Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ID Ransomware - Identify What Ransomware Encrypted Your Files


  • Please log in to reply
292 replies to this topic

#286 kolonita

kolonita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 21 June 2017 - 03:48 PM

this is the text file i found 

 

Your personal files encryption produced on this computer: photos, videos, documents, etc.
Encryption was produced using a unique public key RSA-2048 generated for this computer.
 
To decrypt files you need to obtain the private key.
 
If your time is up, or you or your antivirus deleted CryptoLocker from your computer,
and you do not see CryptoLocker window - the latest copy of the key remains our support.
 
To obtain the private key for this computer, you need pay 0.1 Bitcoin (~277 USD)
 
---------------------------------------------------------------------------------------------------
 
Your Bitcoin address:
 
1L8LD2coipwgzPHN4Q7xu9CGcak3wqpSk1
 
You must send 0.1 Bitcoin to the specified address and report it to e-mail customer support.
 
In the letter title you must specify your Bitcoin address to which the payment was made.
 
Support e-mail: cat01@protonmail.com cat01@t.pl
 
Please do not contact customer support with the request to get the key for free.
Such messages will be marked as spam and decryption in the future will be impossible.
 
Thank you for understanding.
 
---------------------------------------------------------------------------------------------------
 
The most convenient tool for buying Bitcoins in our opinion is the site:
 
 
There you can buy Bitcoins in your country in any way you like, including electronic payment systems,
credit and debit cards, money orders, and others.
 
Instructions for purchasing Bitcoins on account localbitcoins.com read here:
 
 
Video tutorial detailing on buying Bitcoins using the site localbitcoins.com here:
 
 
Please check other ways to buy bitcoins:
 
 
 
Also you can use to buy Bitcoins these sites:
 
https://www.bitstamp.net/ - Big BTC exchanger
https://www.coinbase.com/ - Other big BTC exchanger
https://btcdirect.eu/ - Best for Europe
https://coincafe.com/ - Recommended for fast, many payment methods
https://bittylicious.com/ - Good service for Europe and World
 
---------------------------------------------------------------------------------------------------
 
Please do not try to decrypt the files by third-party decryptors, an error that allowed
to decrypt files for free, it has been found and corrected as early as one of the earliest versions.
Decrypt the files for free at the moment is impossible. Do not waste your time!
 
Attention!
 
After 168 hours, we reserve the right to increase the amount of the payment at its discretion.) 
 
 
 
 
 
and the desktop background has been changed to this
 
I can't do a backup as my files at least 160 G


BC AdBot (Login to Remove)

 


#287 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 21 June 2017 - 04:18 PM

That looks to be the ransom note for PClock Ransomware.

There is ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Unfortunately, newer PClock variants are not decryptable.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#288 kolonita

kolonita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 21 June 2017 - 04:45 PM

That looks to be the ransom note for PClock Ransomware.

There is ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

Unfortunately, newer PClock variants are not decryptable.

 

ooops 

:(

 is there any solution to restore at least the photos ??????????



#289 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 21 June 2017 - 04:54 PM

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. Other possible options include using native Windows Previous Versions and Shadow Explorer. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...however, it never hurts to try.

If that is not a viable option and if there is no free decryption tool, the only other alternative is to save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#290 kolonita

kolonita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 22 June 2017 - 04:17 AM

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. Other possible options include using native Windows Previous Versions and Shadow Explorer. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work either...however, it never hurts to try.

If that is not a viable option and if there is no free decryption tool, the only other alternative is to save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.

Ok ,,,, but how to know if the malware deleted and my laptop is clean ,,, and if ai install a new windows version  this would clean it from malwares???



#291 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 22 June 2017 - 05:06 AM


If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes 3.0, HitmanPro and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#292 kolonita

kolonita

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 22 June 2017 - 05:09 AM

Thanks 



#293 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 22 June 2017 - 05:23 AM

You're welcome and good luck.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users