Status
Not open for further replies.
System logs
Yes, I've uploaded the FRST.txt logs
Yes, I've uploaded both FRST.txt and Addition.txt logs
Yes and I've also uploaded logs from other scans that I've performed
I did not upload the FRST.txt logs

MiguelF

New Member
Olá bom dia!

Estou com um problema ao descriptografar os arquivos .COOT ransomware.

Eu fiz todo o processo de limpeza e remoção de vírus e malware. Ambos com Malwarebytes, EmsisoftEmergencyKit e Zemana AntiMalware.

Mas quando executo o Emsisoft Decryptor para o STOP Djvu, o resultado é sempre o mesmo: Erro: Não é possível descriptografar o arquivo com o ID: vPmLdBlkJDYGbeUDbjuU7R6uW7dsiY6ApLOe1erz

Alguém poderia me ajudar a decifrar os arquivos por favor ???

Obrigado a todos a partir de agora!
 

nasdaq

Moderator
Verified
Staff member
Hello, Welcome to MALWARETIPS.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Navigate to this topic.

Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.

The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.

Good luck.
<<<>>>
 

MiguelF

New Member
Hello, Welcome to MALWARETIPS.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Navigate to this topic.

Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.

The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.

Good luck.
<<<>>>
Ok. I just did the procedure of the link mentioned, and the result was:

1 Result
STOP (Djvu)
This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by
  • ransomnote_email: salesrestoresoftware@gmail.com
  • sample_extension: .coot
  • sample_bytes: [0x59AC - 0x59C6] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D

Click here for more information about STOP (Djvu)

Can you tell me what to do now?
 

nasdaq

Moderator
Verified
Staff member
Hi,

As explained in this topic not all version of the ransomware can be restored

The only thing you can do is to save the compromised files to a CD or Flash drive.
If a decryptor is found for you version you possibly may be able to restored your files in the future.

If you have any other issues with this computer please tell me what is wrong.
 

MiguelF

New Member
Hi,

As explained in this topic not all version of the ransomware can be restored

The only thing you can do is to save the compromised files to a CD or Flash drive.
If a decryptor is found for you version you possibly may be able to restored your files in the future.

If you have any other issues with this computer please tell me what is wrong.
OK thank you!

The worst is that I have nowhere to store, because the ransomware affected my External Hard Drive more than 370GB (in C: did not affect anything).

Can you tell me if I have a deadline to find out if there's anything new in my case?
 

nasdaq

Moderator
Verified
Staff member
Hi,

Too bad for your External HD.
Just keep it for future needs.
However I would not expect a solution in the near future.
I have no time frame to give you.
 
Status
Not open for further replies.