Looking for a Solution against "MOQS" malware

Discussion in 'Lounge' started by Olymoon, Jul 29, 2021.

  1. Olymoon

    Olymoon MODERATOR Staff Member

    Joined:
    Jan 31, 2012
    Messages:
    4,789
    Likes Received:
    3,460
    Hi guys and girls,
    One of our member have got his computer's hardrives locked by "MOQS" malware.
    He have a lot of Kontakt libraries and other very important files in there.

    We are looking for help to unlock it without paying the hackers.

    Please if you have experience with this, contact me by PM.

    Thank you
     
    • Interesting Interesting x 2
    • List
  2.  
  3. BigM

    BigM Producer

    Joined:
    May 21, 2021
    Messages:
    361
    Likes Received:
    119
    Location:
    Heaven Of Warez
    According to my mini research it's pretty much impossible to recover files if they are encrypted with an online key (new virus).

    But if it's not (encrypted with offline key) you can try emisoft decrypter even results are not guaranteed.

    It's impossible to decrypt sha or rsa encryption without the private key. Because they're military grade encryption.

    That's why using a virus guard is crucial for atleast windows users nowadays.

    Sorry if i told nonsense without helping, but decided to tell before another one fall in.:bow:
     
  4. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    Unfortunately, that is absolutely correct. I was also a victim of ransomware from the same group of encryption Trojans last year. MOQS is from the STOP/DJVU group. Files encrypted with it can only be decrypted if the computer was offline while the encryption was taking place. But even then, only with luck, if someone sends the offline key to Emisoft and they include the key in the database for their decryption tool "decrypt_STOPDjvu.exe".

    But he can try the tool.
    https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    BTW...I bet he got this ransomware from a Warez Website where all the downloadable Archives are protected with the password "123". There are thousands of those websites actually active to spread this shit!
    If you ever download something from a source you dont know and its archives has this PW...better dont execute it!
     
    Last edited: Jul 29, 2021
    • Useful Useful x 3
    • Like Like x 1
    • List
  5. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    7,798
    Likes Received:
    5,617
    Please read it:

    1.) Remove MOQS ransomware (Virus Removal Guide)

    If you cannot open your images, documents, or files and they have a .moqs extension, then your computer is infected
    with the STOP/DJVU ransomware. The MOQS ransomware is a malicious program that encrypts the personal …

    Written by: Stelian Pilici / Published on: July 20, 2021

    https://malwaretips.com/blogs/moqs-virus-removal/


    2.) Moqs Virus Removal Guide (+Decrypt .moqs files)
    https://adware.guru/moqs-ransomware-decrypt-files/
     
  6. tnc

    tnc Kapellmeister

    Joined:
    Jun 16, 2011
    Messages:
    123
    Likes Received:
    61
    Location:
    New Zealand
    I don't understand why people don't backup? Just do it. Now. It doesn't cost that much and the software do it with is freeware.
    I mean, your computer can get stolen or your house can burn down or whatever.

    Anyways, Emisofts Stop-DJVU is the best tip in this situation. If the key is offline it should be pretty easy to get it back.

    Annoying YT-video but it shows how to do it:
     
  7. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    Yes...This is how to remove it. But you dont need the Tool thats mentioned in the second link and you also should not install it because it comes with a lot of bulkware loaded and will change your browser settings etc. And finally, its only a trialversion that will not fix anything in trialmode.

    But nevertheless when it comes to decryption they also simply link to the Emsisoft Encryptor...and this will not work for encrypted files that are encrypted with an online key.

    The result of the emsisoft Encryptor will look like this:
    [​IMG]
     
    Last edited: Jul 29, 2021
  8. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    7,798
    Likes Received:
    5,617
    Thanks for the explanations - what about the links I posted. All nonsense ?
    Randomware attack and hard drive lost forever? Please convince me - I want to form an opinion.

    Better man provides:
    - An expensive elementary insurance in the event of floods and earthquakes.
    - And in the case of ransomware, a complete backup of the hard drive on another hard drive.
     
  9. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    Not complete nonsense. The first link is very informative for removal. You can read it to find out to manually remove this Trojanor use the malwarebytes free tool. But for the second link...do not use the "GridinSoft Anti-Malware"! Its crap!
    But when it comes to decryption, both links are useless as there is simply no solution, if the files were encrypted with an online key. Otherwise try the Emsisoft Tool I linked to above. But dont exspect to much.

    No..your OS will run also if you had a ransomware attack..these ransomware only encrypts typical user files like picture, textfiles, XML, rar, zip, mp3, wav etc. If this also would kill your OS you wouldnt be able to read their message what to do to get your files back.
     
