In Progress .kuus Ransomware corrupted all my files

Skumi231

Thread Starter
Joined
Jul 25, 2020
Messages
6
So i do not now how exactly it happened , i was watching a movie , and saw that my laptop is getting "Buggy" , when i closed Gom player
i saw all my files have extension ".Kuus" .
Now i've done a bit of reading and i am aware that this is like Computer difficulty=Matrix , but if anyone knows something about it , how to get my files back,
please help. I need only few folders from my computer so, any advice would help.
Also i am attaching the ransomware "readme" file hope it helps.
I tried the following :
- Full system scan with malware bytes
- Full system scan with windows defender
- System restore
- Changing the extension of the files back to the original ( <=== idiotic of me )
- And finally a fresh copy of windows
Thanks in advance , any help is very much appreciated
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,429
Hello Skumi123,

I`ve uploaded your ransom note and email addresses for payment to Emisoft for analysis, the returned information suggests the encryption maybe related to DJVU and maybe fixable...

Have a read at the following link for information and fix procedure...

https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Let me know if that helps...

We also need to check your system for remaining malware/infection...

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin..
 

Skumi231

Thread Starter
Joined
Jul 25, 2020
Messages
6
Hello Skumi123,

I`ve uploaded your ransom note and email addresses for payment to Emisoft for analysis, the returned information suggests the encryption maybe related to DJVU and maybe fixable...

Have a read at the following link for information and fix procedure...

https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

Let me know if that helps...

We also need to check your system for remaining malware/infection...

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin..
Ok so i Ran the program , the files are attached.. And i have Already read the article you sent me.. Unfortunately i have some never version of this virus. The extension .kuus is one that cant be cracked with the software they offer on that site...
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,429
Thanks for those logs, continue:

Create a Batch File and Run it:

Open Notepad. (Control Panel > Accessories > Notepad)
Copy/paste the following text into the empty Notepad test field.

Code:
@Echo off
Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
del %userprofile%\desktop\look.bat
Click Notepad's File > Save As , and In the dialog that pops up:
Choose location as Desktop.
Type in filename as look.bat
Underneath the filename, choose Save as Type > All Files (*.*)

Click OK

Now go find the file look.bat you just saved on your desktop.
Right click on the file look.bat on your desktop, select "Run As Administrator" to run it. If it asks permission, give OK.

NOTE: Two files will be put on your desktop - report.txt and repfiles.cab
Attach report.txt file to your reply..

You can ignore the repfiles.cab file for the moment, as it's only backup data.
 

Skumi231

Thread Starter
Joined
Jul 25, 2020
Messages
6
Thanks for those logs, continue:

Create a Batch File and Run it:

Open Notepad. (Control Panel > Accessories > Notepad)
Copy/paste the following text into the empty Notepad test field.

Code:
@Echo off
Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
del %userprofile%\desktop\look.bat
Click Notepad's File > Save As , and In the dialog that pops up:
Choose location as Desktop.
Type in filename as look.bat
Underneath the filename, choose Save as Type > All Files (*.*)

Click OK

Now go find the file look.bat you just saved on your desktop.
Right click on the file look.bat on your desktop, select "Run As Administrator" to run it. If it asks permission, give OK.

NOTE: Two files will be put on your desktop - report.txt and repfiles.cab
Attach report.txt file to your reply..

You can ignore the repfiles.cab file for the moment, as it's only backup data.
This is what i got
1596882061382.png
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,429
Fass Post Preview
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Also two files will be saved to your Desktop "report.txt" and repfiles.cab

Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top