Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need to get rid of ransomware now


  • This topic is locked This topic is locked
8 replies to this topic

#1 SnoopyDrew

SnoopyDrew

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 19 April 2016 - 11:10 PM

I have no idea what the hell this is. I got a court appearance letter in my email and ended up getting ransomware. I am somewhat tech savvy and I have no idea what in the hell this crap is. I tried malwarebytes and it did nothing. I get this message every time I restart my PC. This is a VERY expensive PC and I do not want anything to happen to it. Please god help me fix this so I do not have to deal with this crap anymore. 

 

ATTENTION!
 
All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.46223 BTC (bitcoins).
Please follow this manual:
 
1. Create Bitcoin wallet here:
 
 
2. Buy 0.46223 BTC with cash, using search here:
 
 
3. Send 0.46223 BTC to this Bitcoin address:
 
      1C762DdAq86bcPvpCuPXneeM7nCLmoRUD9
 
4. Open one of the following links in your browser to download decryptor:
 
 
5. Run decryptor to restore your files.
 
PLEASE REMEMBER:
 
      - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
      - Nobody can help you except us.
      - It`s useless to reinstall Windows, update antivirus software, etc.
      - Your files can be decrypted only after you make payment.
      - You can find this manual on your desktop (DECRYPT.txt).
 


BC AdBot (Login to Remove)

 


#2 SnoopyDrew

SnoopyDrew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 19 April 2016 - 11:20 PM

Seriously guys this PC is worth like 2 thousand dollars why is this even a thing??? Please help me!!!!!



#3 al1963

al1963

  • Members
  • 892 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 19 April 2016 - 11:56 PM

@SnoopyDrew,

 

check one of the encrypted files here

http://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/
in order to determine the type of encoder, and whether it is possible for him to decrypt the moment or not.



#4 SnoopyDrew

SnoopyDrew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 20 April 2016 - 12:13 AM

It comes up as nemucod and when I try and run the decrypt_nemycod.exe it says 

 

The Decryptor Could Not determine a valid key for your system please drag and drop both an encrypted file as well as its unencrypted counterpart  onto the decryptor to determine the correct . Files need to be at least 510 bytes long 



#5 SnoopyDrew

SnoopyDrew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 20 April 2016 - 12:16 AM

Is my computer completely bleeped please tell me now because I am the most pissed I have ever been in my entire life. 



#6 SnoopyDrew

SnoopyDrew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 20 April 2016 - 12:24 AM

what the bleep is a decrypt and an encrypt I am scared all my bleep is gone 



#7 SnoopyDrew

SnoopyDrew
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 20 April 2016 - 01:43 AM

Can somebody please explain to me what is going on and how I can fix this. I feel like this community does not even bother to try and help me. What exactly is the problem and how do I fix it? From the reading I have done on here it seems like there is no fix for this problem. How can people even get away with something like this. I have never come in contact with anything this elaborate when it comes to malware or adware. If somebody can give me an answer it would be amazing or if somebody could just help me fix this it would be amazing. I do web design and work online so I do not have time to deal with something like this right now. If my computer gets destroyed or if my files get deleted I will be one hundred percent screwed, PLEASE FOR THE LOVE OF GOD SOMEBODY HELP ME. 



#8 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 20 April 2016 - 03:29 AM

Hello SnoopyDrew.

 

It is quite normal that it takes a few hours to get answers on forums. No one is ignored here. The ransom note looks indeed like Nemucod Ransomware. The known versions of this ransomware could be decrypted by our team.

 

The decrypter might not work for various reasons:

  1. The files that you submitted to the decryption tool are not large enough.
  2. The files that you submitted to the decryption tool are not matching. You need to submit one encrypted and one unencrypted version of a file.
  3. Your system could be infected with a new version of the ransomware, making the decrypter obsolete. It is not sure that the files can be decrypted if that is the case.
  4. Your system might be infected by another ransomware that just happens to use the same ransom note as Nemucod.

For the 3. and 4. case we need a submission of the ransomware itself. Nemucod Ransomware typically arrives via email attachment on the system. You may also check your recent emails for any suspicious attachments. Submit any suspicious files here. Nemucod also has a support topic here.

 

You should also make sure that the computer is clean, before you decrypt any files. Otherwise they might become encrypted again in case the ransomware is still active.

 

Please create a thread in the forum Virus, Trojan, Spyware, and Malware Removal Logs. The experts will help you to find and submit the ransomware sample from your system for analysis, and to clean the system from any infections.

 

Marie Curie


Edited by Curie, 20 April 2016 - 04:29 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,900 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:23 AM

Posted 20 April 2016 - 06:22 AM

It comes up as nemucod

If you need individual assistance only with removing the malware infection, follow the instructions provided by Curie.

For anything else...there is an ongoing discussion in this topic where you can ask questions and seek further assistance.From the above topic...decryptor solution is provided by Fabian Wosar in Post #69...Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in the above support topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users