Jump to content

My files are infected PAHD virus personal key 0301ewgfDd5bOBKF6n1URxqStLrNH6aCmtuuBrGxpTVnlBS8fO


Recommended Posts

  • ARMAN25 changed the title to My files are infected PAHD virus personal key 0301ewgfDd5bOBKF6n1URxqStLrNH6aCmtuuBrGxpTVnlBS8fO

That extension is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred some time ago, before the 29th of August 2019.

 

Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if a victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.

Your Personal ID appears to be an Online ID.

Link to comment
Share on other sites

Just now, ARMAN25 said:

Can I backup it maybe some day it will be possible

This needs to be done.

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.
There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.
Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

 

Link to comment
Share on other sites

We try to take every chance that can help affected users get their files back without paying the ransom.

I recommend this following method only when there is no other way, or when the affected user cannot wait long ... You decide what action to take.

1) If you have encrypted archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

An alternative method for other files has not yet been found.

Link to comment
Share on other sites

Image files are inherently more compressed than media files and therefore encryption greatly changes their code.

Alas. No trusted method was found that would recover image files without decryption.
The data recovery software will also not help you recover files after encryption.

The encrypted files need to be saved for the future. Perhaps there will be a new method for recovering or decrypting files.

Or the extortionists will be generous and publish the decryption keys.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...