Jump to content
You are not logged in ▶️ Click here to sign-up or login ×

KODG Ransomware virus

DPKANKAN

By DPKANKAN
in IT and Computers

Recommended Posts

DPKANKAN Silver Member

DPKANKAN

Posted
Posted

Ok people. For my sins I do some volounteering here. (Actually, 'personal research' because I cannot even volounteer).
Well, the computer I used got hacked by a Ransomware virus. The KODG virus. Not sure how it got in because I rarely use the internet, but backtracking, trying to do a reset, an unusually timed Windows Update started, about the time the virus hit.
There was no ransom request, just a sleuth of programmes opening and it went berserk.
Having found the name I googled it, found out about it and set about getting rid. Downloaded an anti-malware programme, started it in safe opening mode and it started running. However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode.
Local and 2 in Bangkok, Thai computer companies, said they cannot do.
Is there any computer whizzkids out there please who has any knowledge of this and could help.
Thanks

Link to comment
Share on other sites
chrisinth Ruby Member

chrisinth

Posted
Posted
1 hour ago, DPKANKAN said:

However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode.

?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself?

Link to comment
Share on other sites
DPKANKAN Silver Member

DPKANKAN

Posted
  • Author
Posted
2 hours ago, chrisinth said:

?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself?

The wifi dongle. Safe opening mode has to be initiated at startup to restrict files opened and is a troubleshooting mode.

Link to comment
Share on other sites
DPKANKAN Silver Member

DPKANKAN

Posted
  • Author
Posted
2 hours ago, Eindhoven said:

 

Do you have files to save/decrypt? 

 

If not, just run a clean install of Windows 10.

 

Not going to ask about back-ups....

 

https://sensorstechforum.com/kodg-virus/

 

It appears the usual decrypters aren't yet up to speed;

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

 

There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year.

Link to comment
Share on other sites
Eindhoven Platinum Member

Eindhoven

Posted
Posted

  

34 minutes ago, DPKANKAN said:

There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year.

 

It looks like that is exactly what you asked. 

 

You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware.

 

Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted).

Link to comment
Share on other sites
DPKANKAN Silver Member

DPKANKAN

Posted
  • Author
Posted
12 hours ago, treetops said:

Create a bootable memory stick and boot from there.  Your hard drive should appear in a file manager.  Can you access the "important files" from there, even if it's just to copy for use elsewhere?

Will look into that thanks. Was wondering whether you could put an ante malware app on something like that to boot it in to the system to decrypt the damaged files.

Link to comment
Share on other sites
DPKANKAN Silver Member

DPKANKAN

Posted
  • Author
Posted
11 hours ago, Eindhoven said:

  

 

It looks like that is exactly what you asked. 

 

You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware.

 

Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted).

They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data.

Link to comment
Share on other sites
topt Ruby Member

topt

Posted
Posted
2 hours ago, DPKANKAN said:

They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data.

I don't know if you have already seen this (and I have only quickly perused it) but it may offer some help?

https://howtofix.guide/kodg-ransomware-removal/?cn-reloaded=1

 

Probably worth checking the authenticity of the site as well.

Link to comment
Share on other sites
Eindhoven Platinum Member

Eindhoven

Posted
Posted

Swap a

2 hours ago, DPKANKAN said:

I was aware of that from my first Google of the virus.

 

So? What is it that you are trying to do?

 

Have you run Emsisoft Decryptor for STOP Djvu or are you hoping that someone here has written their own de-encrypter?

 

If they used an offline key, then you have a chance to recover. If not, ......

 

Swap your drive for a new solid state drive and start again. Keep the old drive for if someone ever gets a hold of the private key(if one has been utilised).

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

It is shocking to see someone these days without any decent anti-virus / malware protection.  I have run AVAST (the paid professional version) for a decade, and never one problem ... and I am on the internet 24/7.  You may want to begin by installing their free version, running a "Boot Level Scan" and wait to see the results.

 

https://www.avast.com

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...