CryptoSearch - Find Files Encrypted by Ransomware

Hmm, sorry I requested features before reading this topic. You have considered a few things and we just need to understand how to use the program. Hopefully a clear and easy to follow instructions file is included in the zip-file.

 

Cool program and I'm amased over your imagination and creativity.

 

Continue the fight and help victims

Hi Michael

 

With FF 50.1.0 I get from this page:
https://download.bleepingcomputer.com/demonslay335/CryptoSearch.zip
 

I can ignore it as the page is pink not red (as of today)

 

 

Reported Unwanted Software Page!
This web page at download.bleepingcomputer.com has been reported to contain unwanted software and has been

blocked based on your security preferences.

Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.

 

 

I have no specific security setting just the normal FF-settings
That is to bad and it will probably not be removed unless you get another download address or you contact Mozilla and tell them to update their bad filters. I guess your SW got this problem from one of the earliest copies you had and that is the reason you chose to password protect the file.

 

Anyway I thought you like to know about it.

 

Best regards

Having trouble to unzip and install CryptoSearch. Error when extracting "Unknown method in CryptoSearch.zip" Chrome browser blocks file as Dangerous when attempting to download.

Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However, depending on the product, some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case. In these instances the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools (or their embedded files) are falsely detected by various anti-virus programs from time to time. This in turn sometimes results in an inaccurate site rating/warning of potentially dangerous software when that is not the case.

Rest assured our Security Colleagues are trustworthy and all the programs hosted for downloading here at BleepingComputer are malware-free and perfectly safe to use.

Hi, 

I am infected by Spora Ransomware. I downloaded the latest version of CryptoSearch, the program refreshed the Network, but I can't find Spora in the Ransomware list to search for the Encrypted files.

Can you please advise.

 

Regards

Hi, 

I am infected by Spora Ransomware. I downloaded the latest version of CryptoSearch, the program refreshed the Network, but I can't find Spora in the Ransomware list to search for the Encrypted files.

Can you please advise.

 

Regards

 

Spora does not have any file extension or file marker to go by, so I'm afraid CryptoSearch won't be able to help in that case. The program only pulls in ransomware from ID Ransomware that have such indicators.

Edited by Demonslay335, 08 February 2017 - 12:27 PM.

the cryptoshield 2.0 virus  with .id and .QBP have word and pdf files encrypted.

 

If you pay bitcoin and how do you pay they wanted 2 , will the files open

 

http://www.enigmasoftware.com/cryptoshield20ransomware-removal/

 

they say  can remove with spyhunter, is that true

 

 

How can i remove that. ALL HELP IS APPRECIATED. thanks

 

 

 

 NOT YOUR LANGUAGE? USE http://translate.google.com

 What happens to you files?
 All of your files were encrypted by a strong encryption with RSA-2048 using CryptoShield 2.0. DANGEROUS.
 More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

 How did this happen ?
 Specially for your PC was generated personal RSA - 2048 KEY, both public and private.
 ALL your FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
 Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our secret server.

 What do I do ?
 So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions,
 and restore your data easy way.
 If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make  payment.

 To receive your private software:
 Contact us by email , send us an email your (personal identification) ID number and wait for further instructions.
 Our specialist will contact you within 24 hours.
 ALL YOUR FILES ARE ENCRYPTED AND LOCKED, YOU CAN NOT DELETE THEM, MOVE OR DO SOMETHING WITH THEM. HURRY TO GET BACK ACCESS FILES.
 Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
 So right now You have a chance to buy your individual private SoftWare with a low price!

 CONTACTS E-MAILS:
 res_sup@india.com - SUPPORT;
 res_sup@computer4u.com - SUPPORT RESERVE FIRST;
 res_reserve@india.com - SUPPORT RESERVE SECOND;

This is not a ransomware support topic.

You have already posted the above here. Please do not create duplicate postings and be patient until someone is able to answer you.

@Demonslay335,

 

if it became possible,

https://twitter.com/demonslay335/status/840335629397479424

will the Spora Detect be added to the CryptoSearch database?

I had to make a special plugin for it on ID Ransomware to calculate the CRC32 and match it against the potentially stored checksum, so it can't pass that behavior automatically to CryptoSearch. I've been thinking of adding it to CryptoSearch, but it will require a lot of work to make a similar plugin system. Maybe in the future though.

thank you will test this out tomorrow.... matrix ransomware got me, I really need help with this as there was no backup. thank you again.

I've released v0.9.5.0 that can identify files encrypted by Spora.

 

@Demonslay335,

 

What could be the reason?

 

 

Retrieving data from ID Ransomware...
Error retrieving ransomware data from network: The remote server returned an error: (403) Forbidden.
Retrieving data from local filesystem...
Error retrieving ransomware data from filesystem: (2) Не удается найти указанный файл: [\\?\e:\deshifr\Tools\CryptoSearch\cryptosearch-definitions.bin]

 

 

The site has been under DDoS attacks recently, so we've had to put CloudFlare into "Attack Mode". Should be temporary here.

The site has been under DDoS attacks recently, so we've had to put CloudFlare into "Attack Mode". Should be temporary here.

Any idea on an ETA? 

 

The site has been under DDoS attacks recently, so we've had to put CloudFlare into "Attack Mode". Should be temporary here.

Any idea on an ETA? 

 

 

It should be up most of the time, we just periodically have to put it into that mode as needed.