Jump to content

atrisa

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The following page will appear after running the Messenger2go file: By running Messenger2go.15.1908.1rhmsn.exe you will get the previous result
  2. Thanks Threads Tagged with: STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic It currently has offline key activity Can I hope files with online keys can also be recovered?
  3. In post # 1 the .herad file extension is correct
  4. Hello Thank you very much for your attention. Result from the site: https://id-ransomware.malwarehunterteam.com/ Is as follows: --------------------------------------------------------------- This ransomware may be decryptable under certain circumstances. Please refer to the appropriate guide for more information. Identified by ransomnote_email: gorentos@bitmessage.ch sample_extension: .herad sample_bytes: [0x94B1D - 0x94B37] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D Click here for more information about STOP (Djvu) --------------------------------------------------------------- Result from STOPDecrypter v 2.1.0.24 Is as follows: --------------------------------------------------------------- MACs: 30:85:A9:9B:BE:1B, 00:15:83:15:A3:10 STOPDecrypter v2.1.0.24 OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000 No key for ID: l8W6QXRo2iHXkh0b9xJHq1nBTLlIbeGnxD7av9Y6 (.herad ) Unidentified ID: l8W6QXRo2iHXkh0b9xJHq1nBTLlIbeGnxD7av9Y6 (.herad ) MACs: 30:85:A9:9B:BE:1B, 00:15:83:15:A3:10 Decrypted 0 files, skipped 4 --------------------------------------------------------------- Result from Malwarebytes version 3 Is as follows: --------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/26/19 Scan Time: 2:45 PM Log File: 77a0194a-c7ea-11e9-84cc-3085a99bbe1b.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11270 License: Trial -System Information- OS: Windows 10 (Build 17763.678) CPU: x64 File System: NTFS User: DESKTOP-A79UCQH\cyber -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 312943 Threats Detected: 67 Threats Quarantined: 0 Time Elapsed: 16 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 32 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Registration3, No Action By User, [3222], [457731],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{850EA901-7BF6-47CB-9AD7-9879D6B11017}, No Action By User, [3222], [457731],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{850EA901-7BF6-47CB-9AD7-9879D6B11017}, No Action By User, [3222], [457731],1.0.11270 PUP.Optional.SpeedyPC, HKU\S-1-5-21-709982592-2884008671-4219726286-1001\SOFTWARE\SpeedyPC Software, No Action By User, [1543], [396736],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKU\S-1-5-21-709982592-2884008671-4219726286-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, No Action By User, [350], [327197],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [350], [327193],1.0.11270 PUP.Optional.SpeedyPC, HKLM\SOFTWARE\WOW6432NODE\SpeedyPC Software, No Action By User, [1543], [396735],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, No Action By User, [350], [336077],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9B60A6B-ECD7-4933-9C2B-C36C2F017CD7}, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F9B60A6B-ECD7-4933-9C2B-C36C2F017CD7}, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Update Version3, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{24077C0C-8648-4609-9368-FA8E438CF370}, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{24077C0C-8648-4609-9368-FA8E438CF370}, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ParetoLogic Update Version3 Startup Task, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, No Action By User, [350], [327206],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.11270 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [350], [332494],1.0.11270 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SpeedyPC, C:\ProgramData\SpeedyPC Software\SpeedyBackup, No Action By User, [1543], [340762],1.0.11270 PUP.Optional.SpeedyPC, C:\PROGRAMDATA\SPEEDYPC SOFTWARE, No Action By User, [1543], [340762],1.0.11270 File: 33 PUP.Optional.ParetoLogic, C:\WINDOWS\TASKS\ParetoLogic Registration3.job, No Action By User, [3222], [457731],1.0.11270 PUP.Optional.ParetoLogic, C:\WINDOWS\SYSTEM32\TASKS\ParetoLogic Registration3, No Action By User, [3222], [457731],1.0.11270 PUP.Optional.SpeedyPC, C:\ProgramData\SpeedyPC Software\SpeedyBackup\NagData.dat, No Action By User, [1543], [340762],1.0.11270 PUP.Optional.ParetoLogic, C:\WINDOWS\TASKS\PARETOLOGIC UPDATE VERSION3.job, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, C:\WINDOWS\SYSTEM32\TASKS\PARETOLOGIC UPDATE VERSION3, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, C:\WINDOWS\TASKS\PARETOLOGIC UPDATE VERSION3 STARTUP TASK.job, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.ParetoLogic, C:\WINDOWS\SYSTEM32\TASKS\PARETOLOGIC UPDATE VERSION3 STARTUP TASK, No Action By User, [3222], [370963],1.0.11270 PUP.Optional.Reimage, C:\WINDOWS\REIMAGE.INI, No Action By User, [350], [412667],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\APPDATA\ROAMING\Microsoft\Windows\Recent\STOPDecrypter (2).lnk, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (2).ZIP, No Action By User, [0], [392687],1.0.11270 HackTool.Cain, C:\PROGRAM FILES (X86)\CAIN\ABEL.EXE, No Action By User, [9185], [29604],1.0.11270 HackTool.Cain, C:\PROGRAM FILES (X86)\CAIN\ABEL64.EXE, No Action By User, [9185], [29604],1.0.11270 PUP.Optional.PasswordTool.Cain, C:\USERS\CYBER\Desktop\Cain.lnk, No Action By User, [14972], [299928],1.0.11270 PUP.Optional.PasswordTool.Cain, C:\PROGRAM FILES (X86)\CAIN\CAIN.EXE, No Action By User, [14972], [299928],1.0.11270 Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-709982592-2884008671-4219726286-1001\$RMVR4EX.TMP\BTMFYQAYMJ.EXE, No Action By User, [0], [392686],1.0.11270 PUP.Optional.Reimage, C:\$RECYCLE.BIN\S-1-5-21-709982592-2884008671-4219726286-1001\$RUO147J.EXE, No Action By User, [350], [331559],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOCUMENTS\STOPDECRYPTER.ZIP, No Action By User, [0], [392687],1.0.11270 Ransom.HiddenTear, C:\USERS\CYBER\DOWNLOADS\HIDDEN-TEAR-MASTER.ZIP, No Action By User, [8721], [124721],1.0.11270 PUP.Optional.Reimage, C:\USERS\CYBER\DOWNLOADS\REIMAGEREPAIR.EXE, No Action By User, [350], [331559],1.0.11270 Generic.Malware/Suspicious, C:\USERS\CYBER\DOWNLOADS\WANAKIWI_0.2 (1).ZIP, No Action By User, [0], [392686],1.0.11270 Generic.Malware/Suspicious, C:\USERS\CYBER\DOWNLOADS\WANAKIWI_0.2.ZIP, No Action By User, [0], [392686],1.0.11270 Generic.Malware/Suspicious, C:\USERS\CYBER\DOWNLOADS\HIDDEN-TEAR-MASTER.ZIP, No Action By User, [0], [392686],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (7).ZIP, No Action By User, [0], [392687],1.0.11270 Generic.Malware/Suspicious, C:\USERS\CYBER\DOWNLOADS\CAIN AND ABEL CA_SETUP.EXE, No Action By User, [0], [392686],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER.ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (1).ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (5).ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (8).ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (3).ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (6).ZIP, No Action By User, [0], [392687],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\STOPDECRYPTER (9).ZIP, No Action By User, [0], [392687],1.0.11270 Generic.Malware/Suspicious, C:\USERS\CYBER\DOWNLOADS\HASHCRACKER FOR GURON18 - [C0D3D BY JULIA (JULIA.PCRET@EXPLOIT.IM)] - 20170211.ZIP, No Action By User, [0], [392686],1.0.11270 MachineLearning/Anomalous.100%, C:\USERS\CYBER\DOWNLOADS\HOW TO COMPARE FILES.RAR, No Action By User, [0], [392687],1.0.11270 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) --------------------------------------------------------------- Result from AdwCleaner Is as follows: --------------------------------------------------------------- # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-08-21.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-26-2019 # Duration: 00:00:11 # OS: Windows 10 Pro # Cleaned: 46 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Cain Deleted C:\Program Files (x86)\Common Files\PARETOLOGIC Deleted C:\Program Files (x86)\PARETOLOGIC Deleted C:\ProgramData\PARETOLOGIC Deleted C:\ProgramData\SpeedyPC Software Deleted C:\Users\cyber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain Deleted C:\Users\cyber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC ***** [ Files ] ***** Deleted C:\Users\cyber\Downloads\ReimageRepair.exe Deleted C:\Users\cyber\Downloads\SpyHunter-Installer.exe Deleted C:\Windows\Reimage.ini ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\PARETOLOGIC REGISTRATION3 Deleted C:\Windows\System32\Tasks\PARETOLOGIC UPDATE VERSION3 Deleted C:\Windows\System32\Tasks\PARETOLOGIC UPDATE VERSION3 STARTUP TASK Deleted C:\Windows\Tasks\PARETOLOGIC REGISTRATION3.JOB Deleted C:\Windows\Tasks\PARETOLOGIC UPDATE VERSION3 STARTUP TASK.JOB Deleted C:\Windows\Tasks\PARETOLOGIC UPDATE VERSION3.JOB ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted HKCU\Software\ParetoLogic Deleted HKCU\Software\cain Deleted HKCU\Software\speedypc software Deleted HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{850EA901-7BF6-47CB-9AD7-9879D6B11017} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9B60A6B-ECD7-4933-9C2B-C36C2F017CD7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24077C0C-8648-4609-9368-FA8E438CF370} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{850EA901-7BF6-47CB-9AD7-9879D6B11017} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9B60A6B-ECD7-4933-9C2B-C36C2F017CD7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version3 Startup Task Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic registration3 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\paretologic update version3 Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Deleted HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Deleted HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine.1 Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Deleted HKLM\Software\Classes\uus3url-pl Deleted HKLM\Software\Reimage Deleted HKLM\Software\Wow6432Node\ParetoLogic Deleted HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Deleted HKLM\Software\Wow6432Node\speedypc software ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [5641 octets] - [26/08/2019 15:07:40] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## --------------------------------------------------------------- Addition.txt FRST.txt
  5. Hi, All my computer files have been infected and the .heard extension has been added to all files. Please help to resolve the problem. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.