Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New Industrial Spy stolen data market promoted through cracks, adware

Featured Deal: Build a training library with this lifetime training bundle deal

Generic User Avatar

JS / TrojanDownloader.Nemucod.EBG (encript .pdf and .doc as .jse and 976kb)

Started by TaniaMLG , Aug 10 2018 06:21 AM

  • Please log in to reply
2 replies to this topic

#1 TaniaMLG

TaniaMLG

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:02:48 AM

Posted 10 August 2018 - 06:21 AM

Hi. I have a big problem with a new JS / TrojanDownloader.Nemucod.EBG Ransomware that encrypts the files with extension .jse and 976kb. I have consulted online, but I have not found a solution to decrypt. I think it's a new variant of Nemucod. Does anyone have any information to help me?

 

ID Ransomware

SHA1: ab6833fd83c4eb77170b6159f66b2dc180eec272

 

There was no ransom note.

 

Tania (Málaga, Spain)

 

Thank you very much.


Edited by TaniaMLG, 10 August 2018 - 07:33 AM.

BC AdBot (Login to Remove)

 

#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Avatar image
  • Security Colleague
  • 4,748 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:06:48 PM

Posted 10 August 2018 - 08:47 AM

It's probably going to be impossible to identify without the ransom note or the malware itself. Do you have the malware? What is being detected as TrojanDownloader.Nemucod.EBG? Unfortunately, Nemucod is actually a downloader, so it isn't always delivering its own ransomware variant, and has been seen distributing other ransomwares.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 TaniaMLG

TaniaMLG
  • Topic Starter

  • Avatar image
  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:02:48 AM

Posted 10 August 2018 - 10:38 AM

It's probably going to be impossible to identify without the ransom note or the malware itself. Do you have the malware? What is being detected as TrojanDownloader.Nemucod.EBG? Unfortunately, Nemucod is actually a downloader, so it isn't always delivering its own ransomware variant, and has been seen distributing other ransomwares.

 

It was detected by Eset Antivirus as Nemucod EBG and in memory of Windows 10 was the "spec" process. The.virus was an executable file "b.jse". Right now I only have an encrypted file and its original unencrypted for the composition. I will try to get the file that was downloaded in an email and triggered all the infection. In the company of Nemucod also came another generic-Malware that filled the temporary file folder with .nbc extension. In addition, in the attack, Eset blocked the IP 185.209.160.50, with geolocation in Moscow. I did not see any screen or ransom note.
 
Thank you very much for answering,, Demonslay335

Edited by TaniaMLG, 10 August 2018 - 10:41 AM.

Back to Ransomware Help & Tech Support


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·