ransomware help

[zr239]

Hey guys. I've managed to get myself into quite a tricky situation. Gandcrab Ransomware 5.0.3 is on my computer, and has encrypted my entire hard drive. I've tried a system restore, it did not work. I have tried malwarebytes clean as well, that has not worked either. Any solution for me or am I gonna be reinstalling windows 10? thanks

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Are you receiving any messages about your encrypted files?

[zr239]

Thanks for your response. I'm a little bit confused on instructions. My computer can actually run and can access the internet, it's just that all my files are encrypted. Can you please tell me what to do next? Thanks.

[zr239]

and forgive me for not saying this before, but yes I do have a ransom message.

This is it:

---=    GANDCRAB V5.0.3  =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

   *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .UVZUNHFDSX   

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/4697b9e8305fadd1                       
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------                   
   

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAADVDrnqN9T7mhd9xx+gll0bQ8xS60aF1yCgHBqDRD7rgZ9SZlY8bHw9D75nwBVN+iGzXr559necraMwxAqP2Jfg7ohCGhAuK+2gpSqHiWadFmWQGSxe7YzYNXuyP0ohnymDNwHqhtsWfg476kByDrmzx9jlkEoARmYGSz9J3eZ/ufzN+PhmAwwf7X00zR1I6wFc9IZcoOuIumK+npbUmcst6PQ+DkDpxq+68UDoyzQf1cgSjgl0Rm36OQLv+NYApg8NgSsj5au5wPnYZHd74gjQpR+hjNsGVuEvI9KngPpbX4Js/BERE9lDL2nNuk+nGdYsCfE7I4YGo4n0sSHs2NqCb/+z9DYt/ag4T5AVQxBFnoxlP5q04ls4GHber++0+E6SNo4ao2yQzZ3sSWjFNLgxoWGuxYGmI3I00L3eU2TcNkYolm1uCvbIjmS40ADdjsyYTvjuVPAu/fmk3MXCEEJIbd9qSrrUWCzsavhjddp3RX4enZxAoGY8OHZYDbOah6ekOecGkSJVDRl5Of68mTJ1p6dcq/WQfkcIfTIwXd8YQYZHs/SJovEVY14SwzQ9hIWK6P0lRdIIvqrZmG+OShCPzQalI7AKR0hfUxPSwohJxI4gTbgpCQ8z5xFBdjimRqBVm5k1hX0ovDhSw/tcHegEWO57sd4S7MbAo5eqUYbFebsi7xk8U3NN/uVB9afsjVH16Cn1i2/qB93ifFbq51m3aMxKGP7/1GRF9c9OzhQXuc0tAowHsoDCaspjGwRwxzhnzgqLzEalrwzF2WYpLKV6Enib8U6sn8nqfQFiSIQyhnus4BwjBIVW8iiwvNn6yhOI3Fhrwfpp23qR+Gc0uHszR/ZFh2FMynaTEWdLgfa82gTxGH9jqMtqPI0q7BxWglPEKL2vcsS1omhHx7Sa2ztP9AYSFZcDpzuXG98S8z9THkcXdJXIPmnbbnVTByvdAgbq9fvGVvpeEnPBBYDeGBwtqV9Plm53NKSGgDKlVJ9akkdyeKHdc3vJJje5WCFuMLmkvicRuZPkz0fGrFO6RVJKM856RJa/WTvQhu7di3F9XJx2biP0kgrBxT2QAsBJxv83yXg4pWwNL27DEr3Wm0BCigeo4tPlj4kLVCBRGTFMxC9xw4w928VGSegfOv3KBu5P9mRecqve+m79QJJ+ThiNXQBQwMzTnqQgf4+g0tg0Ps37vi9+1EVVxaatEqyOJb+aoV6kIk36sfvztLJKHfwTKvEdpDNGbDEAlKU0ZjPM5ySpAddNXMNs+1JJ6CNvOwm/M0pVcl01KXU8d2z5q9u6ZOaIeb8VWVBmC2nc6WXpY6cHDCZcIeGRVkyXZWYDTnhu8SYSMKKSbw85Uh+4iZ1/kTlvSRnV/FvyOO8/5AwPS8FukrK9lr7I9zj+gqkADDwLEKY2ejZVTKxK+2D6HFkjPyGHpjFKMZ6AyoCFLDWZgdWglD4m7AqtLlyqwSbxU6ytz0HFFH+oKFNuvzPfzuau1sK2TEXkpgK/PsjV40sAQMIuCiuTsIV7VOGK5Se+pnvCFZXpK8KTaz7/rYlw+GC3YmQzMJADv8+RP18dI3th0cooOf+pO7l3Hz3T0jsczeO5OHd4xJDq3sBCYdDq2UX2uWX7pvah+S+ifsiW4BVpTEBXa2DO+eagl21OdZA9TV6jhhppdahPunUo1GiNQM+6yac28AXD8c0nTGyhUoGIUPKhhguoG8BaG8NBj4mn5EgiXuNGofiOQMqQ3ncuxU3bgjNZKNEGlK2kONkpcGdRjPYUUTLZM0u4h87GCi31PR5AhbIOouVoh3G4npEsOiGMJ88hjyAokN/GtT9D7ILjJBYSIloGUYwXqer7+GUpBmdKsRk1+WBPI7dzdFjtup+VSOWVlf67rz7oFYppxfvHrxQyLihgB7/6x846mDKfGN2kgphJvDMp9gbmwZxNWOJMU9ekQHMVpSHKnI4+BlNvcykhNzdvbFyILF0Amex141bk7hrUKJT4+JBNZta4DaQqfQJc9VpYOVaKnNEkS7tg7nzYZLSlO9k0qj8WPqJem0xW6RzFXL14NyhVZUVoGvoClok9DX3qETpIYiDxx/Fg0IXsaR+U8WL6lkslW9E92u4rmwJrITYLIsK5xhl2GzujX1J6OhcGc8nxsW/NBhEICzwLdXLlI/H5onzXY+6KmAgIJVF6ZXaEBHgTB/svKaEVu5HRFoVTfbAY2hQkuPwnJui+QP7pwP/eRmURA+k/U33VGtYQ=
---END GANDCRAB KEY---

