How to remove Mppq ransomware ? In windows laptop?

Status
Not open for further replies.

Mallikarjun

New Member
Jun 12, 2021
2
Hi, my laptop was affected by MPPQ RANSOMWARE..? Please help me to remove it and to decrypt the files..! I followed How to remove MPPQ ransomware (Virus Removal Guide) and some other blogs and YouTube videos.
But i did not find any executable files(malware) running in taskmanager to stop,but all my files are encrypted and had a extension . MPPQ. How to make sure that ransomware is removed..? And how to remove all the encrypted files if I not needed?
 

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
423
I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The file extension .MPPQ has been used by STOP/DJVU ransomware. STOP/DJVU ransomware variants after August 2019 are only decryptable if an offline key was used which is rarely the case. For variants with an online key you cannot decrypt files.

Please provide the following logs for initial analysis.

Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool and save the file to your Desktop. (Note: choose the right version, 64 or 32 bit, for your operating system, only one will run)
  • Double-click FRST64.exe to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.
 

Mallikarjun

New Member
Jun 12, 2021
2
Thanks Karsten,
As you said two logs (FRST.txt & Addition.txt) are attached .
Please guide me further.
 

Attachments

  • Addition.txt
    63.7 KB · Views: 12
  • FRST.txt
    85.7 KB · Views: 11

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
423
It is indeed STOP/DJVU ransomware.
Before I proceed cleaning your system, please answer the following questions:
  • Can you please tell me the personal ID of the ransomware? You will find it in one of the ransom notes named _readme.txt.
  • In case the files are not decryptable: Do you want me to remove the encrypted files from your system or shall they stay? Did you create a backup of the important encrypted files?
 
Last edited:
Status
Not open for further replies.
Top