Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS / TrojanDownloader.Nemucod.EBG (encript .pdf and .doc as .jse and 976kb)


  • Please log in to reply
2 replies to this topic

#1 TaniaMLG

TaniaMLG

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 10 August 2018 - 06:21 AM

Hi. I have a big problem with a new JS / TrojanDownloader.Nemucod.EBG Ransomware that encrypts the files with extension .jse and 976kb. I have consulted online, but I have not found a solution to decrypt. I think it's a new variant of Nemucod. Does anyone have any information to help me?

 

ID Ransomware

SHA1: ab6833fd83c4eb77170b6159f66b2dc180eec272

 

There was no ransom note.

 

Tania (Málaga, Spain)

 

Thank you very much.


Edited by TaniaMLG, 10 August 2018 - 07:33 AM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 PM

Posted 10 August 2018 - 08:47 AM

It's probably going to be impossible to identify without the ransom note or the malware itself. Do you have the malware? What is being detected as TrojanDownloader.Nemucod.EBG? Unfortunately, Nemucod is actually a downloader, so it isn't always delivering its own ransomware variant, and has been seen distributing other ransomwares.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 TaniaMLG

TaniaMLG
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 10 August 2018 - 10:38 AM

It's probably going to be impossible to identify without the ransom note or the malware itself. Do you have the malware? What is being detected as TrojanDownloader.Nemucod.EBG? Unfortunately, Nemucod is actually a downloader, so it isn't always delivering its own ransomware variant, and has been seen distributing other ransomwares.

 

It was detected by Eset Antivirus as Nemucod EBG and in memory of Windows 10 was the "spec" process. The.virus was an executable file "b.jse". Right now I only have an encrypted file and its original unencrypted for the composition. I will try to get the file that was downloaded in an email and triggered all the infection. In the company of Nemucod also came another generic-Malware that filled the temporary file folder with .nbc extension. In addition, in the attack, Eset blocked the IP 185.209.160.50, with geolocation in Moscow. I did not see any screen or ransom note.
 
Thank you very much for answering,, Demonslay335

Edited by TaniaMLG, 10 August 2018 - 10:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users