DPKANKAN Posted December 9, 2019 Share Posted December 9, 2019 Ok people. For my sins I do some volounteering here. (Actually, 'personal research' because I cannot even volounteer). Well, the computer I used got hacked by a Ransomware virus. The KODG virus. Not sure how it got in because I rarely use the internet, but backtracking, trying to do a reset, an unusually timed Windows Update started, about the time the virus hit. There was no ransom request, just a sleuth of programmes opening and it went berserk. Having found the name I googled it, found out about it and set about getting rid. Downloaded an anti-malware programme, started it in safe opening mode and it started running. However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode. Local and 2 in Bangkok, Thai computer companies, said they cannot do. Is there any computer whizzkids out there please who has any knowledge of this and could help. Thanks Link to comment Share on other sites More sharing options...
chrisinth Posted December 9, 2019 Share Posted December 9, 2019 1 hour ago, DPKANKAN said: However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode. ?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself? Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 9, 2019 Author Share Posted December 9, 2019 2 hours ago, chrisinth said: ?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself? The wifi dongle. Safe opening mode has to be initiated at startup to restrict files opened and is a troubleshooting mode. Link to comment Share on other sites More sharing options...
Eindhoven Posted December 9, 2019 Share Posted December 9, 2019 Do you have files to save/decrypt? If not, just run a clean install of Windows 10. Not going to ask about back-ups.... https://sensorstechforum.com/kodg-virus/ It appears the usual decrypters aren't yet up to speed; https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 9, 2019 Author Share Posted December 9, 2019 2 hours ago, Eindhoven said: Do you have files to save/decrypt? If not, just run a clean install of Windows 10. Not going to ask about back-ups.... https://sensorstechforum.com/kodg-virus/ It appears the usual decrypters aren't yet up to speed; https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year. Link to comment Share on other sites More sharing options...
treetops Posted December 9, 2019 Share Posted December 9, 2019 Create a bootable memory stick and boot from there. Your hard drive should appear in a file manager. Can you access the "important files" from there, even if it's just to copy for use elsewhere? Link to comment Share on other sites More sharing options...
Eindhoven Posted December 9, 2019 Share Posted December 9, 2019 34 minutes ago, DPKANKAN said: There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year. It looks like that is exactly what you asked. You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware. Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted). Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 10, 2019 Author Share Posted December 10, 2019 12 hours ago, treetops said: Create a bootable memory stick and boot from there. Your hard drive should appear in a file manager. Can you access the "important files" from there, even if it's just to copy for use elsewhere? Will look into that thanks. Was wondering whether you could put an ante malware app on something like that to boot it in to the system to decrypt the damaged files. Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 10, 2019 Author Share Posted December 10, 2019 11 hours ago, Eindhoven said: It looks like that is exactly what you asked. You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware. Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted). They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data. Link to comment Share on other sites More sharing options...
topt Posted December 10, 2019 Share Posted December 10, 2019 2 hours ago, DPKANKAN said: They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data. I don't know if you have already seen this (and I have only quickly perused it) but it may offer some help? https://howtofix.guide/kodg-ransomware-removal/?cn-reloaded=1 Probably worth checking the authenticity of the site as well. Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 10, 2019 Author Share Posted December 10, 2019 3 hours ago, topt said: I don't know if you have already seen this (and I have only quickly perused it) but it may offer some help? https://howtofix.guide/kodg-ransomware-removal/?cn-reloaded=1 Probably worth checking the authenticity of the site as well. Thanks I'll have a look!! Link to comment Share on other sites More sharing options...
Eindhoven Posted December 10, 2019 Share Posted December 10, 2019 6 hours ago, DPKANKAN said: They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data. As I told you...removing the malware does not decrypt the data. Link to comment Share on other sites More sharing options...
DPKANKAN Posted December 11, 2019 Author Share Posted December 11, 2019 19 hours ago, Eindhoven said: As I told you...removing the malware does not decrypt the data. I was aware of that from my first Google of the virus. Link to comment Share on other sites More sharing options...
Eindhoven Posted December 11, 2019 Share Posted December 11, 2019 Swap a 2 hours ago, DPKANKAN said: I was aware of that from my first Google of the virus. So? What is it that you are trying to do? Have you run Emsisoft Decryptor for STOP Djvu or are you hoping that someone here has written their own de-encrypter? If they used an offline key, then you have a chance to recover. If not, ...... Swap your drive for a new solid state drive and start again. Keep the old drive for if someone ever gets a hold of the private key(if one has been utilised). Link to comment Share on other sites More sharing options...
Guest Posted December 11, 2019 Share Posted December 11, 2019 It is shocking to see someone these days without any decent anti-virus / malware protection. I have run AVAST (the paid professional version) for a decade, and never one problem ... and I am on the internet 24/7. You may want to begin by installing their free version, running a "Boot Level Scan" and wait to see the results. https://www.avast.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.