Please Help __prosschiff@gmail.com_.crypt strikes again...
 

Hello

I hope it is ok to post in english.

This forum is the only place in the internet I found mentioning a similar attack.

Last Monday my computer was invaded with some kind of malware.

Almost all files renamed with added "__prosschiff@gmail.com_.crypt" and encrypted.

Malware detected:
PUP Ammy Admin
Win32/Skeey.B!plock
Win32/Skeey.C!plock

Suspect file found already encrypted: RootCrypt.exe

I really need to recover some mdf files and it will be almost impossible to recreate them.



Any information, clues or any help will be very much appreciated.

Thank You

Danke sehr!

Hello, sand0kan333
Welcome to the trojaner-board.de Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Scan Results
 

Hello Tom,

Thank you for taking the time!

Here goes scan results in attachments.

Hi,

sorry to say, but there is no way to decrypt your files. The only thing we could try is to cleanup the system.

Do you want to clean it or do you want to reformat it?

Thanks Anyway!
 

Its ok my hopes were a bit low...

But thank you for taking the time to try anyway.

I think I'll format it or hold it for police to check it and maybe trace the guy who did this..

Anyway I think I can handle the formatting thing and will recover soon from backup trauma
:headbang:


Thanks again cheers!

Danke!

You're welcome :)

I have good news!!!
 

I've got my files back!!! :applaus:

This worked for me:
https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1&lng=en

I had to buy their av with support around 35 euro but after sending some encrypted doc files they helped me decrypt my files!

I still can't believe it, after 1 month!!!

Best Regards,

Pedro

Thanks for letting me know :)