Omfl extension

Status
Not open for further replies.

Cikmen

New Member
Thread author
Dec 26, 2020
4
My notebook got hit by a ransomware while i was installing an Office setup. I have C: and D: drive. On C drive no data encrypted, but D drive all files encrypted with omfl extension and that anoying read me text. I think ive remove the malicious software, using deafult antivirus of windows 10. I need help to try and restore my data. Thank you all for this great website and your marvellous guides.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Hello, Welcome to MalwareTips..! :)

Navigate to this topic.


Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

Tell me the result.


Next ....


Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.


  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 

Cikmen

New Member
Thread author
Dec 26, 2020
4
I submit a sample of a compromised file on ID ransomware, here are the results:
STOP (Djvu)
This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.
Identified by
  • ransomnote_email: restoremanager@airmail.cc
  • sample_extension: .omfl
  • sample_bytes: [0x4ED48D - 0x4ED4B3] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
 
Last edited by a moderator:
  • Like
Reactions: ForgottenSeer 89360

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
I submit a sample of a compromised file on ID ransomware, here are the results:
STOP (Djvu)

I understand..! I have large reserves for decrypting files..! Let's start like this:

Farbar Recovery Scan Tool - Fix

Please download the attached file * fixlist * to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

  • Fixlog.txt
 

Attachments

  • fixlist.txt
    8.6 KB · Views: 10

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Sorry, your files are encrypted with an online key..! Only encryption that uses the offline key can be decrypted by Emsisoft's tool: Emsisoft Decryptor for STOP Djvu

Please save copies of encrypted files and a ransom note and wait for a solution to appear later.Certain file types, mainly video and audio files, can possibly be repaired with tools like MediaRepair. But these files will loose some data. You can follow this topic:

STOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Help & Support Topic



Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

In your next reply, please include:
  • AdwCleaner log
  • Mbam.txt
 
  • Like
Reactions: ForgottenSeer 89360

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Due to lack of response, this topic will now be closed. If you need support, please begin a new thread, and provide a link to this topic. Have a nice day. ...!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top