    • Agree Agree x 1
    • Interesting Interesting x 1
    • List
  10. BigM

    BigM Producer

    Joined:
    May 21, 2021
    Messages:
    361
    Likes Received:
    119
    Location:
    Heaven Of Warez
    Those articles are not complete, there are two versions of this virus , old one encrypts data with an offline key and new one with an online key.that decryptor only works with the old one but it's also not easy at all.

    With new virus it leaves a readme.txt which contains instructions from hackers , they force you to pay $998 for your own decryptor if you contact them within 72 hours they will provide 50% off as they mentioned. But trusting them is a complete joke.

    Even if you're a pro hacker with a quantum computer it almost take more than 8 years to decrypt them yourself.

    The best and secure ways to protect your data are,

    Using a good virus guard
    Always backup important data and avoid unknown sites.

    Be safe:bow:.
     
    • Interesting Interesting x 1
    • Useful Useful x 1
    • List
  11. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    7,798
    Likes Received:
    5,617
    Thank you for the useful information.
     
  12. BigM

    BigM Producer

    Joined:
    May 21, 2021
    Messages:
    361
    Likes Received:
    119
    Location:
    Heaven Of Warez
    But i found a site saying that virus changes some registry settings and your host file to block some sites.

    Don't know exactly what it does to your os.
     
  13. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    Thats not quite correct. There is no tool to decrypt files that are encrypted with an online key. It doesnt matter if old or new variants of STOP/DJVU. The only chance if you recognize that a process is slowing down your computer is, to go offline immediately and go to your Taskmanager and kill the process that consumes most of your CPU power. After that you can remove the Trojan and try the Emsisoft Tool. Maybe its able to decrypt some of the files that had been encrypted after you disconnected you computer from the internet. The other files are lost forever if you dont pay the hackers. If the fies are really important, you can send 1 file to them and check if they are really able to bring them back. In my case I was even able to send them 2 files which were really important fo me. The rest of the files were replacable because I had a backup or they werent really important.
    After they sent me back my 2 files I wrote "Thank you for recovering the only 2 important files" and "FcK you idiots" :D
     
    • Like Like x 1
    • Disagree Disagree x 1
    • Interesting Interesting x 1
    • List
  14. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    Yes, thats correct, but this can be solved and repaired by the malwarebytes tool. Of cause its better to resetup your computer completely.
     
  15. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    But after all always remember. Dont download from Warezsites you dont know. And if you do, never execute a file that is packed and uses a password "123". These Ransomware is actually spreaded all around the web. And the PW is always the same. This is to prevent the file from been recognized and deleted by your antivirus program.
     
  16. Valnar

    Valnar Platinum Record

    Joined:
    Feb 21, 2020
    Messages:
    623
    Likes Received:
    262
    I think it has anything to do with the constant password.
    There are injected Archive files (even images), there are also obsfucated malware apps that print their code in your memory and execute it there giving your antivir no chance to react, those are the things to look out for
     
  17. BigM

    BigM Producer

    Joined:
    May 21, 2021
    Messages:
    361
    Likes Received:
    119
    Location:
    Heaven Of Warez
    Sorry that was my mistake, i wanted to say that emisoft tool is the only tool that seemed to work at least for some files that are encrypted with an offline key.

    Of course resolving hosts file is easy,

    But the real fact is these virus things are getting more harmful than ever. Downloading unknown files from all over the net is pretty risky now.

    That's why i love sister site alot:wink:.
     
  18. raps

    raps Member

    Joined:
    Oct 15, 2020
    Messages:
    28
    Likes Received:
    7
    If at all possible it would be good to let us know how you got infected, so we can be aware of what not to download or open etc.
    In my experience I don't open or download anything that is not from a trusted source which includes warez.

    Also I never use a cracked Operating System as a number one rule, even if the poster or the person who created it says it is safe as their are loads of ways to inject nasty virus in it without your Antivirus detecting it.
     
  19. lukehh

    lukehh Audiosexual

    Joined:
    Jun 22, 2012
    Messages:
    1,008
    Likes Received:
    550
    I already wrote what kind of warez/Keygens you should not download.


     
  20. Howard Carpendale

    Howard Carpendale Platinum Record

    Joined:
    Feb 2, 2021
    Messages:
    594
    Likes Received:
    246
    Location:
    .de
    but how got the persons puter mentioned by op infected and how much they want for the unlocking ?
     
  21. Obineg

    Obineg Platinum Record

    Joined:
    Dec 7, 2020
    Messages:
    636
    Likes Received:
    220
    1.) +1

    2.) and stop listening to people who tell you that getting malware by downloading warez or browsing websites would be impossible and that you dont need to use antivirus software on a windows machine.
     
Loading...
Loading...