Jump to content

pcqq encrypted


suri
 Share

Recommended Posts

hello i have infected disk by pcqq,

Error: No key for New Variant online ID: AMXJSQ1gGZTIoYkMTJd9du621kMmnBdYxJjtcjBh
Notice: this ID appears to be an online ID, decryption is impossible

 

how can i repair this?Emisoft decryptor show message which i paste above.

Link to comment
Share on other sites

Hello @suri,

 

Welcome to the Emsisoft Support Forums.

 

I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU).

 

Please read this Topic. It contains information about your situation and whether or not your files can be decrypted.


https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

Hello. 

In any case, it is recommended to save the files to an external drive, which must then be disconnected from the PC.

There is a possibility that extortionists will someday publish the decryption keys or the police will arrest the server where these keys are stored.

Link to comment
Share on other sites

After neutralizing all malicious files you can try the following method.

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than losing everything...

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...