Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error Code 0x80004002 [Solved]

Malware Ransomeware System slow

  • This topic is locked This topic is locked

#1
Hari Prahlad

Hari Prahlad

    Member

  • Member
  • PipPipPip
  • 221 posts

Hi

 

I download videos from YouTube using 4K Video Downloader. Of late, the speed of my system has decreased, and Kaspersky, which I had installed, has vanished.  I am unable to delete certain files and am getting a )x80004002 error.

I attach the FRST and Addition files for your examination.

 

Kindly assist.  Thanks in advance.

Attached Files


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,270 posts

Hi and welcome :)

 

According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.

 

Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).

There is more information in these news articles.

Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

 


  • 1

#3
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts
 

Hi and welcome :)
 
According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.
 
Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).

There is more information in these news articles.

Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.  
 

Thank you.
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,270 posts

You are welcome :)


  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,270 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Ransomeware, System slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP