suri Posted November 16, 2021 Report Share Posted November 16, 2021 hello i have infected disk by pcqq, Error: No key for New Variant online ID: AMXJSQ1gGZTIoYkMTJd9du621kMmnBdYxJjtcjBh Notice: this ID appears to be an online ID, decryption is impossible how can i repair this?Emisoft decryptor show message which i paste above. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 17, 2021 Report Share Posted November 17, 2021 Hello @suri, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Link to comment Share on other sites More sharing options...
suri Posted November 21, 2021 Author Report Share Posted November 21, 2021 ehhh ok, but tell me please if ther an option in future your software will be able to decrypt this pcqq? should i wait or remove disk for new??:/ Link to comment Share on other sites More sharing options...
Amigo-A Posted November 21, 2021 Report Share Posted November 21, 2021 Hello. In any case, it is recommended to save the files to an external drive, which must then be disconnected from the PC. There is a possibility that extortionists will someday publish the decryption keys or the police will arrest the server where these keys are stored. Link to comment Share on other sites More sharing options...
Amigo-A Posted November 21, 2021 Report Share Posted November 21, 2021 After neutralizing all malicious files you can try the following method. This is not the decryption, it is the recovery of certain types of files using the features of these files. 1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable. 2) There is an alternative (additional) way to recover some media files: WAV, MP3, MP4, M4V, MOV, 3GP. https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file. 3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%). Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on stone than one created in MS Office. An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than losing everything... Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 29, 2021 Report Share Posted November 29, 2021 Thread Closed Link to comment Share on other sites More sharing options...
Recommended Posts