Hi, one of my clients has got a pc infected. Not sure how it has got on here.
Malwarebytes found Hack.Tool.MImikatz located in C:/users\USER\documents\win32\mimikatz.exe and X64\Mimikatz
I also found ProcessHacker 2.39 folder/files in the download folder.
The file that opens on the screen says the following
Your documents, photos, databases, and other important data has been encrypted.
Data recovery requires a decoder.
To restore information write to technical support by email@example.com, in case of no answer in 24, write to firstname.lastname@example.org
*Do not attempt to remove the program or run the anti-virus tools
*Attempts to self-decrypting files will result in the loss of your data
*Decoders are not compatible with other users of your data, because each user's unique encryption key
File encrypted are called this for example
I have some original files if required.
Can I decrypt?
What tool will make sure this malware is gone?
What I have tried so far
- Ran CryptXXX 3.0 Kaspersky but it says "Encryption file not equal to original"
Edited by rhys100, 11 September 2017 - 10:56 PM.