Pages:
Author

Topic: DELETE ME PLEASE - page 2. (Read 1010 times)

member
Activity: 118
Merit: 11
March 11, 2018, 05:24:14 AM
#37
So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file. Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat  Grin
legendary
Activity: 1624
Merit: 2481
March 11, 2018, 05:09:27 AM
#36
I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?

Ransomware is coded to encrypt the whole HD (somtimes: except from a few directories to still show desktop, ransom notice, etc.. ).
Usually there are no unencrypted files anywhere on the hard drive left.

Since recuva is a software to restore deleted[1] files, this unfortunately can't work out.


[1] deleted in terms of removed from the trash bin, but not yet overwritten on the HD.
member
Activity: 118
Merit: 11
March 11, 2018, 04:39:06 AM
#35
I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
This would be your decoded QR file, right?
https://imgur.com/a/uR1lN
newbie
Activity: 13
Merit: 5
March 11, 2018, 12:22:43 AM
#34
It seems you have a lot of people professing they can solve your problem but the fact of the matter is that most ransomware viruses generate special keys per infected user usually something like (public key + master key) = decrypt files. most of the time the time these ransomware programs are impossible to decrypt unless there keys have been confiscated by authorities. I was surprised that google showed virtually nothing for igza4c as this seems to be there file extension. do you recall anything else around the time of infection such as a screen locker any relevant pictures or even a brand such as (coinvault) ?
newbie
Activity: 1
Merit: 0
March 10, 2018, 11:23:12 PM
#33
Hi just went through ur post mayb I can help u . But not here start with email and on email we will share our numbers then we will start decrypting
Regards
Chandan
[email protected]
newbie
Activity: 2
Merit: 0
March 10, 2018, 04:46:02 PM
#32
can you upload more encrypted files except your wallet without renamed it (3 or 5 encrypted files)
member
Activity: 350
Merit: 13
March 10, 2018, 04:28:19 PM
#31
May I ask why you didn't use the offered one free decrypt on your wallet?
Instead you upload a QR image? Huh
newbie
Activity: 1
Merit: 0
March 10, 2018, 06:38:54 AM
#30
I can help you. The encryption on this is weak. Email me at [email protected]
jr. member
Activity: 41
Merit: 10
March 10, 2018, 04:50:15 AM
#29
You should provide a file that is not allready cracked and downloadable for each one on the .onion site.
Each dork can download the decrypted .png file (http://igza4c6icqzboodb.onion/tmpdwn/Q7Lh4Rqr.png.iGZa4C.decrypt) and claim he has cracked it.

just my 2 cents.


jr. member
Activity: 107
Merit: 8
March 09, 2018, 07:53:31 PM
#28
If you do it pm me your email address

PM sent.
jr. member
Activity: 107
Merit: 8
March 09, 2018, 07:01:25 PM
#27
If this is the encryption used here, then i think you don't have a problem

https://imgur.com/a/1KX1j
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
March 09, 2018, 06:13:17 PM
#26
Don't deal with anyone or newbie except for higher ranks with neutral or positive trust.

Could you try this method?

First, you must show hidden files and folders by opening folder option,

Folder option can be found here, click start>use the search bar>type "folder option" without quote>click view tab

Now, change the "hidden files and folders" to show hidden files, folders and drive-off

Then scroll down and look for "Hide protected operating system files" then uncheck.

Now go to  C:\Users\admin\AppData\Roaming\Electrum\wallets

inside the folder, it must be your wallet.dat but the attributes still are hidden you can use the unhide tool.

Copy that wallet.dat into USB and use this tool http://ccm.net/download/download-24190-usb-show

open USB show then locate your USB to unhide the file.

Now you should have the wallet.dat unhide,

Note you must use a clean computer where you wanted to import your wallet.dat for safety purposes.

Hope this time your problem solve.

If not let me try to solve your problem via chrome remote desktop just pm me.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
March 09, 2018, 05:40:16 PM
#25
if only you've made several copies of your wallet.dat, this won't be happening
make multiple copies, rename them and store them in different places
or dump private keys in a text, zip encrypt it, hide it with inconspicuous name
anything could've helped you gain control back of your fund without paying the ransom
newbie
Activity: 39
Merit: 0
March 09, 2018, 03:01:53 PM
#24
I might be able to help.   shoot me an email [email protected], I need additional information.
jr. member
Activity: 56
Merit: 4
March 09, 2018, 02:52:16 PM
#23
@OP: There's something odd here - how were you notified by the attacker of the ransomware and receive instructions for payment?  Huh Undecided
It's highly improbable that you were sent an email. So what method was used to inform you??
newbie
Activity: 2
Merit: 0
March 09, 2018, 01:30:17 PM
#22
your encrypted file is only qr code of your address? LOL

https://prnt.sc/ip088v
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
March 08, 2018, 05:59:06 PM
#21
I experienced to remove encrypted files or infected PC with ransomware before I use 2 types of tools, one is kaspersky ransomware decryptor and the other one is Hiren's Proteus, which is paid version. I don't know if the free version of hiren's can remove the latest ransomware but you can try.

Try this first https://noransom.kaspersky.com/

There are different tools of decryptor in kaspersky and try them 1 by 1 because we don't know what type of ransomware you have.

You can try the hiren's for scanning your pc on bootable built in os and scan using avira and you must choose clean or fix only Do this at your own risk because if you choose to delete/remove some of your system files could be deleted that can affect your pc boot up.

You can download the free version of hiren's here https://www.hiren.info/pages/bootcd

But you need an extra usb flashdrive or cd to burn hiren's bootcd.

This tool is for technician only, but if you wanted to repair and remove viruses and malware to your pc this tool could help.

Honestly, I am using the hiren's proteus version which includes premium tools than a free version. However, you can try the free version.
copper member
Activity: 2268
Merit: 539
DGbet.fun - Crypto Sportsbook
March 08, 2018, 04:05:23 PM
#20
Turn your PNs on for "Newbies". i want to send you something.

no idea what this means




akes : The infected pc has been formatted .....

Nrcewker : https://ufile.io/sum9z  -- it was a png file of my QR code - same encryption just not my wallet if you can bring the QR code png back then u can do the same to wallet.

for complete decryption i need access to infected computer its not so easy as you think
jr. member
Activity: 41
Merit: 10
March 08, 2018, 03:30:57 PM
#19
Profile, than in the menu left, Personal Message Options, "allow Newbies to send you PNs".
jr. member
Activity: 41
Merit: 10
March 08, 2018, 03:17:20 PM
#18
Quote
My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.

The public key is written in every file (It is the Unique-ID). The Scammer will send him the Master-Key + the Software that reverse the encryption. The chance to Crack/Brutforce what ever is is almost zero



Pages:
Jump to: