i6cvs

Okay Thanks, I will try this out and will inform you, if I got progress

Hello everyone, I got a hard drive encrypted with hese ransomware from 6 years ig and all the files are with the following extension hese, I couldn't find any decryptor or info about this virus then. Any suggestion or info on how I would decrypt my hard drive? I just read today about it and many sites say the virus is from STOP/djvu family, does that mean that I could I use DJVU Decryptor to decrypt my files? also here is the example image of the message after getting the virus, it looks like the djvu virus:

Thanks for that! I will do all of these, you really helped me a lot.

Wow, you are doing really great Job. And I am really interested to be like you in that work. Thanks again! here are the logs:FRST.txtAddition.txtSecurityCheck.txt

Now after trying the browsers I guess the solution is solved it doesn't do any bimq hijack and after all those temp files are deleted the PC running more smoothly. Thousands of thanks, fam! I have 2 questions actually, curious and interested to know them: first, did you read all the addition.txt files to see the Monero program? or you use some tool to analyze that? second, how did you make the fixlist thing I really want to know that.

Thanks for noticing me about that monero thing! Also FRST finished everything and restarted PC, I don't know whether I need to run it again or no? anyways the fixlist file disappeared and here is the Fixlog.txt: Fixlog.txt

I had a KMs crack but I deleted it now with the Malwarebytes scan here are the logs: AdwCleaner[C00].txtMalwarebytes Scan Report 2024-07-03 132006.txtFRST.txtAddition.txt

From 2 days I installed 2 apps called: SageThumbs and WinThumbsPreloader ( I deleted them now), after that all browsers(brave, Chrome, and Edge except Opera) were hijacked so when I search for anything it sends a request to bimq.co, and redirect to the search google. after some search for fixes, the malware added some policies to browsers in registry, I made a scan with Malwarebytes deleted everything restarted pc and still, the hijack still working, I don't know what the source is. I read other posts but most files are unavailable and may be different methods. (this photo from procmon tried to detect what adds that key hoping to find something)