---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U5yxGlatOXrtxzxiOuL 12FYqvNmWPB5KYaxd5ZYqTo1RrHZ57khWhrfKTE aH0h51BIrznNNY75j6ckG1DALiKpJD8/LFEP//mAioMpA/LuWj+vxI2XfxI5KkiqChSET3AroAg7ZOOKCX8LnXbW8kZnQ2bYaWrMDzYZxYRKTMxvIpJY5r28KAR1KIZBBV5APSuUzcZiIm2LSMJUOoMJkP2opcLFSTBJxOmokod3ZkP7k/XfrM1tBzlzaljZ5ARHhvl7RnWd0iCAQxZg7CDNIr6H16Sn7FGQ/zkfgtFNi/qcantLql56Vi5bF2kV7BouL1/zg2Uut5GoZYA1raBnPtoBHSEd8bqCcV4ou4Mqa0Y8Nyaoyj2X6il5RKTTsqOlO+JJQJ+5E8wIYoCRO7nKU+fO4mANef+GFCg8NrIQ3gxAdKxw70Zi/pCBFF3vXLMeag1wAZLnQeRlSKejnZ1lLgfH8PmUHfnSz3QUxnn7I4lpawv3IDVY/peTfifFccOcAxPxlN238CQ3zC2qZHEvXtakj9BctMLpGsHsUOIr/DRdwPuol+V73u5bPezJf9a3ZBh5cztOwWRfBtDf+LbmPW4uI=
---END PC DATA---

[SuperDave]

No one to date has found a method of decrypting files that have been hit with Ransomeware except to pay the ransom. I hope that you have made a backup of your important files. This should be done on a regular basis by backing up to an external drive of memory stick. We are sorry that we cannot be of more help. Your only solution at this point is to re-install your Windows 10.