Topic: DELETE ME PLEASE - page 2. (Read 985 times)
So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file. Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat
I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
Ransomware is coded to encrypt the whole HD (somtimes: except from a few directories to still show desktop, ransom notice, etc.. ).
Usually there are no unencrypted files anywhere on the hard drive left.
Since recuva is a software to restore deleted[1] files, this unfortunately can't work out.
[1] deleted in terms of removed from the trash bin, but not yet overwritten on the HD.
I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
This would be your decoded QR file, right?
https://imgur.com/a/uR1lN
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
This would be your decoded QR file, right?
https://imgur.com/a/uR1lN
It seems you have a lot of people professing they can solve your problem but the fact of the matter is that most ransomware viruses generate special keys per infected user usually something like (public key + master key) = decrypt files. most of the time the time these ransomware programs are impossible to decrypt unless there keys have been confiscated by authorities. I was surprised that google showed virtually nothing for igza4c as this seems to be there file extension. do you recall anything else around the time of infection such as a screen locker any relevant pictures or even a brand such as (coinvault) ?
Hi just went through ur post mayb I can help u . But not here start with email and on email we will share our numbers then we will start decrypting
Regards
Chandan
[email protected]
Regards
Chandan
[email protected]
can you upload more encrypted files except your wallet without renamed it (3 or 5 encrypted files)
May I ask why you didn't use the offered one free decrypt on your wallet?
Instead you upload a QR image?
Instead you upload a QR image?
I can help you. The encryption on this is weak. Email me at [email protected]
You should provide a file that is not allready cracked and downloadable for each one on the .onion site.
Each dork can download the decrypted .png file (http://igza4c6icqzboodb.onion/tmpdwn/Q7Lh4Rqr.png.iGZa4C.decrypt) and claim he has cracked it.
just my 2 cents.
Each dork can download the decrypted .png file (http://igza4c6icqzboodb.onion/tmpdwn/Q7Lh4Rqr.png.iGZa4C.decrypt) and claim he has cracked it.
just my 2 cents.
Don't deal with anyone or newbie except for higher ranks with neutral or positive trust.
Could you try this method?
First, you must show hidden files and folders by opening folder option,
Folder option can be found here, click start>use the search bar>type "folder option" without quote>click view tab
Now, change the "hidden files and folders" to show hidden files, folders and drive-off
Then scroll down and look for "Hide protected operating system files" then uncheck.
Now go to C:\Users\admin\AppData\Roaming\Electrum\wallets
inside the folder, it must be your wallet.dat but the attributes still are hidden you can use the unhide tool.
Copy that wallet.dat into USB and use this tool http://ccm.net/download/download-24190-usb-show
open USB show then locate your USB to unhide the file.
Now you should have the wallet.dat unhide,
Note you must use a clean computer where you wanted to import your wallet.dat for safety purposes.
Hope this time your problem solve.
If not let me try to solve your problem via chrome remote desktop just pm me.
Could you try this method?
First, you must show hidden files and folders by opening folder option,
Folder option can be found here, click start>use the search bar>type "folder option" without quote>click view tab
Now, change the "hidden files and folders" to show hidden files, folders and drive-off
Then scroll down and look for "Hide protected operating system files" then uncheck.
Now go to C:\Users\admin\AppData\Roaming\Electrum\wallets
inside the folder, it must be your wallet.dat but the attributes still are hidden you can use the unhide tool.
Copy that wallet.dat into USB and use this tool http://ccm.net/download/download-24190-usb-show
open USB show then locate your USB to unhide the file.
Now you should have the wallet.dat unhide,
Note you must use a clean computer where you wanted to import your wallet.dat for safety purposes.
Hope this time your problem solve.
If not let me try to solve your problem via chrome remote desktop just pm me.
if only you've made several copies of your wallet.dat, this won't be happening
make multiple copies, rename them and store them in different places
or dump private keys in a text, zip encrypt it, hide it with inconspicuous name
anything could've helped you gain control back of your fund without paying the ransom
make multiple copies, rename them and store them in different places
or dump private keys in a text, zip encrypt it, hide it with inconspicuous name
anything could've helped you gain control back of your fund without paying the ransom
I might be able to help. shoot me an email [email protected], I need additional information.
@OP: There's something odd here - how were you notified by the attacker of the ransomware and receive instructions for payment? 
It's highly improbable that you were sent an email. So what method was used to inform you??
It's highly improbable that you were sent an email. So what method was used to inform you??
I experienced to remove encrypted files or infected PC with ransomware before I use 2 types of tools, one is kaspersky ransomware decryptor and the other one is Hiren's Proteus, which is paid version. I don't know if the free version of hiren's can remove the latest ransomware but you can try.
Try this first https://noransom.kaspersky.com/
There are different tools of decryptor in kaspersky and try them 1 by 1 because we don't know what type of ransomware you have.
You can try the hiren's for scanning your pc on bootable built in os and scan using avira and you must choose clean or fix only Do this at your own risk because if you choose to delete/remove some of your system files could be deleted that can affect your pc boot up.
You can download the free version of hiren's here https://www.hiren.info/pages/bootcd
But you need an extra usb flashdrive or cd to burn hiren's bootcd.
This tool is for technician only, but if you wanted to repair and remove viruses and malware to your pc this tool could help.
Honestly, I am using the hiren's proteus version which includes premium tools than a free version. However, you can try the free version.
Try this first https://noransom.kaspersky.com/
There are different tools of decryptor in kaspersky and try them 1 by 1 because we don't know what type of ransomware you have.
You can try the hiren's for scanning your pc on bootable built in os and scan using avira and you must choose clean or fix only Do this at your own risk because if you choose to delete/remove some of your system files could be deleted that can affect your pc boot up.
You can download the free version of hiren's here https://www.hiren.info/pages/bootcd
But you need an extra usb flashdrive or cd to burn hiren's bootcd.
This tool is for technician only, but if you wanted to repair and remove viruses and malware to your pc this tool could help.
Honestly, I am using the hiren's proteus version which includes premium tools than a free version. However, you can try the free version.
Turn your PNs on for "Newbies". i want to send you something.
no idea what this means
akes : The infected pc has been formatted .....
Nrcewker : https://ufile.io/sum9z -- it was a png file of my QR code - same encryption just not my wallet if you can bring the QR code png back then u can do the same to wallet.
for complete decryption i need access to infected computer its not so easy as you think
Profile, than in the menu left, Personal Message Options, "allow Newbies to send you PNs".
Quote
My guess is that the malware created a self-signed certificate in the certificate store then used the public key to encrypt the content of files in the background.
The public key is written in every file (It is the Unique-ID). The Scammer will send him the Master-Key + the Software that reverse the encryption. The chance to Crack/Brutforce what ever is is almost zero
Jump to: