Hi, A neighbor brought over his infected PC. It appears to be NEMUCOD-AES - signature red background screen, no extensions, similar decrypt.hta, etc. He was infected on July 4. I have *many* files: encrypted data files; DECRYPT.HTA ransom note; secmod.db, key3.db, cert8.db - all created July 4 at noon when he was hit. If anyone would like the files to play with, I am happy to upload them anywhere. I can't find anyone who has cracked this one yet so any help would be great.
Above is my original post.
Virus not standard Nemucod - decryupt_Nemucod did not work even though that appeared to be th signature.
I am uploading corrupted files, originals of the same files, ransom note, and all 3 .db files I found.