Kaspersky
Question

decrypt Ransomware Trojan.Win32.DelShad.gen

  • 10 December 2020
  • 0 replies
  • 371 views

Hey guys, I am trying to decrypt files from my Computer that got infected by a Ransomware.

I used the Kaspersky to remove the Ramsom, but I am not able to find a Decryptor. Tested a couple ones already.

Can someone help me to find the correct one.

Files have the extension :.BeBcaBACbD

The logs from Kaspersky is showing the following:

 

--------------------------------------------------------
HEUR:Trojan.Win32.DelShad.gen
File: C:\Users\lumion\AppData\Roaming\Microsoft\Windows\svchost.exe
Trojan program
    MD5:  97EA97594E15E2A260921CB7736A1B2E
    SHA256:  A82463B6F3B201BFDE677D92C26EC5906E1187A80E3074BB637936B293E7F66B

 

 

/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*

The file that I found in my computer was: 

yyKbY_readme_.txt

 

 

-------===    Your network has been infected!    ===-------


*****************    DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED    *****************


All your documents, photos, databases and other important files have been encrypted and have the extension: .BeBcaBACbD

You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!

The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!

We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info.

You can get more information on our page, which is located in a Tor hidden network.


How to get to our page
--------------------------------------------------------------------------------
|
|  1. Download Tor browser - https://www.torproject.org/
|
|  2. Install Tor browser
|
|  3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
|  4. Follow the instructions on this page
|
--------------------------------------------------------------------------------

Your ID:
--------------------------------------------------------------------------------

Njg3LUdNUllta05waTJGOHBMZFBJdkxXNEd3R3c3QUEyZ2xtWVIrbitHZ3Y1SEVHV3JFa1g1dGFZTk9hamZVaW10Lzh1KzdhZmhVdDRYQWdtWUNqQmJlN3AxYXpQT0ZFVHh1TldkQi95TUYyNHhrK2VsS2dBWW1hdXVZd0FiMlFOeVdLWkx2NmlWWFkzTDhydjF5bndMRVljdEZKdkM2d3kzQ3RnVW8vdFU5NWp4RlNNWVF0RitPc0M5WWxTOEM2Vk9ZNXFWUkJpNVJ3S1RsM3F1Q1ZNWVZldVJBVGdHZ1VJbnViS0xJUy9WY1JubkVQQlpTNERCZVQwZHRBb0wvZ3NEMVU5a0dsc0ZiR2NXeFZuMkZ6d2J0NkhaVDRqemV4Qk5iR3lUM09hTnRWdlhGS080eDA5NGxZRzljQVR6TVZ3MVZOR3NFMi96WEx6MzFGL3pTazhaSGlzVFJkOWNKN1JhVDgvSkpvOUlWYW5UQ3R1YjBtdSs5Q24xVjBxa3BHU0hEZGtENUdPczJaaUZ0OU5IMnJwU09JWVp2bDRhUkJZb3lvbGlncTArcjNwcDdPNitJZmgveVgrQ3piUXlpdW0zUmh3OC85ZldwVUdHVkhOdk9MaUs5cVdIOFowWGZjUFhaRnNLNGVyaW85cnkrZW9WOU5iV0VZdCsrcEQ4VkFOQk1ab2t1OFNkMmk5M0VSNW9NUmRtM25SUm1xcHlDMVhWd29FVnF5dzFOWWtCZ3pDRXBodjNvYU91NitGRzFKNUsrV1lVdDVvc2JIWnNONEdDc1VEL0xyMW5HMjhyaENiUXNaTWxGSWdyYUtRY21LTG41TnN5RU93aUh3OGRQdFhrRGtlMFhCQ2x5dmtydkZyRlo4OHVlVFFFc05YZjk5cmRlazdhYnEwVmh2T2lRRkdVUkR2K0JJRGNvK2ZNVnJ2bUxkeFVuYmRLUng2bWRFMVIyUGZSQ1dYWlJ3bzRzcjNiWWlQanhDM0UwdW9wb0pLRUF0OXVsUVJ1QmtPR294Z0ZLYUlMRGtmbTJGVWdUbVd1NlpwMzJrbFpocTJ4cVNzQ2FoQlA1ZUJCUzJCdnVlbmtUcm5XRVVlYmFOVTN3UytKRkNBTEJRakhvdGZEOXV6c2ZZYU5EVVFyOWpUZFBVcElYOXFsS3g0OSs2OUQ5d09LZnJGSnNFYm5ZQkNlWmE4UXpQNno0OUh2endUdlFaZWdQeXNEZ2ZTQzc2cmR3TlVvaU5BUUZnemx0VWpVRk41dzJGc0doRkdJMUgrcVU1WGNUU3hlbVBxdm9xWmRYWFpWNEJXeDZ0aUhpdEtsQTMyTE92K3hmMHlLWHIzZFdRTVFqZkUvaFRqY3pvM1l3Q0lUSytDTnI5TGdEazROcmZ0dm53LzRXd1ZzNDBDbkx2M2VWcFJqTzVzSUpIRitBTHBsZHJWdk0wb0VQVUlqTTVibVBDY3JXQU55bGc0K3p1QzVieFpSdFNCYWcySk1nNGVtL0VweXd2c3dCT2ZONzNDUEpXV2cvckpGODhjU281YXBVay80Y3FmMWthdlp5bC9QcVZTaVQxM3BoQ05jZXZFdktlOWcxUm8rRnhpakVNT2NZWTZ6b3RiazJzZ255SzFkaCs0dzY4a050d3IwT0M2eExGK1VPaFFyTTJZQVJ3SGxsN2xlMUlnNWNtaHlvU2lLdXZsSmtNRDJOR0x4d012R0UvbHBhRzZWZDRrdE9wNjhHcnN0c21YRmNoQnF0eHRuU1FVTDRtZ1Bxa1lrZTlvYXlGVVpBUHREWXA4eDZjK0xKUnhQc1N2WXd6c2czNDA4Q3VrTXhnNWtOZXNMNG5Kek5aejFCOEhIS1JkcUVvVURSUWp2OGprN1l6SU1PSFVZUXpac3lqdVVmZDFJRVFKSXg4YmM1N1V3SHpJODhXN296dXlzbnp1VUVQNjljVDNsZjkyWHo0N2JvUWR5L0FuaXdmSlR0UVhGelY0d3FRZ3Rob2drK2hFSEdpVUxYVit5ekVzZ3lveng4NXV4NkRHT1hlR1NudDlvU3FHNVpEcjFmN0N3akVyNWNWOFI4R0RwWmIzNkZVV2RVZE5FRUZkYWM2RWg1cnRid0E5OWZBQ0tPVHdhMHVrbmZ1T0MveWxaVithMjVCVS9oNzZldlczazAzLzNIUVVKMWtLTXZyOCtXK3JSY2RlTU5aTy9FPQ==

--------------------------------------------------------------------------------

* DO NOT TRY TO RECOVER FILES YOURSELF!

* DO NOT MODIFY ENCRYPTED FILES!

* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *

gi3oEh

 

/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*

 

 

 


This topic has been closed for comments