Jump to content

assistance with .orkf ransomware requested

Go to solution Solved by kevinf80,

Recommended Posts

Hiya Nowshad and welcome to Malwarebytes,

Can you zip up and attach an encrypted file...


Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Link to post
Share on other sites

Hiya Nowshad,

Unfortunately there is no way to decrypt your files without a key, have a read of the following log:



File: C:\Users\kevin\OneDrive\Desktop\photo\document.orkf
Error: No key for New Variant online ID: IyEdwNA5J2yBX8XFBKN4pnOOO1mwFFBYyVd10nRF
Notice: this ID appears to be an online ID, decryption is impossible

File: C:\Users\kevin\OneDrive\Desktop\photo\photo.orkf
Error: No key for New Variant online ID: IyEdwNA5J2yBX8XFBKN4pnOOO1mwFFBYyVd10nRF
Notice: this ID appears to be an online ID, decryption is impossible


All you can do is save the encrypted files for now, hopefully a free decryption key maybe available in the future....

Can you run the following for me...

Open an elevated command prompt, at the prompt copy/paste the following:

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

put cursor at the command prompt then Right click and select paste, hit enter. Two files will be saved to your Desktop.

Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data
Link to post
Share on other sites

  • AdvancedSetup changed the title to assistance with .orkf ransomware requested


Can you please help me how to open an elevated command prompt, I ran a cmd from task manager by administrative privileges. Copied and pasted that,

This showed up |



Microsoft Windows [Version 10.0.19043.1165]
(c) Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
Gathering modern licenses...
Gathering modern license diagnostic data...
Gathering hardware diagnostic data...
Gathering hardware diagnostic data...
Gathering relevant event logs...
Gathering desktop license data...
Gathering desktop diagnostics data...
Gathering desktop task data...
Gathering environment data...
Gathering active license policy values...
Diagnostics file created at C:\Users\S&I\AppData\Local\Temp\DESKTOP-P9D7VJO_2021-09-02_diag(2).cabThe system cannot find the path specified.
The system cannot find the path specified.


I made an clean installation of Windows 10 and scanned my computer by Malwarebytes and Emsisoft Anti Malware, Nothing showed up, Is the ransomware still on my computer ? or Should i perform any other task to remove this from my computer ?

Link to post
Share on other sites

  • Solution

Hiya Nowshad,

If you`ve made a fresh install of windows and latest scan logs are clean your system should be ok for you now...

Condsider the following:

Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge..

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...


Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image


  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.