sites

Hello Amigo-A,

Thank you so much for your intervening.
Following your advice, may I send you the links of my 2 others files.

https://drive.google.com/file/d/1ICDWFOjVv9wru5Yl_3rpBnE5S-iK27YZ/view?usp=drive_web
https://drive.google.com/file/d/1788-cBxxkmcXHIqhgx-qw4m24WAoI_Q1/view?usp=drive_web

Hope that you will find the secret code.
Thanks in advance for your help.

Best regards,
enzi

Share this post


Link to post
Share on other sites

Those files have the same first 5 bytes as the first pair (4740001100). Thus, it will not help decrypt any other files that were skipped.

The files that were skipped must have a different sequence of the first 5 bytes. The decryptor would tell you this as it skips them. You will need a good filepair with that same first 5 bytes in order to generate a keystream us to be able to decrypt the other files.

Share this post


Link to post
Share on other sites

Hello Demonslay335,

Thank you for your kind reply.
The original .ts files whose encrypted copies were not decrypted by your STOPDecrypter application, came from the same source
I don't know how there is such a difference in the first bytes.

Best regards,
enzi

Share this post


Link to post
Share on other sites

From what I can look up, the .ts extension seems to be part of the MPEG format; which does not have a standard set of bytes at the beginning past the first 0x47. There's nothing else we can do at the moment in that case, if you cannot find a good original file to match one of those encrypted files that is skipped. The decryptor will tell you what the first 5 bytes of the skipped file are.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.