Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware ziptox1


  • Please log in to reply
7 replies to this topic

#1 vcesar

vcesar

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 January 2017 - 11:00 AM

Good day to everyone in this community, a virus has entered my computer with termination ziptox1 says to contact mendizol@india.com, any possibility of retrieving the information?



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:13 AM

Posted 08 January 2017 - 11:09 AM

You need to find an encrypted and original version of the same file (it can be a file you downloaded, a file from a program, windows default pictures e.t.c.). The file size will be identical, and you only need one file pair for this. You can then download this decrypter and drag and drop both files onto it to decrypt all your files.
 
If you have any issues, upload the file pair you are using to here and I'll take a look.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 vcesar

vcesar
  • Topic Starter

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 January 2017 - 11:37 AM

I just uploaded a sample file


Edited by vcesar, 08 January 2017 - 11:42 AM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:13 AM

Posted 08 January 2017 - 11:50 AM

They need to be at least 65 KB in size, so you need a bigger file pair.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 vcesar

vcesar
  • Topic Starter

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 January 2017 - 12:08 PM

Hello, I just uploaded 2 files with name: PasosParaActualizarDllCargueFacturasISiigo.doc



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:13 AM

Posted 08 January 2017 - 12:24 PM

Hello, I just uploaded 2 files with name: PasosParaActualizarDllCargueFacturasISiigo.doc

Did you follow my instruction in my first post with that file pair? It generates a key for me.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 vcesar

vcesar
  • Topic Starter

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 January 2017 - 01:36 PM

Yes thank you very much



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:13 AM

Posted 12 January 2017 - 10:05 AM

Yes thank you very much

Were you able to decrypt your files? :)

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users