[Hari Prahlad]

Hi

 

I download videos from YouTube using 4K Video Downloader. Of late, the speed of my system has decreased, and Kaspersky, which I had installed, has vanished.  I am unable to delete certain files and am getting a )x80004002 error.

I attach the FRST and Addition files for your examination.

 

Kindly assist.  Thanks in advance.

Attached Files

•  FRST.txt   8.55KB   217 downloads
•  Addition.txt   20.2KB   211 downloads

[Advertisements]

Hi and welcome

 

According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.

 

Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).

There is more information in these news articles.

• Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
• Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam
• Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
• Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
• Sodinokibi: The Crown Prince of Ransomware...Analysis of the Attack
• A Look Inside the Highly Profitable Sodinokibi Ransomware Business

Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Sodinokibi (REvil) Ransomware (random extension; [random ext]-readme.txt) Support Topic

 

[JSntgRvr]

Hi and welcome

 

According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.

 

Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).

There is more information in these news articles.

• Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
• Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam
• Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
• Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
• Sodinokibi: The Crown Prince of Ransomware...Analysis of the Attack
• A Look Inside the Highly Profitable Sodinokibi Ransomware Business

Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Sodinokibi (REvil) Ransomware (random extension; [random ext]-readme.txt) Support Topic

 

[Hari Prahlad]

 

Hi and welcome
 
According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.
 
Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).

There is more information in these news articles.

• Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
• Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam
• Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
• Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
• Sodinokibi: The Crown Prince of Ransomware...Analysis of the Attack
• A Look Inside the Highly Profitable Sodinokibi Ransomware Business

Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.

However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Sodinokibi (REvil) Ransomware (random extension; [random ext]-readme.txt) Support Topic

 

 

Thank you.

[JSntgRvr]

You are welcome

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.