Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


files encrypted to .kcnhkok extension by CTB Locker

  • This topic is locked This topic is locked
1 reply to this topic

#1 psudhakar999


  • Members
  • 3 posts
  • Local time:07:45 AM

Posted 19 January 2015 - 03:51 PM

Dear All,


                     I am also effected with same problem till now no solution was done all trails I have made but no use.  I have shared file which i received in Mail. 

Decrypt All Files kcnhkok.txt (File)
Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.
If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.
in your browser. They are public gates to the secret server. 
If you have problems with gates, use direct connection:
1. Download Tor Browser from http://torproject.org
2. In the Tor Browser open the http://ohmva4gbywokzqso.onion/
   Note that this server is available via Tor Browser only. 
   Retry in 1 hour if site is not reachable.
Copy and paste the following public key in the input form on server. Avoid missprints.
Follow the instructions on the server.



Mr. Bleepin' Janitor  was right I have tried Rector Decryptor as per log it was detecting suspicious file but error was below



01:18:34.0440 0x07f0  Trojan-Ransom.Win32.Rector decryptor tool Dec 17 2014 13:15:42

01:18:35.0189 0x07f0  ============================================================
01:18:35.0189 0x07f0  Current date / time: 2015/01/20 01:18:35.0189
01:18:35.0189 0x07f0  SystemInfo:
01:18:35.0189 0x07f0  
01:18:35.0189 0x07f0  OS Version: 6.1.7601 ServicePack: 1.0
01:18:35.0189 0x07f0  Product type: Workstation
01:18:35.0189 0x07f0  ComputerName: SUPERVISOR-PC
01:18:35.0189 0x07f0  UserName: supervisor
01:18:35.0189 0x07f0  Windows directory: C:\Windows
01:18:35.0189 0x07f0  System windows directory: C:\Windows
01:18:35.0189 0x07f0  Processor architecture: Intel x86
01:18:35.0189 0x07f0  Number of processors: 2
01:18:35.0189 0x07f0  Page size: 0x1000
01:18:35.0189 0x07f0  Boot type: Safe boot with network
01:18:35.0189 0x07f0  ============================================================
01:18:35.0189 0x07f0  Initialize success
01:18:41.0647 0x05c4  ProcessDriveEnumEx: Drive C:\ type 3:0
01:32:58.0765 0x05c4  Found suspicious file: D:\WP_20141120_003.JPG.kcnhkok
01:32:58.0812 0x05c4  This file is not recognized as Trojan-Ransom.Win32.Rector, file path: D:\WP_20141120_003.JPG.kcnhkok
01:32:58.0812 0x05c4  Found suspicious file: D:\WP_20141120_006.JPG.kcnhkok
01:32:58.0953 0x05c4  This file is not recognized as Trojan-Ransom.Win32.Rector, file path: D:\WP_20141120_006.JPG.kcnhkok
01:32:58.0953 0x05c4  Found suspicious file: D:\WP_20141120_007.JPG.kcnhkok
01:32:58.0968 0x05c4  This file is not recognized as Trojan-Ransom.Win32.Rector, file path: D:\WP_20141120_007.JPG.kcnhkok
01:32:58.0968 0x05c4  ProcessDriveEnumEx: Drive E:\ type 5:0
01:32:58.0968 0x05c4  No decrypted files
01:32:58.0968 0x05c4  
01:32:58.0968 0x05c4  Statistic:
01:32:58.0968 0x05c4  Processed: 190251
01:32:58.0968 0x05c4  Found: 16712
01:32:58.0968 0x05c4  Decrypted: 0
01:32:58.0968 0x05c4  ================================================================================
01:32:58.0968 0x05c4  Scan finished
01:32:58.0968 0x05c4  ================================================================================
01:43:55.0854 0x07f4  Deinitialize success

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,606 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:15 PM

Posted 19 January 2015 - 04:11 PM

You have been advised what to do in this topic.

Do not post attachments containing possible malware or links to malware related sites. You can submit a sample of an encrypted file here: http://www.bleepingcomputer.com/submit-malware.php?channel=3
with a link to your topic.

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection.

To avoid confusion, this topic is closed.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users