Help! dharma extension ransomware

December 7, 2016, 4:57 am

≫ Next: .Crypted Nemucod

≪ Previous: VB100 results award Emsisoft high detection with no false positives

$

0

0

Hi, all my files were encrypted to .dharma, here's the result files.

 

Thanks.

Attached Files

•  Addition.txt   38.51KB   0 downloads
•  scan_161207-060017.txt   1.62KB   0 downloads
•  FRST.txt   64.41KB   0 downloads

---

.Crypted Nemucod

December 7, 2016, 12:06 pm

≫ Next: Application.AdReg (A) - what is it and how to remove?

≪ Previous: Help! dharma extension ransomware

$

0

0

Hello,

 

My files are currently locked by ransomware. 

 

.crypted / nemecod

 

The start of it all was from trojan:win32/Kovter!rfn virus. I have no shadow copies of the files. How would I go about decrypting my files? Thanks in advance on any support or tips.

 

Also, I was just left with a decrypt.txt file on my desktop.

Application.AdReg (A) - what is it and how to remove?

December 7, 2016, 1:14 pm

≫ Next: system infected with ransomware

≪ Previous: .Crypted Nemucod

$

0

0

Greetings,

 

Upon my normal Emsisoft Anti-Malware scan I disocvered the detection of Application.AdReg (A). I promptly looked it up online, and found all sorts of answers regarding what it is, if it is a risk and how to remove it, from no risk at all to Trojan virus etc.

 

Hopefully your experts can give me some answers, and by that, some peace of mind, with regard to how I should proceed regarding this issue.

 

I have attached files per your forum instructions, and look forward to hearing from you.

 

Thank you in advance for your help.

 

 

Best regards,

 

The Cellarer

Attached Files

•  Addition.txt   49.68KB   1 downloads
•  FRST.txt   60.44KB   1 downloads
•  Emsisoft Emergency Kit log.txt   1.09KB   1 downloads

system infected with ransomware

December 7, 2016, 5:20 pm

≫ Next: Another Apocalypse Variant Through RDP?

≪ Previous: Application.AdReg (A) - what is it and how to remove?

$

0

0

Please help!  I have attached the files requested.

 

Best Regards,

 

John Glaab

 

*email address removed by moderator to avoid member being spammed

Attached Files

•  Addition.txt   57.82KB   1 downloads
•  scan_161206-151910.txt   1.12KB   1 downloads
•  FRST.txt   69.43KB   1 downloads

Another Apocalypse Variant Through RDP?

December 8, 2016, 2:35 am

≫ Next: Another possible RDP Attack

≪ Previous: system infected with ransomware

$

0

0

Hi, looks like we have had a server compromised through RDP, I don't suppose they left any keys lying around?? Thanks for any help in advance.

 

Cheers.

 

 scan_161208-211744.txt   2.54KB   1 downloads

 FRST.txt   52.91KB   1 downloads

 Addition.txt   26.71KB   1 downloads

 DBCE17647B35F3A842D442D8A0FBE538C0.TXT   1.38KB   0 downloads

 Encrypted File.zip   5.5MB   0 downloads

 Unencrypted Copy.zip   5.48MB   0 downloads

Another possible RDP Attack

December 8, 2016, 4:46 am

≫ Next: ZZZZ VIRUS HAS INFECTED...ITS A CRYPTOWARE...ALL PICTURES ARE ENCRYPTED ..PLEASE HELP

≪ Previous: Another Apocalypse Variant Through RDP?

$

0

0

Another possible rdp attack on a server, its encrypted the sql files and I need help urgently.

 

Have attached one of the infected files and the txt file, can;t upload normal file as they are over 1Gb in size.

 

Any pointers or any help would be appreciated.

 

 

Attached Files

•  96AD45BCCDE1140B454842205B4C569EC0.TXT   1.38KB   0 downloads
•  master201606080100.zip.ID-65E14DD3GBcryptservice@inbox.ru.zip   408.5KB   0 downloads

ZZZZ VIRUS HAS INFECTED...ITS A CRYPTOWARE...ALL PICTURES ARE ENCRYPTED ..PLEASE HELP

December 8, 2016, 10:36 am

≫ Next: .Dharma Crypto Variant - I have a working KEY

≪ Previous: Another possible RDP Attack

$

0

0

DEAR SIR

 

THE TORPROJECT.COM MALWARE WHICH ENCRYPTS ALL MY DATA HAS INFECTED MY PC.

 

EVERYTHING IS JUST ENCRYPTED.

 

PLEASE HELP ME TO REMOVE THIS.

 

FOLLOWING ARE THE SCAN REPORTS

 

 

 

AWAITING YOUR REPLY 

 

THANKS

 

ENAMBHATKAR  Addition.txt   69.39KB   0 downloads  FRST.txt   63.62KB   0 downloads  scan_161208-200814.txt   34.03KB   0 downloads

 

 

 

.Dharma Crypto Variant - I have a working KEY

December 8, 2016, 3:08 pm

≪ Previous: ZZZZ VIRUS HAS INFECTED...ITS A CRYPTOWARE...ALL PICTURES ARE ENCRYPTED ..PLEASE HELP

$

0

0

Hello World ! , I work for a MSP/SOC, One of our customers has been severely infected across a large file share server that has poisoned their Ability to work, The customer is a non profit adoption organization based out of the West Coast. As of now Our company has paid for the 9000~$ (12BTC) ransom for this company as they could not afford to pay. However, as of now, they have managed to compromise approximately 17TB's worth of data. The Ransomware " Support" as we will refer to them as temporarily, Had provided me with a Decryptor and a key to decrypt the files with that I am currently in possion of, and was able to use to free up approximately 10TB's of data, However it appears there is still a TON of data that needs decrypted, Due to what appears to be a " Logic Bomb" as I will call it for the time being, it appears some kind of integer or time frame was allowed on this specific decrypor they provided to prevent us from using it after a period of time or switch was flipped. and is now requesting more money, ( Approximately 10 more bitcoins ) again thats too much money. I attempted to use the EMSISoft Decrypter with the private key provided to us However it does not appear to allow us to use this (feature does not appear to allow us for use) If i can provide or work with your team to develop a new decryptor for this it can be mutually beneficial to us all I will go ahead and attach the key for this ransomware, and a copy of the infected file, as well as any other supporting documentation that you will need. Please do to not hesitate to call me, I have sent my phone number with this same post to Support@emsisoft.com I would love to help out the community and our customers were possible by helping the cause to crack down on these cryptographers Ron Ratliff, A+, Net +, CCNA,C|EH, MCP

---