Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nozelesn Ransomware Support & Help Topic (.nozelesn, HOW_FIX_NOZELESN_FILES.htm)


  • Please log in to reply
59 replies to this topic

#1 Viteknt

Viteknt

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 02 July 2018 - 04:30 AM

Hello, I'm new here and I have problem with my files. A lot of them have end of name ".nozelesn".  I try to check files by ID Ransomware site but here its nothing helpful to solve problem. Anyone have problem too with nozelesn and know any program to take my files back?

BC AdBot (Login to Remove)

 


#2 thyrex

thyrex

  • Members
  • 582 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:09:26 AM

Posted 02 July 2018 - 04:40 AM

Please upload few encrypted files and ransom note onto https://sendspace.com and send download link

Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#3 Wisnia

Wisnia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:26 AM

Posted 02 July 2018 - 05:48 AM

Hi, I have same problem.

One of infected files:

https://www.sendspace.com/file/ll0wi6

 

If you need some more- just let me know.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:26 AM

Posted 02 July 2018 - 06:57 AM

... I try to check files by ID Ransomware site but here its nothing helpful to solve problem. Anyone have problem too with nozelesn and know any program to take my files back?

If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.

Example screenshot:
2016-07-01_0936.png
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Viteknt

Viteknt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 02 July 2018 - 07:15 AM

My files in RAR : https://www.sendspace.com/file/37ra97

 

Now i try one more time check files on ID site and I have reply : "This ransomware is still under analysis" .



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 02 July 2018 - 09:10 AM

We are looking into this ransomware now. Any idea how you became infected and if you still have sample of the ransomware executable?

#7 Wisnia

Wisnia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:26 AM

Posted 02 July 2018 - 04:32 PM

I have no idea how my laptop became infected. It's my "second" laptop, using from time to time. Last was I have in my dowload history is word press exe file plus some invoices (downloaded from satellic.be), so I'm 99% sure that's not the reason.

Is there any way to find the ransomware executable any suggestion how to start or sth like it?

 

Edit 2:

No all files on my hard driver are encrypted,


Edited by Wisnia, 02 July 2018 - 04:50 PM.


#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:26 AM

Posted 02 July 2018 - 04:53 PM

@Wisnia

 

You say you have a "wordpress.exe"? Can you upload that to this link please? http://www.bleepingcomputer.com/submit-malware.php?channel=168

 

WordPress is a PHP software, which is why having a Windows executable for it is very suspicious. WordPress never distributes executables (or anything with .exe extension), so it's definitely going to be a Trojan of some sort at the least.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 Wisnia

Wisnia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:26 AM

Posted 02 July 2018 - 04:59 PM

Sorry, my mistake. You, are right- that wasn't .exe file. I have download the .zip file from: https://pl.wordpress.org/txt-download/



#10 Viteknt

Viteknt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 03 July 2018 - 02:53 AM

Yesterday I use a SpyHunter and found script called sk32.jse . That's the problem

 

https://zapodaj.net/e9b76aee9f363.png.html


Edited by Viteknt, 03 July 2018 - 02:53 AM.


#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 03 July 2018 - 09:17 AM

Do you still have that script that you can send us?

#12 Wisnia

Wisnia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:26 AM

Posted 03 July 2018 - 03:37 PM

Screen with my SpyHunter result:

https://zapodaj.net/8c05786c53a44.png.html

 

Uploaded file:

https://www2.zippyshare.com/v/eMKOlQbO/file.html



#13 naplesc

naplesc

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 03 July 2018 - 04:00 PM

Got one here in FL. Spread through network share. Shadow copies disabled. I have some of the same files clean and infected if it helps.



#14 schester

schester

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 03 July 2018 - 05:02 PM

Just got a call from a business in California. They are being asked for .5 bitcon. Trying a revert from Shadow copies from this morning - already started it before I thought about copying any files out.

 

The source is unknown from their network, but it seems to have gone through two mapped network drives. It doesn't seem to have impacted shared folders that were not mapped (that I have seen yet).



#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:26 AM

Posted 03 July 2018 - 05:31 PM

How about software cracks? Anyone encounter this ransomware after installing a crack?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users