Files with extension: ! to get password email id 1005500160 to lathelp16@gmail.com ! [ACCDFISA v2.0 Ransomware]

[Greater 0]

Good night!

I have an infection case where files have the extension  !! to get password email id 1005500160 to lathelp16@gmail.com !! at the end.

 

I have an encrypted file, the ransom note, and I think that I have the executable.

 

Anybody can help?

Thank you.

[mike 1 1 044]

Hello.

• Download English version of the AutoLogger.
• Unzip downloaded folder to your desktop. Open AutoLogger folder and run AutoLogger.exe application.
• Follow the instructions of the program.
• Attach CollectionLog-date-time.zip log to your next post.

[Greater 0]

Hello.

• Download English version of the AutoLogger.
• Unzip downloaded folder to your desktop. Open AutoLogger folder and run AutoLogger.exe application.
• Follow the instructions of the program.
• Attach CollectionLog-date-time.zip log to your next post.

 

I sent you a PM with that information.

Thanks.

[mike 1 1 044]

• Download English version of the Universal Virus Sniffer (uVS)
• Unzip downloaded folder to your desktop. Open UVS folder and run start.exe application. In the program window select "Start under the current user".
• From the top menu select "File" => "Save OS Image with checking digital signature (slow)…". You will be prompted to choose destination location for the log files to be saved. Please follow the convention when naming the log file “name_of_the_computer_date_scanned”. Save log file on your desktop.

  !!!Attention. If you have archiving applications WinRAR or 7-Zip installed, uVS will archive the logfile for you, otherwise it will have to be done manually.

• Please wait till your logs are being collected and saved. Attach your log file to your next post on the forum.

  !!! Note: please make sure to run application as an administrator. If you are using Windows XP it will be done automatically. In Windows Vista and Windows 7 to start application as an administrator, please right-click on the application icon and select “Run as administrator”. You might be asked to enter administrator’s password, in that case – enter the password and click “Yes”.

[Greater 0]

My encrypted  drive was a local drive (c:) but now I have it as a slave disk in another PC.

What can I do to scan it instead of the current local disk?

[mike 1 1 044]

You can boot computer from a local disk С?

[Greater 0]

Yes, I have a local disk C, and then the encrypted disk has the letter E.

When I follow the steps you gave me, the tool scans disk C.

How can I scan disk E?

Изменено 6 декабря, 2016 пользователем Greater

[mike 1 1 044]

 

Next, select the local drive E.

[Greater 0]

I sent you the log via PM

Thanks

[Greater 0]

Here you have the logs from AutoLogger and Universal Virus Sniffer...

Thanks a lot.

CollectionLog-2016.12.01-16.45.zip

PC1_2016-12-06_13-44-25.rar

Изменено 8 декабря, 2016 пользователем Greater

[mike 1 1 044]

Try to restore these files.

C:\USERS\USUARIO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1HWJ762N\INSTACTA0111110340.EXE
C:\USERS\USUARIO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\722GHV32\INSTFICH2911111259.EXE
C:\USERS\USUARIO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\JQNZAGAZ\INSTALAR0411111230.EXE

Please send this file.

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\1SYSTEMDOWN.EXE

[Greater 0]

What do you mean by "restoring"?

Thank you.

[mike 1 1 044]

Attempt to recover their using the data recovery programs (Recuva, R-Studio, for example)

[Greater 0]

And after that I send them to you?

[mike 1 1 044]

Yes, in PM. 

 

+ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\DESKTOP\1SYSTEMDOWN.EXE