Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
This topic is locked
Member
Hi
I download videos from YouTube using 4K Video Downloader. Of late, the speed of my system has decreased, and Kaspersky, which I had installed, has vanished. I am unable to delete certain files and am getting a )x80004002 error.
I attach the FRST and Addition files for your examination.
Kindly assist. Thanks in advance.
FRST.txt 8.55KB
249 downloads
Addition.txt 20.2KB
239 downloads
Global Moderator
Hi and welcome 
According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.
Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).
There is more information in these news articles.
Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.
However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
Member
Hi and welcome
According to Windows Defender, the computer is infected with the Sodinokibi (REvil) Ransomware. The FRST.txt log appears as incomplete, Perhaps as the result of this infection. The only way out of this will be to erase the harddrive and reinstall.
Any files that are encrypted with Sodinokibi (REvil) Ransomware will have a random 5-10 alpha-numerical extension (i.e. .p67867, .23qp1, .3y23s, .hg6u62, .6w414c6q2, .f2frgo8q, .95n6l1en0i) appended to the end of the encrypted data filename and typically will leave files (ransom notes) named [random extension]-readme.txt (i.e. .llwczs61-readme.txt, .f2frgo8q-readme.txt) or [random extension]-HOW-TO-DECRYPT.txt as explained here by Amigo-A (Andrew Ivanov).
There is more information in these news articles.Unfortunately, there is no known method at this time to decrypt files encrypted by Sodinokibi Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced.
- Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
- Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam
- Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising
- Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
- Sodinokibi: The Crown Prince of Ransomware...Analysis of the Attack
- A Look Inside the Highly Profitable Sodinokibi Ransomware Business
However, Coverware, a partner with the No More Ransom Project, has indicated they may be able to assist some business victims for a fee but they can only do this after paying the criminals...see Sodinokibi Ransomware Payment & Decryption Statistics.
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
Global Moderator
You are welcome
Global Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
|
Hardware →
Smartphones and Tablets →
Samsung personal smartphones - hackingStarted by Cremebrulee54 , 26 Jan 2025  malware, hacking
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
personal laptop showing unauthorized activity [Solved]Started by Cremebrulee54 , 21 Jan 2025 Malware, Spy
|
|
![personal laptop showing unauthorized activity [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Lingering Windows Script Host errors [Closed]Started by LegionXIX , 21 Aug 2024 malware, wscript
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Possible Malware infection - help request [Solved]Started by Maffu , 07 May 2023 malware, advapi and 1 more...
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Help getting started checking laptop for malware [Solved]Started by triedeverything , 12 Apr 2023 help, malware, spyware
|
|
|
0 members, 1 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
