Jump to content

Recommended Posts

Posted

Ok people. For my sins I do some volounteering here. (Actually, 'personal research' because I cannot even volounteer).
Well, the computer I used got hacked by a Ransomware virus. The KODG virus. Not sure how it got in because I rarely use the internet, but backtracking, trying to do a reset, an unusually timed Windows Update started, about the time the virus hit.
There was no ransom request, just a sleuth of programmes opening and it went berserk.
Having found the name I googled it, found out about it and set about getting rid. Downloaded an anti-malware programme, started it in safe opening mode and it started running. However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode.
Local and 2 in Bangkok, Thai computer companies, said they cannot do.
Is there any computer whizzkids out there please who has any knowledge of this and could help.
Thanks

  • Sad 1
Posted
1 hour ago, DPKANKAN said:

However, it blew up the computer dongle and nothing more. Restarted and straight to safe opening mode.

?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself?

Posted
2 hours ago, chrisinth said:

?? Which dongle did it blowup and what do you mean by 'safe opening mode'? Did the computer go straight to safe mode after restarting by itself?

The wifi dongle. Safe opening mode has to be initiated at startup to restrict files opened and is a troubleshooting mode.

Posted
2 hours ago, Eindhoven said:

 

Do you have files to save/decrypt? 

 

If not, just run a clean install of Windows 10.

 

Not going to ask about back-ups....

 

https://sensorstechforum.com/kodg-virus/

 

It appears the usual decrypters aren't yet up to speed;

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

 

 

There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year.

Posted

Create a bootable memory stick and boot from there.  Your hard drive should appear in a file manager.  Can you access the "important files" from there, even if it's just to copy for use elsewhere?

Posted

  

34 minutes ago, DPKANKAN said:

There are several important files so cannot just clean it. I would have not asked the community just to clean it. Their operating system is windows 7 for which support is being stopped in the new year.

 

It looks like that is exactly what you asked. 

 

You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware.

 

Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted).

Posted (edited)
12 hours ago, treetops said:

Create a bootable memory stick and boot from there.  Your hard drive should appear in a file manager.  Can you access the "important files" from there, even if it's just to copy for use elsewhere?

Will look into that thanks. Was wondering whether you could put an ante malware app on something like that to boot it in to the system to decrypt the damaged files.

Edited by DPKANKAN
Posted
11 hours ago, Eindhoven said:

  

 

It looks like that is exactly what you asked. 

 

You certainly didn't mention decryption. It could be that the files weren't yet encrypted. Encryption isn't the first action of the malware.

 

Removing the malware(about which you wrote) does not decrypt your files(if they are encrypted).

They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data.

Posted
6 hours ago, DPKANKAN said:

They were encrypted from the start. Hence the .kodg file tag that I noted in my post. That is what I am looking to remove to recover data.

 

As I told you...removing the malware does not decrypt the data.

Posted
19 hours ago, Eindhoven said:

 

As I told you...removing the malware does not decrypt the data.

I was aware of that from my first Google of the virus.

Posted

Swap a

2 hours ago, DPKANKAN said:

I was aware of that from my first Google of the virus.

 

So? What is it that you are trying to do?

 

Have you run Emsisoft Decryptor for STOP Djvu or are you hoping that someone here has written their own de-encrypter?

 

If they used an offline key, then you have a chance to recover. If not, ......

 

Swap your drive for a new solid state drive and start again. Keep the old drive for if someone ever gets a hold of the private key(if one has been utilised).

Posted

It is shocking to see someone these days without any decent anti-virus / malware protection.  I have run AVAST (the paid professional version) for a decade, and never one problem ... and I am on the internet 24/7.  You may want to begin by installing their free version, running a "Boot Level Scan" and wait to see the results.

 

https://www.avast.com

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...