Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Execute

Pages: 1 2 [3] 4 5 ... 26

Malware Removal Questions and Guides / Re: .Codnat Extension

« on: May 20, 2019, 05:21:30 pm »

Quote from: qbaccservweb on May 18, 2019, 10:48:53 pm

Hi there,
My computer has been infected with .CODNAT extension virus. I have 3 partitions with data and all have been renamed with this extension.

There is _readme.txt file in every folder with personal key and asking for money to decrypt files. What should I do, please help.

Your personal ID:
083Asdheu37hifsdftysizAgnIVcyibsAUbeyanzqv77uZnDl0SgZaBMR

We know about the virus and luckily for you there is a decryptor released.
However, the decryptor is not guaranteed to work 100% with your version.
Since the decryption keys are OFFLINE ones, they might not work,
but it is your best bet and you might as well try:

https://sensorstechforum.com/remove-codnat-ransomware/

Check the section Update May 2019.

Best Regards,
Execute

Malware Removal Questions and Guides / Re: Archivos con ext .verasto por virus (PARA) ransomware

« on: May 15, 2019, 05:30:02 pm »

Quote from: thor on May 12, 2019, 11:25:19 pm

Ayuda por favor , me infecto un ransomware y mis archivos estan cifrados con ext .verasto , como puedo recuperarlos .

plis help , my files txt, jpeg, wav, doc, xls , etc, have extention .verasto, was been infected with virus (PARADA) ransomware, I need to recovery my information , somebody help me ?? please

@thor,
There is no decryption tool for this exact variant, yet.
Check our blog post for an update - if there is a decryptor, we will put it there:

https://sensorstechforum.com/remove-verasto-files-virus/

Malware Removal Questions and Guides / Re: .eth Ransomware

« on: May 15, 2019, 05:27:35 pm »

Quote from: Klausjb on May 10, 2019, 02:27:58 pm

My Server are encrypt with Ransomware. All Files has extention .eth.
Kaspersky, GDATA and other can't help.
Does anyone have a way to help me ?

Preposition thanks to

Currently, there is no known decryption tool that will recover your files.
Check our article from time to see if there is a decrypter available, but over more than a year, there is no decryptor for any Dharma ransomware variant.

Here is the aforementioned article:
https://sensorstechforum.com/remove-eth-ransomware-dharma/

Malware Removal Questions and Guides / Re: .Codnat Extension

« on: May 15, 2019, 05:19:40 pm »

Quote from: Salmon on May 13, 2019, 05:07:45 pm

Good day, thank you for this forum,awesome. I was infected with the STOP- .codnat extension on a 1 TB External,had to format my Alien-ware 17R3, downloaded STOPDecrypter, it runs but needs a key for ID:Qfu13uHgAsRudCYCjYn4qU0HmlNTMv2NBe7wE9zi, states no key for this ID, can this be achieved,tried Spyware, but to no prevail. This would be a Blessing.

Regards

Salmon

Good day, Salmon. The STOP decryptor is not absolute and does not decrypt all versions of the STOP ransomware.
Wait for an update and periodically check this article for updates:

https://sensorstechforum.com/remove-codnat-ransomware/

Malware Removal Questions and Guides / Re: GRANDCRAB V4

« on: May 15, 2019, 05:08:37 pm »

@Nigel, some GandCrab versions came out after GandCrab 5.1, even when they had numeration that was less than 5.1.
I think this is not one of them, and we had people successfully decrypting 5.0.4 - not all versions of the 5.0.4 variant are the same. But for specifics, you should ask BitDefender.

Malware Removal Questions and Guides / Re: ransomware dharma gate

« on: May 09, 2019, 11:51:15 am »

Quote from: yamil on May 07, 2019, 09:22:33 pm

ransomware dharma extension gate encripto mis archivos.
como elimino el ransomware dharma ?

@yamil,

To see how to eliminate Dharma (.gate), you can read this article:

.gate Files Virus (Dharma) – How to Remove It

For now there is no known file decryption tool for this virus.

Kind Regards,
Execute

Malware Removal Questions and Guides / Re: KIRATOS decrypt need

« on: May 07, 2019, 02:36:27 pm »

Quote from: pentiumflash on April 27, 2019, 12:59:38 pm

hello friends...i need kiratos decrypt.... all my files are. .kiratos file.. can you help me?

Wait for a decryptor. Until then you can read this article to check how you can remove the .kiratos files virus:

https://sensorstechforum.com/kiratos-files-virus-stop-remove/

Best Regards!

EDIT: Inside the article there is a decryptor linked with which you can try to decrypt your files.

