Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ransomware DMALocker byte pattern !Encrypt!##

  • Please log in to reply
2 replies to this topic

#1 JakaDolenec


  • Members
  • 2 posts

Posted 25 May 2017 - 12:38 PM

Our Windows server was attacked by Ransomware DMALocker.


All of files and database backups where encrypted with byte pattern !Encrypt!##   .


We found cryptinfo.txt, date_1.txt, start.txt, svchosd.exe under C:/ProgramData






Is there any chance to decrypt the encrypted files or is better to pay? We need database files to get instance in running mode. 


Thanks for replay



BC AdBot (Login to Remove)


#2 xXToffeeXx


    Bleepin' Polar Bear

  • Malware Response Instructor
  • 6,087 posts
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:19 AM

Posted 25 May 2017 - 01:32 PM

Please upload the svchosd.exe to VirusTotal and post the results link in your reply.



~If I am helping you and you have not had a reply from me in two days, please send me a PM~


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here


 ~Twitter~ | ~Malware Analyst at Emsisoft~

#3 JakaDolenec

  • Topic Starter

  • Members
  • 2 posts

Posted 25 May 2017 - 01:49 PM



result of svchostd.exe



Kind regards

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users