haithamm2023 0 Posted March 15, 2023 Share Posted March 15, 2023 I have ((Ransomware virus)) all of my Date change extinction to (( QAZX )) what can i do and this unit virus not support to clean or remove this ...!!!?? pls any body can tell me what can i do to retrieve my data.? My pleasure thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted March 17, 2023 Administrators Share Posted March 17, 2023 Please provide: - logs collected with ESET Log Collector - a handful of encrypted files (ideally Office documents) - the ransomware note with payment instruction. Link to comment Share on other sites More sharing options...
itman 1,758 Posted March 17, 2023 Share Posted March 17, 2023 (edited) You're infected with: Quote If you cannot open your images, documents, or files and they have a .qazx extension, then your computer is infected with the STOP/DJVU ransomware. As noted in this removal guide: https://malwaretips.com/blogs/remove-qazx-ransomware-virus/ , recovery of your encrypted files is questionable. Edited March 17, 2023 by itman Link to comment Share on other sites More sharing options...
safety 8 Posted March 25, 2023 Share Posted March 25, 2023 On 3/15/2023 at 6:49 PM, haithamm2023 said: I have ((Ransomware virus)) all of my Date change extinction to (( QAZX )) If the ransom note has the name _readme.txt, then it is most likely Filecoder.STOP, decryption is possible if encryption could happen with an offline key. Quote New Version: The newest extensions released around the end of August 2019 AFTER the criminals made changes....starting with .coharos (v146) were never supported by STOPDecrypter. However, OFFLINE IDs/KEYS for some newer variants have been obtained by Emsisoft and uploaded to their server. This is possible after a victim pays the ransom, receives a private key from the criminals and shares (donates) that key with the Emsisoft Team. ONLINE KEYS are UNIQUE for each victim and just like older versions, they are randomly generated in a secure manner and are impossible to decrypt without paying the ransom which is not advisable. Since ONLINE KEYS are unique and random for each victim, they cannot be shared or re-used by other victims. https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-djvu-puma-promo-support-topic/ Link to comment Share on other sites More sharing options...
el el amiril 0 Posted March 29, 2023 Share Posted March 29, 2023 @haithamm2023 did you check your eset ransomware protection? Link to comment Share on other sites More sharing options...
itman 1,758 Posted March 29, 2023 Share Posted March 29, 2023 2 hours ago, el el amiril said: @haithamm2023 did you check your eset ransomware protection? Assumed is the OP did not have Eset installed when he was infected with ransomware. If Eset was installed, he would be "ranting" how Eset didn't detect it. el el amiril 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,295 Posted March 29, 2023 Administrators Share Posted March 29, 2023 I've just come across a case where the user downloaded a KMS "activator": 27. 3. 2023 20:33:45 Real-time file system protection file D:\SOFT WIN10\Ofimatika\Office Professional Plus 2021 AIO 2 In 1 - 2202 (build 14931.20132) - Ita (23 Aprile 2022) by GRISU\Activator_KMS_VL_ALL_AIO\KMS_VL_ALL_AIO.exe Win32/Filecoder.Crysis.P trojan cleaned by deleting Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (6DAB8C3822A0CAB5B621FD2B7F16AEBB159BCB56). Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files. el el amiril and Nightowl 2 Link to comment Share on other sites More sharing options...
LesRMed 26 Posted March 29, 2023 Share Posted March 29, 2023 50 minutes ago, Marcos said: Because it was detected and ESET allegedly prevented it from running, he paused protection, thinking that activation will succeed then. Instead the ransomware was run and encrypted files. Some people are their own worst enemy. Link to comment Share on other sites More sharing options...
itman 1,758 Posted March 29, 2023 Share Posted March 29, 2023 (edited) 28 minutes ago, LesRMed said: Some people are their own worst enemy. I was just going to post the same. I will also add; 1. You are performing illegal activity. 2. The method used to perform the illegal activity is one that has been of late repeatedly publicly commented on as having a high likelihood of infecting your PC with malware. 3. You disable your security protection to allow the method to run unimpeded. Finally, you expect your security vendor to assist you in correcting the situation. I say ........... not! Edited March 29, 2023 by itman LesRMed 1 Link to comment Share on other sites More sharing options...
Recommended Posts