Malware Removal Questions and Guides / Re: Files Encrypted With Random File Extensions

« on: April 15, 2019, 04:35:51 pm »

@dwanawijaya

Unfortunately, there is no decryption tool available for .browsec virus.
You can backup your files and wait for a decryptor - if such a tool is released, we will publish it here or inside the article:

https://sensorstechforum.com/browec-files-virus-remove/

Malware Removal Questions and Guides / Re: .major ransomware decryption

« on: April 15, 2019, 03:42:09 pm »

Quote from: yogirajtheultron on April 08, 2019, 09:07:50 pm

My data is encrypted and it has .major ransomware, can anyone have any solution?

To remove the virus and see how you might recover some of your files, check out the article:

.major ransomware virus

Malware Removal Questions and Guides / Re: .bk666 dharma + crysis ransomware

« on: April 15, 2019, 03:37:54 pm »

Hello @endiamin,

ransomware viruses, especially Dharma/CrySiS have obfuscation methods to try and avoid security software and release different versions on a daily basis. Even that .bk666 cryptovirus is based on Dharma, there is no decryption software for it. You can backup the encrypted files and wait, but be warned that a decryption solution might never get released.

Here is a link to our article, in case you want to inform yourself on the ransomware:

What is .bk666 Files Virus (Dharma)

You can try using a data recovery tool to see if you are lucky to restore some files, as ransomware might delete the original files after encrypting their copies.

Kind Regards,
Execute

Malware Removal Questions and Guides / Re: Decrypt files affected by ransomware extension changed to etols

« on: April 15, 2019, 02:22:36 pm »

Quote from: iuh1917 on April 15, 2019, 09:04:40 am

Files on my laptop have been infected by ransomware extensions changed to etols. Please help decrypt files.

Another person who wrote on the forum has this problem.
I have answered on the following link: http://sensorstechforum.com/forums/malware-removal-questions-and-guides/help!!-extension-etols/

Malware Removal Questions and Guides / Re: help!! extension .etols

« on: April 15, 2019, 02:21:06 pm »

Quote from: x1245 on April 10, 2019, 07:18:59 pm

I would like to know if you have any solution to decrypt a file with the .etols

I was invaded yesterday afternoon and so far I have not found a solution.

I hope you help me, thank you

Hello, x1245

We have an article about this ransomware. At the bottom of it there is a decryption tool that you can try out, but it might not work with your version of the virus. Here is a link to the article:

.etols Files Virus

You should also back up your most important files, too.

Best of luck,
Execute

Malware Removal Questions and Guides / Re: How to recover files encrypted with .refols ransomware

« on: April 08, 2019, 12:29:33 pm »

Quote from: osalmasan on April 05, 2019, 02:09:49 pm

Hi, recently my laptop got infected with this ransomware and encrypted with a .refols extension.
Please see ransomware note and sample infected file.
https://www.dropbox.com/sh/wrf7vjjg611s47g/AAC2b88SrYAkxjWNc9vMHGECa?dl=0

Tried using STOP Decryptor but no lock. Just wandering if there are anybody from here who has the same experience as mine.

Thank you, osalmasan for sharing this information.
We have a post in our blog about .refols Files Virus and sadly, the STOP decryptor is not yet adapted to work with this variant of the ransomware.

Keep track of the decryptor - it might get updated to decrypt .refols locked files in the future.

Malware Removal Questions and Guides / Re: .Horse4444 ransomware

« on: April 04, 2019, 04:10:23 pm »

@Gheto

Hello, apologies for the late reply.
Horse4444 is indeed another version of .ox4444 (GlobeImposter) ransomware.
The ransom note is absolutely the same, including the emails, too.

Unfortunately there is still no decryption tool for both of them as far as we know.

Did you try the older GlobeImposter Decryptor developed by EMSIsoft?
You can download it from the GlobeImposter Decryptor link here or from the official EMSIsoft website.

It was made for a previous version and the prerequisites needed (taken from the EMSIsoft site):

"The decrypter requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data."

Would you mind sharing how did you get your system infected?

And also good luck with the decryptor, although it is very old and I kind of doubt that it will work. It even might mess with your files, so do a backup (if you already haven't) just in case.

Do backups from now on - they are the most reliable thing for recovery from ransomware attacks.

Kind Regards,
Execute

Malware Removal Questions and Guides / Re: GANDCRAB v 5.2

« on: April 03, 2019, 06:48:14 pm »

Quote from: Gheto on March 31, 2019, 10:35:11 am

Grangab or Grancrab? because if you're searching for grancrab malware decryptor there is one in https://labs.bitdefender.com/category/free-tools/

Yes, and the same link is found in our article along with instructions about it.

Cheers for posting, though!

Pages: 1 2 [3] 4 5 ... 26