Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware Infection


  • This topic is locked This topic is locked
No replies to this topic

#1 timmytheman2

timmytheman2

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 19 May 2015 - 04:08 PM

I have received the Ransomware Infection and have tired to use a few scanners to remove the Infection and some but not all the doucmnets are encrypted and i have backup the others to a USD drive.

 

OS: Windows 7, Windows 7, Windows Server 2008 R2 and 2012 R2 (Multiple infections and possibly spread by shared folders)

 

I have tried to use the following to detect the virus.

 

Symantec Endpoint Protection

Sophos Virus Removal Tool

HitmanPro

SpyHunter14

Malwarebytes

 

We think we have isloaded the spead of it however not having any luck to remove the infection with the above tools.

 

We have tired to use the TeslaDecoder but didn't find the key file

 

There were some weird hidden folders with random names with picture and word files with random names also

 

 

Name of the txt file: HELP_RESTORE_FILES_jtqnt

 

Body of the txt

All your documents, photos, databases and other important files have been encrypted
with strongest encryption RSA-2048 key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main encryptor red window, examine it and follow the instructions.
Otherwise, it seems that you or your antivirus deleted the encryptor program.
Now you have the last chance to decrypt your files.
Open in your browser one of the links:
https://www.reomesoess.com 
http://tlunjscxn5n76iyz.djismrkcida45.com 
https://tlunjscxn5n76iyz.tor2web.blutmagie.de 
They are public gates to the secret server.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
1BE1S6JoeoXrzxbnKwVTF7iU4woLYWqUsY
Follow the instructions on the server.


If you have problems with gates, use direct connection:
1. Download Tor Browser from http://torproject.org
2. In the Tor Browser open the http://tlunjscxn5n76iyz.onion/  
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
1BE1S6JoeoXrzxbnKwVTF7iU4woLYWqUsY
Follow the instructions on the server.


Edited by timmytheman2, 19 May 2015 - 04:13 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users