AGHO ransomware

[Meysampakdel]

Hi dear
My system infected with ransomware and my files encrypted with .agho extension
When ransomware in my system my kaspersky license was end and I wnat to try to atlctivate new license but I see my files was encrypted
After that my task manager been locked
After I activate kaspersky it detect ransomware files and delete them from appdata/local folders and one detection from system memory
After that I try emsisoft decryptor but it cant decrypt my files
Is there any decryptor for this ransomware and if not how can I recover my files?
Please help me !

I did exactly what you said on this site, but the files have not been returned yet

Remove AGHO Ransomware (Virus Removal Guide)

This guide teaches you how to remove AGHO ransomware virus for free by following easy step-by-step instructions.

malwaretips.com

Even the game files that were on drive D have the extension agho. How can they be opened? What should be done if there is no way?

I have a question for you after reinstalling Windows on drive C Are the files on drive D with the extension agho. Is it possible that this ransomware will be replicated in Windows or not?

 

[struppigel]

Hello Meysampakdel

I am Karsten and I will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.

• Read my instructions thoroughly, carry out each step in the given order.
• Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
• If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
• Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
• Back up important files before we start.
• Note: On weekends I might be slow to reply

-------------------------------------------------------------------

The ransomware that encrypted your files is called STOP/DJVU ransomware.

You already did the right thing. You got the Emsisoft decrypter and you ran a scan with your antivirus program. Unfortunately the encrypted files on your system cannot be decrypted by us. Unless you have backups of your files, there is no way to get all of them back the way they were before.

I have a question for you after reinstalling Windows on drive C Are the files on drive D with the extension agho. Is it possible that this ransomware will be replicated in Windows or not?

They will not replicate. The encrypted files and ransom notes are not malicious. This particular ransomware does not replicate on its own either.

Your options without a backup:

1) Recovery: In rare cases ransomware fails to delete shadow volume copies or fails to delete the original files properly. You can try to recover files via shadow volume copies and file recovery software. I fear this might not be possible anymore after you reinstalled the system, though.
2) Repair: Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data.
3) Wait: Backup encrypted files and a ransom note and wait in case a solution comes up later. Maybe law enforcement gets hands on the keys or the criminals publish the keys as it happened with, e.g., GandCrab. I suggest reading the news on this. Emsisoft will update their decrypter if that happens.
4) Pay: There is the option of paying the criminals, but we highly recommend against this step. You will just fund later attacks. You may also pay without getting your files back. These are criminals and as such not trustworthy.

Let me know if you want my assistance in any of these options (except for paying the ransom).

 

[Meysampakdel]

thanks for your help

On this site that you posted

How to recover files and folders using Shadow Volume Copies

This tutorial will walk you through recovering deleted, modified, or encrypted files using Shadow Volume Copies. This guide will outline using Windows Previous Versions and the program Shadow Explorer to restore files and folders as necessary.

www.bleepingcomputer.com

According to Recover Files using Windows Previous Versions, no file is displayed What should I do!

Now I saw Restore Point, I think the ransomware has changed them because the attack happened yesterday morning, I do not have a restore before yesterday's date!

 

[struppigel]

Yes, in most cases this does not work because the malware deletes shadow volume copies and also overwrites files to make file recovery software not work.
The chances of successfully getting your files back are low in your case of ransomware infection.

 

[Meysampakdel]

What do you suggest I do now?

 

[struppigel]

I suggest you keep a backup of your encrypted files and one ransom note, then wait until a solution comes up. I am sorry that there is nothing we can do for you now.

 

[Meysampakdel]

Now, do you think I should put the locked files with the extension .agho in the D drive and then install Windows in the C drive clean?

By doing this, will the ransomware not be released again on Drive C?

 

[struppigel]

Yes. That works. The encrypted files are free from malware.

 

[Meysampakdel]

I will send you a sample of the locked file with the ransomware message!

password: infected

 

[struppigel]

What shall I do with it?

 

[Meysampakdel]

I thought you said send it to me, anyway your last suggestion is to transfer the files to drive D and then install Windows?

 

[struppigel]

I don't need your files.

last suggestion is to transfer the files to drive D and then install Windows?

Yes. That's the safest solution.

Are there any questions left?

 

[struppigel]

It seems there are no questions left, so I am closing this thread now.