-
Content Count
29 -
Joined
-
Last visited
Profile Information
-
Gender
Male
-
Location
Russia
-
Interests
forum.esetnod32.ru
Recent Profile Visitors
600 profile views
-
ESET Endpoint Security 7 BETA signup
safety replied to Peter Randziak's topic in ESET Beta Products for Business Users
Please send me link EES 7 beta + EEA 7 beta -
@ Ali Akbar In your case, ESET discovered a note about the redemption, which apparently remained in the system for some reason. (As they say, there were only horns, but the legs of the encoder). The main body of the encoder in the system is not, at least, you would see its result in the form of encrypted files. This file (!#_RESTORE_FILES_#!.INF) can not be deleted by the ESET antivirus, because it was detected at the time of scanning the system in malwarebytes, so mbam blocked it.
-
@Marcos this is most likely BTCWare. https://id-ransomware.malwarehunterteam.com/identify.php?case=2877613b7a7ce3420fe5a415bc24e7d190472452 The .WALLET extension has been used by several ransomwares to include CryptoMix Wallet Ransomware, Dharma (CrySiS) Ransomware, BTCWare.wallet and Sanctions Ransomware which does not contain the standard Dharma/Crysis file markers. .[<email>].ID.<16 random hexadecimal character ID>.WALLET (i.e. ,[ADMIN@HOIST.DESI].ID[DF1866CB3A6F9701].WALLET) = CryptoMix .id-<8 random hexadecimal characters>.[<
-
.arena Virus on Windows server 2008 R2
safety replied to netbus's topic in Malware Finding and Cleaning
you can use this service to correctly determine the type of encoder. On a note on redemption, an encrypted file, on the contact e-mail https://id-ransomware.malwarehunterteam.com/index.php eg: https://id-ransomware.malwarehunterteam.com/identify.php?case=26bfdc216afdb6c5c1e6cb46d0db179f30c7bf79 -
In the log we see that the decoder is running in the key detection mode, but the key does not explicitly find, and therefore the decryption of the files that are added to the test folder is impossible. [2017.09.21 15:01:55.705] - INFO: Init: CleanerMode(DetectKeys) [2017.09.21 15:01:55.707] - INFO: Init: Generating test vectors... [2017.09.21 15:01:55.997] - INFO: Looking for infected files... [2017.09.21 15:01:55.997] - -------------------------------------------------------------------------------- [2017.09.21 15:01:55.997] - [2017.09.21 15:01:56.037] - ----------------
-
Dear Marcos, I know that Virlab can calculate the key for several encrypted (office) documents. :). And I once asked for help with the decryption of files after Xorist / Filecoder.Q. I'm wondering if it's possible to calculate the decryption key yourself using the FilecoderQCleaner utility using the "/ a" option ?
-
Tell me, please, can I use the / a option to define the decryption key for several encrypted files? How to use this option correctly? and what information can I get with this? If possible, please show a specific example.
-
Win32/Exploit.CVE-2017-0147.A not deleted
safety replied to hungtt's topic in Malware Finding and Cleaning
Attackers attack the system from an external network. Either WannaCry, or AdylKuzz It is necessary to eliminate the vulnerability of the system. -
Interesting, Judging by the technical description of Symantec, SOREBRECT uses the already known encoder AES_NI as the encoder https://www.bleepingcomputer.com/forums/t/635140/aes-ni-ransomware-aes256-aes-ni-read-this-importanttxt-support-topic/
-
Clean an AES-NI or XData infection using the ESET AES-NI decryptor hxxp://support.eset.com/kb6467/ https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
-
At the forum forum.esetnod32.ru we solve the problem with WMI scripts using the program Universal Virus Sniffer https://forum.esetnod32.ru/forum6/topic14074/
-
Decrypt and remove Teslacrypt 3.0 .mp3 files
safety replied to hassancasa's topic in Malware Finding and Cleaning
hxxp://download.eset.com/special/ESETTeslaCryptDecryptor.exe hxxp://support.eset.com/kb6051/ -
@doctorWho We had to immediately specify the extension of the encrypted files. If it was * .vvv, then at this point, ESET has been the solution for decoding. But like BloodDolly.
-
Hi. Will it be possible for the decoding of the new version of enigma (*.enigma)? beginning with the spread of 10 August 2016. (the previous version was transcribed.) Examples of encrypted files can add to the message.
-
@Flickwine Check whether the decoder will help https://decrypter.emsisoft.com/lechiffre