waleed elhoseny

all my file infected with ransomware (.kodc ) !!

Recommended Posts

my file encrypted and all his name end with (.kodc) extension !! 

I used djuv decoding program on the site and could not decode and the message was every time: - 

File: F:\demon tools\DTLite4454-0315.exe.kodc
Unable to decrypt Old Variant ID: LJunAPkuURCGRjHwKhFSOTPBpmSy1ofBEA5vhzEI
First 5 bytes: 4D5A900003

Unable to decrypt Old Variant ID: LJunAPkuURCGRjHwKhFSOTPBpmSy1ofBEA5vhzEI
First 5 bytes: FFD8FFE000  

Unable to decrypt Old Variant ID: LJunAPkuURCGRjHwKhFSOTPBpmSy1ofBEA5vhzEI
First 5 bytes: 1A45DFA301

I need help decoding to find out why files are not decrypted 

Share this post


Link to post
Share on other sites

If our decryption tool states that the files cannot be decrypted, then the files cannot be decrypted.

 

General Notes With Regards to STOP/DJVU

 

  1. If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted.  That is not an error message.
  2. If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files.  We do not have access to those keys.
  3. If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database.  Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key.
  4. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware.  If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key.
  5. New Variant STOP/DJVU utilizes the RSA encryption algorithm.  RSA is considered a secure encryption method and is unbreakable using current technologies.  It is not reversible, cannot be cracked, and we are not able to generate a decryption key.  So do not send us encrypted files thinking we can recover your decryption key, we can't.

 

Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.

Share this post


Link to post
Share on other sites

 hi kevin , 

Thank you for your interest in reading your notes and alerts, but there is an inquiry:
All hard disk partitions have been infected with stop-djav except for the main section (Section C) of the system, it is healthy and has not been infected, so does this mean that there is no need to make formatting for Section C and reinstalling a new Windows system.
Secondly, through your response, I understand that at the moment there is no solution that can be presented regarding decrypting files .. but I hope that you will discover and solve new codes for Virus-stop djuv as soon as possible and I will make a copy of the encrypted files so that I can decode them in As close as possible

Share this post


Link to post
Share on other sites
7 hours ago, waleed elhoseny said:

All hard disk partitions have been infected with stop-djav except for the main section (Section C) of the system, it is healthy and has not been infected, so does this mean that there is no need to make formatting for Section C and reinstalling a new Windows system.

Your files aren't infected. They're encrypted. The STOP/Djvu ransomware would have been installed in your user profile folder, which is usually on the C:\ drive. There is no harm in keeping your encrypted files, and I recommend making a backup of them to keep in case decryption is possible in the future.

  • Like 1

Share this post


Link to post
Share on other sites
15 hours ago, waleed elhoseny said:

do you think that i would  install  a new  windows system or its not  necessary ؟ 

I don't think it would be necessary, however it's an option that you can choose if you want to.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.