Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File with extension .a780


  • This topic is locked This topic is locked
14 replies to this topic

#1 anti_cor

anti_cor

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 03:08 AM

Hi friends have infected my computer ransom virus and I can not find the version name extensions .a780 and readme.hta dumb ransom payment links can not help what I need to do. Attached files

 

 

 

I set the password because it perceives it as a virus: 1

https://yadi.sk/d/V6p1MeSd3KuBo5

 

 

 

Hi friends have infected my computer ransom virus and I can not find the version name extensions .a780 and readme.hta dumb ransom payment links can not help what I need to do. Attached files



BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 03:57 AM

Hi. Throw also on YandexDisk only the ransom notes:

readme.hta 

readme.txt
Only unchanged. I'll take a look.

Edited by Amigo-A, 10 July 2017 - 04:56 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 04:04 AM

Encrypt and decrypt the file as rar readme.txt and the encrypted file

http://www.uyarbilisim.net/c.php

 

Encrypt and decrypt the file as rar readme.txt and the encrypted file

http://www.uyarbilisim.net/c.php

 


#4 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 04:08 AM

It is very similar to the new Cerber

 

But for some reason you have the name of the ransom notes without additives.


Edited by Amigo-A, 10 July 2017 - 04:56 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#5 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 04:18 AM

Yes there seems to be a solution as extension



#6 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 04:20 AM

Ransom payment link is not working, could you try link below

http://ffoqr3ug7m726zou.onion/F28C-B309-3E04-0314-BF25

Ransom payment link is not working, could you try link below



#7 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 04:26 AM

You need to open the address in the Tor browser. If it does not open, then it means there is a blocking your region.


Edited by Amigo-A, 10 July 2017 - 04:56 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#8 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 04:30 AM

Tor I tried to connect with the browser I can not do anything related to the obstacle I did not try to go out with ultrasurf what should i do



#9 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 04:35 AM

The name of the extension in this case is not specific.
It can be any four characters. Now this letter "a" at the beginning. Then there will be another.

Edited by Amigo-A, 10 July 2017 - 04:56 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#10 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 04:41 AM

Can you try to open the connection did not open the door to the disabled in turkey



#11 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 04:52 AM

At me this site too does not open. It long spins on the connection.
Connecting to this site you will not get anything. If only you have will paying a ransom.

 

http://imgur.com/a/RRO3O


Edited by Amigo-A, 10 July 2017 - 05:06 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#12 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 05:08 AM

This is Cerber Ransomware. Your Url - since last year
http://www.broadanalysis.com/2016/10/15/rig-exploit-kit-via-eitest-delivers-cerber-ransomware-from-109-234-34-247/

 

He has a lot of malicious campaigns. Apparently this reached Turkey now.


Edited by Amigo-A, 10 July 2017 - 05:14 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#13 anti_cor

anti_cor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 July 2017 - 05:13 AM

Yes virus infectious date 15.10.2016 What should I do if the links are not clear



#14 Amigo-A

Amigo-A

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:30 PM

Posted 10 July 2017 - 05:16 AM

I think that only wait, when it will be possible to decrypting.


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:30 AM

Posted 10 July 2017 - 06:22 AM

Unfortunately, there is still no known way to decrypt files encrypted by Cerber v2/v3 or newer v4x/v5x and CRBR Encryptor variants which use 10 random characters with a random 4 character hexadecimal extension (i.e. 1xQHJgozZM.b71c) without paying the ransom. If possible, your best option is to restore from backups.

There is an ongoing discussion in this topic victims you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.When or if a decryption solution is found, that information will be provided in that support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users