Kaspersky
Solved

My PC has been attacked by Ransom.Cryptowall 3 and adds this content .id[F0CAE4F1-2241].[backup3389@cock.li].adage

  • 17 June 2019
  • 3 replies
  • 9345 views

My PC has been attacked by a ransomware known Ransom.Cryptowall 3 that adds this ".id[F0CAE4F1-2241].[backup3389@cock.li].adage" in every file. I can neither login to my PC (windows 10) nor create another user via recovery on repair section. The ransom has blocked access to all domain users that they cannot login the same to local users. Whenever I try to login even with Administrator accounts both local and domain I get this message -“The User ProfileService failed the logon” and “The user profile cannot be loaded”- Can anyone help me how to get access back to my PC, decrypt my files and recover my data? I also got databases(QuickBook) included in my file, will you please specify what decryptor to use as I'm afraid that it may be damaged.

Thanks
icon

Best answer by Caos 18 June 2019, 08:28

Hi,



For access to your computer try with Kaspersky Rescue Disk: https://support.kaspersky.com/viruses/krd18



In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware.

But in the vast majority it is not possible, at least at the moment.



You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en



You can find information that can help you here: https://www.nomoreransom.org/en/index.html



Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility



If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account.

And review: https://support.kaspersky.com/14844



Regards
View original

3 replies

Userlevel 7
Badge +11
Hi,

For access to your computer try with Kaspersky Rescue Disk: https://support.kaspersky.com/viruses/krd18

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware.
But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en

You can find information that can help you here: https://www.nomoreransom.org/en/index.html

Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility

If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account.
And review: https://support.kaspersky.com/14844

Regards
Hi!

Maybe I can help you, contact me.

My PC has been attacked by a Ransomware and all My files have been encrypted. All file extensions haves been changed to .xls while some desktop icons changed to .lnk.xls and the following message is in every folder.

Attention! 
All your files are encrypted
to purchase an unique decryptor use e-mail filessupport@cock.li
or create ticket here: https://yip.su/2QstD5

<!-- !!! dont changing this !!! -->
               6B D0 19 2F 4A F8 83 C8 DF E7 B1 7B 3B B5 4C DD
48 D6 F4 F2 F3 D4 E5 5D 90 A2 87 52 BB 63 CB E3
FA 32 A4 68 94 99 2C D1 DF F6 1F 28 45 1F ED 3C
13 51 0C 6C 56 9A E3 8D 3A 70 67 7B DB B4 9D 63
F5 42 97 C5 AB 5F EB 9A 0A 78 26 91 A4 DA 7F C3
BA 09 99 8E BB BC 8B 1A 43 7F 70 00 77 18 B2 63
C9 AD 55 4A EC A9 36 5E 2E BE 4B 47 58 54 F5 E8
6E 86 3E 99 D3 12 BC 48 33 C2 12 13 20 9F 88 6B
F0 C5 05 6B E0 F8 8B A0 D7 B5 5F 14 EC EC 38 73
91 B5 22 EB 95 39 AA 79 D9 47 37 B1 72 9C 9B 4A
6C BB 73 91 8E 74 EF 83 03 D1 C6 9E 25 50 EA 72
DE 3B 37 CB 47 2E 08 3D 61 21 74 11 D3 F9 39 E7
2A 2E A0 13 C8 12 8A 99 99 8B E0 EA E5 DD 13 9C
63 D1 9F A8 2F EE 3D F9 22 B9 13 37 96 5F E8 97
40 A9 19 77 5F 5D DF 7B A4 3C 9D EB 6A 41 EB 45
AC 7F 7D 59 BC 9A 6F 40 B2 94 B8 EB 04 41 0A 12
 2B 60 E5       

Please, see sample file attached.

Please help.

Reply