Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JuicyLemon Ransomware Help & Support Topic (support@juicylemon.biz)


  • Please log in to reply
54 replies to this topic

#1 xboxman

xboxman

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 28 May 2016 - 12:18 PM

hi can anyone please help got a virus and it has encryted all my files i uploaded to id ransomeware and it said unable to determine ransomeware thanks for any help

Please reference this case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3 

this is one of the many text files all the same

Read me now !.txt

Hello! We inform you that all, absolutely all of your files are encrypted!

But do not despair. Decryption is not possible without our help,

our help is not free and costs a certain amount of money.

To begin the process of recovery your files you need to write us an email, attaching an example of an encrypted file.

- Our contacts for communication:

- Primary email: support@juicylemon.biz

- Additional email: provectus@protonmail.com

- Bitmessage:  BM-NBRCUPTenKgYbLVCAfeVUHVsHFK6Ue2F      

How To Use Bitmessage see

We encourage you to contact us for all three contacts!

- Very important:

Do not try to decrypt files by third-party decoders otherwise you will spoil files !

Be adequate in dealing with us and we will solve your problem.

 

 

and this is what it has put on the end of all my files  .id-778215456_


Edited by xboxman, 28 May 2016 - 12:24 PM.


BC AdBot (Login to Remove)

 


m

#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:30 AM

Posted 28 May 2016 - 12:23 PM

This is something relatively new, and we are currently investigating. We have a few samples of encrypted files and the same ransom note.

 

If you can find any samples of the malware, we will need it for analysis. You may submit any suspicious or malicious files here: http://www.bleepingcomputer.com/submit-malware.php?channel=168


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 28 May 2016 - 01:23 PM

 

 

This is something relatively new, and we are currently investigating. We have a few samples of encrypted files and the same ransom note.

 

If you can find any samples of the malware, we will need it for analysis. You may submit any suspicious or malicious files here: http://www.bleepingcomputer.com/submit-malware.php?channel=168

hi thanks for your quick reply i do not know what program or file did this and where to find it any clues what to use to find it and i will once again thanks for your help and time



#4 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2016 - 05:21 AM

if anyone could advice me where to look for the malware or a file or log that may of recorded what happen i am on windows xp pro version 2002 service pack 3 thanks for any ideas or help



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:30 AM

Posted 29 May 2016 - 05:49 AM

Most crypto malware (ransomware) typically will run under the security level of the user....it will run on non-admin accounts under the same privileges as the infected user and encrypt any files that are accessible to that user. If the user can write to a file then the ransomware will be able to encrypt it. Encrypted files typical keep the original owner that was logged in when the infection was contracted. Right-clicking on a ransome note, choosing Properties > Details tab should identify the file owner and computer/workstation.

Crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. As such, they don't know how long the malware was on the system before being alerted or if other malware was installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes Anti-Malware and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2016 - 06:19 AM

 

 

Most crypto malware (ransomware) typically will run under the security level of the user....it will run on non-admin accounts under the same privileges as the infected user and encrypt any files that are accessible to that user. If the user can write to a file then the ransomware will be able to encrypt it. Encrypted files typical keep the original owner that was logged in when the infection was contracted. Right-clicking on a ransome note, choosing Properties > Details tab should identify the file owner and computer/workstation.

Crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. As such, they don't know how long the malware was on the system before being alerted or if other malware was installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes Anti-Malware and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

ok i will try all that thanks for your help and time



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:30 AM

Posted 29 May 2016 - 06:21 AM

You're welcome and good luck.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2016 - 06:48 AM

 

 

You're welcome and good luck.

once again thankyou for your help and time could i please ask you if i put this in the right place= Please reference this case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3

has i ended up here by id ransomeware sending me here to put this case number up i was not sure if i should have put it in the title or just in the post which i did thanks



#9 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 29 May 2016 - 07:31 AM

 

hi i have gone and done all that started a new post up on Virus, Trojan, Spyware, and Malware Removal Logs  titled all files on hard drive encryted and some on pc before stopped with the same case number what was given to me case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3 once again thanks for all your time and help



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:30 AM

Posted 29 May 2016 - 04:33 PM

...Please reference this case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3

has i ended up here by id ransomeware sending me here to put this case number up i was not sure if i should have put it in the title or just in the post which i did thanks

Posting it here should be sufficient....we don't have any in topic titles.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 May 2016 - 03:34 AM

 

 

 

...Please reference this case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3

has i ended up here by id ransomeware sending me here to put this case number up i was not sure if i should have put it in the title or just in the post which i did thanks

Posting it here should be sufficient....we don't have any in topic titles.

 

once again thankyou



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:30 AM

Posted 30 May 2016 - 04:48 AM

You're welcome.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 May 2016 - 06:39 AM

 

 

This is something relatively new, and we are currently investigating. We have a few samples of encrypted files and the same ransom note.

 

If you can find any samples of the malware, we will need it for analysis. You may submit any suspicious or malicious files here: http://www.bleepingcomputer.com/submit-malware.php?channel=168

hi i found 3 files i am not sure if they are anything but the three folders these files where in are all encrypted except these files i will send all three one at a time thanks



#14 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 30 May 2016 - 06:41 AM

i have sent the three .exe files to  here  http://www.bleepingcomputer.com/submit-malware.php?channel=168 thanks



#15 luigi84

luigi84

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 30 May 2016 - 09:25 AM

same problem since today :-(






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users