Jump to content

Please help! My window 10 has new encrypted file extension ".NEER"

Recommended Posts

My all files have been encrypted with a new extension called .NEER. I've read some blogs about the ransomware using offline and online IDs. My personalID ends with t1, indicating offline ID. I ran Malwarebytes on the system and all threats have removed. Then i downloaded Emsisoft to encrypt all files. But it said, the .NEER extension is new, so far it doesn't have any key to encrypt the data. 

Please help, I've very important data of my study and business. 

Link to comment
Share on other sites

That extension is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred some time ago, before the 29th of August 2019.


Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.

Link to comment
Share on other sites

One more thing.

As i mistakenly did open my internet after ransomware infection once for the purpose to install malwarebytes, then immediately closed when i saw my fresh file on desktop encrypted. Just now, I see i have another ID shows under previous ID. In C drive, i had systemID folder, and a notepad file which contains my ID that ends with t1.

Photo is attached 

Link to comment
Share on other sites

Hello @Arslanportal

Good, you have an offline ID. 

This is how the decryptor informs that it does cannot decrypt the files now because it does not yet have the decryption key for this variant.

Its addition to Decryptor depends on the voluntary transfer of the key so that others victims can decrypt the files without paying a ransom. But we cannot predict when someone will share the purchased key with the 'Emsisoft Decryptor' developers.
The encrypted files need to be saved to an external drive to prevent encryption from being repeated by another ransomware attack.

Highly undesirable try different software that is not designed to decrypt files after the 'STOP Ransomware'. 
Other software can damage your files and make decryption impossible. 
If you are doing experiments, make a copy of the encrypted files for testing.

Link to comment
Share on other sites

This 'STOP Ransomware' enters the PC due to the fact that it is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an 'info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.
Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ 

Link to comment
Share on other sites

If the files are urgently needed now, and you cannot wait for a lucky time of decryption...

You must use this method at your own risk. It will be better to make a copy of the encrypted files for this test without risking the original files. Something will be restored better, something will be restored worse. 

If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. The extension can be removed, and the files must be extracted. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.


An alternative method for other files has not yet been found.

In addition, encrypted files can be transferred to an external drive and disconnected from the PC until the lucky chance of decryption.

Link to comment
Share on other sites

  • 2 weeks later...

Hello @Mohit Chaudhari

If the online ID was used, then the files cannot be decrypted using the Emsisoft decryptor. 

Read my two posts above. 
First, you need to check your PC and remove malware.
The second post describes two methods for recovering some files. Read and try to do as it says.
We'd love to help more, but there is nothing more to offer you.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...