Sign in to follow this  
Audrish

Help, my pc is infected by .npsk

Recommended Posts

Hello,
My pc is infected by malware.All of my files have been encrypted by .npsk I'm looking forward for a decryptor and a malware removal software.I downloaded the software from emsisoft but it says it cant delete the virus because it might crash the operating system. I uploaded everything you need to know about my problem
 

Capture.PNG
Download Image

_readme.txt

SALARY STATEMENT.docx.npsk

Share this post


Link to post
Share on other sites

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

As for the message from Emsisoft Emergency Kit, let's try getting a log from FRST, and see if it shows the infection. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Share this post


Link to post
Share on other sites

Please download the following fixlist.txt file and save it to the Desktop:

https://www.gt500.org/emsisoft/fixlist/2020-03March-25/Audrish/fixlist.txt

NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop.

  1. Run the FRST download from earlier, and press the Fix button just once and wait.
  2. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do.
  3. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.

Share this post


Link to post
Share on other sites

my file is encrypted by NPSK virus and when I run Emisoft STOP/Djvu… it said your online ID is online and the encryption is impossible...what can I do.. what kind of antimalware or removal tool can I used..yaaah I saw that i 'll not be able to decrypt my files now.. but is there any program will solve these problem? or not and when? … I hope you to find the solution quickly  

Share this post


Link to post
Share on other sites

Hii I am also facing similar issue. I have reinstalled windows afterwards. Now my PC is free from Malware. But I am not able to recover my encrypted files. Please help.

I have reinstalled Windows 10 and after that Run the scan. Log is attached bellow. I need to recover/ decrypt my files. Thank you a lot

Addition.txt Fixlog.txt FRST.txt

Share this post


Link to post
Share on other sites
18 hours ago, Audrish said:

I did the Emsisoft Emergency kit scan again but it gives the same messege again

Run another scan with FRST, and attach the new logs to a reply for me to review.

 

14 hours ago, mohamed khedr said:

my file is encrypted by NPSK virus and when I run Emisoft STOP/Djvu… it said your online ID is online and the encryption is impossible...what can I do.. what kind of antimalware or removal tool can I used..yaaah I saw that i 'll not be able to decrypt my files now.. but is there any program will solve these problem? or not and when? … I hope you to find the solution quickly  

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

10 hours ago, Rathna said:

Hii I am also facing similar issue. I have reinstalled windows afterwards. Now my PC is free from Malware. But I am not able to recover my encrypted files. Please help.

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
40 minutes ago, GT500 said:

This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Hie I was affected by this ransomware too with an extension file of .npsk. I quarantined the malware but all my files are decrypted. I ran the emsisoft decryptor and it showed the following results.

File: C:\Users\blessing\Desktop\Chaptron\~$re drill flyr.docx.npsk
No key for New Variant offline ID: PUYef3QgyNaY7l8zzvWo4yIuFfw9blf3NZjYd3t1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

 

I have attached one of my affected files.

 

Please help.

Process.txt.npsk

Share this post


Link to post
Share on other sites
23 hours ago, Blessing said:

No key for New Variant offline ID: PUYef3QgyNaY7l8zzvWo4yIuFfw9blf3NZjYd3t1
Notice: this ID appears be an offline ID, decryption MAY be possible in the future

This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

21 hours ago, Audrish said:

I removed the virus using spy hunter 5.Thank you. But is there any way i can get my files back?  

Your ID is an online ID, so currently there is no way to decrypt your files.

Share this post


Link to post
Share on other sites
5 hours ago, Audrish said:

Should I wait for the decryptor to release?

No new decrypter will be released. If law enforcement is some day able to catch the criminals or at least gain access to their database server and release their private keys, they we will be able to add them to our database used by our decrypter.

 

4 hours ago, Audrish said:

Thanks a lot, I'm re-installing windows asap

Normally I would say that's not necessary with this particular ransomware, however your computer was very infected (with a lot more than just ransomware) so I think that's probably a good idea here. Just be sure that you don't use pirated copies of Windows, and definitely don't use KMS/KMSPico since it is known to install the STOP/Djvu ransomware at least occasionally.

Share this post


Link to post
Share on other sites

You can download and install Windows 10 for free, and I would believe it's still possible to skip entering a product code and use it for 30 days for free:
https://www.microsoft.com/en-us/software-download/windows10

There are a few places to get discount license keys for Windows (TechPowerUp occasionally advertises some retailers with sales), however Windows 10 will still accept Windows 7, Windows 8, and Windows 8.1 product codes as long as they are for the same edition that you installed (Home or Pro).

Share this post


Link to post
Share on other sites
2 hours ago, Roozeabi said:

I did the FRST scan.It gave 3 .txt files

Fixlist files are custom scripts intended to only be run on a single computer. A fixlist written for someone else probably won't do anything useful on your computer, and could even potentially cause harm depending on what's in it, so only run a fixlist for FRST if a helper or support representative qualified to write one specifically asks you to do so.

As for the other FRST logs you posted, was there something specific you wanted me to look for? At first glance I'm not seeing any obvious signs of infection.

Share this post


Link to post
Share on other sites

My system is infected with STOPdjvu ransomware and all my files are lost. I got acquainted with your forum by searching the internet and found that you have guided others and I did as directed and sent you the result. Please guide me how to recover lost files. After that I reinstalled Windows. Maybe that's why it's not a ransomware in my system. Of course, I also installed a few programs and checked the system.

Please tell me if I need to do something.

Share this post


Link to post
Share on other sites

You can't actually get the files back because they don't have the decryptor for online ID's such as mine. I also got infected by the same virus.If it's possible to catch the hacker in future, they can recover the keys for specific ID's

Share this post


Link to post
Share on other sites
18 hours ago, Roozeabi said:

My system is infected with STOPdjvu ransomware and all my files are lost. I got acquainted with your forum by searching the internet and found that you have guided others and I did as directed and sent you the result. Please guide me how to recover lost files. After that I reinstalled Windows. Maybe that's why it's not a ransomware in my system. Of course, I also installed a few programs and checked the system.

Please tell me if I need to do something.

Did you try the STOP/Djvu decrypter? There's more information about it at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites
21 hours ago, Roozeabi said:

Yes I tried STOP/Djvu decrypter but it didn't decrypt my files.

Did it tell you the ID for your files?

Share this post


Link to post
Share on other sites
14 hours ago, Roozeabi said:

No key for New Variant online ID: a6ntMpnIMF31vxKSjFNMJlsTGwZQtPg2UOidpn2s
Notice: this ID appears to be an online ID, decryption is impossible

This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.