Jump to content


  • Content Count

  • Joined

  • Last visited

Profile Information

  • Gender
  • Location
  • Interests

Recent Profile Visitors

623 profile views
  1. @ Ali Akbar In your case, ESET discovered a note about the redemption, which apparently remained in the system for some reason. (As they say, there were only horns, but the legs of the encoder). The main body of the encoder in the system is not, at least, you would see its result in the form of encrypted files. This file (!#_RESTORE_FILES_#!.INF) can not be deleted by the ESET antivirus, because it was detected at the time of scanning the system in malwarebytes, so mbam blocked it.
  2. @Marcos this is most likely BTCWare. https://id-ransomware.malwarehunterteam.com/identify.php?case=2877613b7a7ce3420fe5a415bc24e7d190472452 The .WALLET extension has been used by several ransomwares to include CryptoMix Wallet Ransomware, Dharma (CrySiS) Ransomware, BTCWare.wallet and Sanctions Ransomware which does not contain the standard Dharma/Crysis file markers. .[<email>].ID.<16 random hexadecimal character ID>.WALLET (i.e. ,[ADMIN@HOIST.DESI].ID[DF1866CB3A6F9701].WALLET) = CryptoMix .id-<8 random hexadecimal characters>.[<
  3. you can use this service to correctly determine the type of encoder. On a note on redemption, an encrypted file, on the contact e-mail https://id-ransomware.malwarehunterteam.com/index.php eg: https://id-ransomware.malwarehunterteam.com/identify.php?case=26bfdc216afdb6c5c1e6cb46d0db179f30c7bf79
  4. In the log we see that the decoder is running in the key detection mode, but the key does not explicitly find, and therefore the decryption of the files that are added to the test folder is impossible. [2017.09.21 15:01:55.705] - INFO: Init: CleanerMode(DetectKeys) [2017.09.21 15:01:55.707] - INFO: Init: Generating test vectors... [2017.09.21 15:01:55.997] - INFO: Looking for infected files... [2017.09.21 15:01:55.997] - -------------------------------------------------------------------------------- [2017.09.21 15:01:55.997] - [2017.09.21 15:01:56.037] - ----------------
  5. Dear Marcos, I know that Virlab can calculate the key for several encrypted (office) documents. :). And I once asked for help with the decryption of files after Xorist / Filecoder.Q. I'm wondering if it's possible to calculate the decryption key yourself using the FilecoderQCleaner utility using the "/ a" option ?
  6. Tell me, please, can I use the / a option to define the decryption key for several encrypted files? How to use this option correctly? and what information can I get with this? If possible, please show a specific example.
  7. Attackers attack the system from an external network. Either WannaCry, or AdylKuzz It is necessary to eliminate the vulnerability of the system.
  8. Interesting, Judging by the technical description of Symantec, SOREBRECT uses the already known encoder AES_NI as the encoder https://www.bleepingcomputer.com/forums/t/635140/aes-ni-ransomware-aes256-aes-ni-read-this-importanttxt-support-topic/
  9. Clean an AES-NI or XData infection using the ESET AES-NI decryptor hxxp://support.eset.com/kb6467/ https://download.eset.com/com/eset/tools/decryptors/aesni/latest/esetaesnidecryptor.exe
  10. At the forum forum.esetnod32.ru we solve the problem with WMI scripts using the program Universal Virus Sniffer https://forum.esetnod32.ru/forum6/topic14074/
  11. hxxp://download.eset.com/special/ESETTeslaCryptDecryptor.exe hxxp://support.eset.com/kb6051/
  12. @doctorWho We had to immediately specify the extension of the encrypted files. If it was * .vvv, then at this point, ESET has been the solution for decoding. But like BloodDolly.
  13. Hi. Will it be possible for the decoding of the new version of enigma (*.enigma)? beginning with the spread of 10 August 2016. (the previous version was transcribed.) Examples of encrypted files can add to the message.
  14. @Flickwine Check whether the decoder will help https://decrypter.emsisoft.com/lechiffre
  • Create New...