Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ACCDFISA v2.0 Ransomware Support Topic - filename(!! to get password email id *id* to *email* !!).exe/.rar


  • Please log in to reply
224 replies to this topic

#31 norzagaray

norzagaray

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 06 July 2016 - 01:39 AM

Hi,

 

I have problems with this rasomware is encrypted my data like this:

 

 

 

BK0308.ZIP(!! to get password email id 895638026 to auinfo16@gmail.com !!)

 

 

Please reference this case SHA1: c9ba739eb7b9a73928b0c467ed7d4acf861f5b6e

 

please if can help me 

 

thanks



BC AdBot (Login to Remove)

 


m

#32 elyogui

elyogui

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 07 July 2016 - 11:07 AM

Good morning Demonslay335, has been unable to find any solution for variant Ransomware encrypts in .rar?.
regards


#33 Comics

Comics

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 11 July 2016 - 08:47 AM

Just wondering if anyone had any sucess on this ?



#34 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:23 AM

Posted 11 July 2016 - 08:05 PM

I believe we are still hunting for a proper sample of this ransomware to analyze. If you can find any malicious files, please submit them here: http://www.bleepingcomputer.com/submit-malware.php?channel=168


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#35 elyogui

elyogui

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 11 July 2016 - 11:53 PM

Demonslay335

 

Send another file, if I can get another required.
 
regards


#36 bru_martins

bru_martins

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 12 July 2016 - 06:25 AM

Hello,

 

I submited a file using the link above.

 

I hope you receive and help me .

 

Thanks



#37 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:23 AM

Posted 12 July 2016 - 08:08 AM

Hello,

 

I submited a file using the link above.

 

I hope you receive and help me .

 

Thanks

 

We need the malware file(s), we cannot do anything with the encrypted files until we have analyzed the ransomware itself. Scan your system with MalwareBytes and HitmanPro if your antivirus did not quarantine it. Try to find out where you got it from, such as an email attachment or download from a website.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#38 SVQ

SVQ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 12 July 2016 - 01:12 PM

Hello,

 

I have the same virus, i lost information for ten years.

 

I tried to recover whit Stellar Phoenix, Easy Recovery and the files I recovered are corrupted.

 

Some files dissapears and other changed to a exe. When open the exe show (!! to get email id password 1xxxxxx9 to auinfo16@gmail.com !!).

 

Are there some program to extract the password for the exe file?

 

I need your help.



#39 SVQ

SVQ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 13 July 2016 - 01:38 PM

Hello,

 

Can you help me ?

 

 

 

Thank



#40 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:23 AM

Posted 13 July 2016 - 02:34 PM

@SVQ

We need the malware file(s), we cannot do anything with the encrypted files until we have analyzed the ransomware itself.

Samples of any suspicious executables (installer, malicious files) that you suspect were involved in causing the infection can be submitted here (http://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. Doing that will be helpful with analyzing and investigating by our crypto experts as noted by Demonslay335.

These are some common locations malicious executables hide:
%SystemDrive% (C:\)\<random>.exe
%SystemRoot% (C:\Windows)\<random>.exe
%Temp%\<random>.exe
%AppData%\<random>.exe
%LocalAppData%\<random>.exe
%ProgramData%\<random>.exe
%WinDir%\<random>.exe
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#41 zebong

zebong

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 July 2016 - 04:14 AM

Hello guys,

 

i have upload a file and have this   SHA1

What should i do next ?

 

Thank you

Best Regards,

 

Please reference this case SHA1: 406dc5539ee1af00542047bbd4d03718afdab2d9



#42 diegorot

diegorot

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 15 July 2016 - 03:54 AM

People infected by this ransomware, do you know the attack vector of this ransomware?


Edited by diegorot, 15 July 2016 - 04:27 AM.


#43 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:23 AM

Posted 15 July 2016 - 04:16 AM

:step2: in this topic which explains the most common methods Crypto malware and other forms of ransomware is typically delivered and spread.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#44 diegorot

diegorot

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 15 July 2016 - 04:23 AM

:step2: in this topic which explains the most common methods Crypto malware and other forms of ransomware is typically delivered and spread.

OK, thanks for the link, but I mean the particular vector in this case and the specific information. Eg the mail sender, subject, file type of the ransomare (js, exe), etc.



#45 SVQ

SVQ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 PM

Posted 15 July 2016 - 11:33 AM

Hello,

 

I sent to Dr Web some files located iin hiden folders n c:\Programdata who named numbres and letters, and trere is a exe (svchots.exe).

 

This is the link https://support.drweb.com/process/?ticket=WW8Q-99BQ

 

they said me is not posible to decrypt thr files.

 

Do you know another method?

 

I think about a zip or rar password extractor, I try whith spme of these, but dont recognize the format.

 

I find in the web that this virus is like a the virus called "anti porn child spam", of 2013.

 

I think that somebody found a solutions in this time...

 

I´m waiting for your reply.

 

Thank you....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users