.iGZa4C file virus ransomeware removal

[preshpr1nce]

Have you googled his email or contact method?
I would be careful expecting a result from a person doing this back in 2014.

[1714046743]

1714046743

[1714046743]

1714046743

[preshpr1nce]

googled everything! 

Its like it never existed until it got me. All google results now there because of me and this thread.

Do you have his wallet address? have you looked it up?

[cissrawk]

I cant find good information about this encrypted file on that site. I posted it on facebook group too but they dont know what is this ransom or how to decrypt it  .

[preshpr1nce]

All the info in first post , you should go look at TOR address. Very interesting stuff despite being a f**k**g nightmare.

Address is a new one generated just for me.

Would rather not go on to a tor website just to get his wallet address, can you post it here?

[preshpr1nce]

The website is the most interesting part and I think the clues are there somewhere. If your too lazy to check the site then I don't see this going well at all.

The issue now isn't about recovering your wallet through cracking it, I think your chances here are pretty well impossible without even knowing the ransomware responsible and the little information we have to go on.

The issue now is, do you waste $5000 for nothing, providing the wallet address means you can do a lookup, see when it was last active etc.

Right now, I'm thinking your $5000 will go to complete waste.

[Near28]

Lets just see what happens now , but I am 100% not paying ! If I lose 10.5 BTC its not the end of the world. Even tho just 10K is alot of money to me. People need to learn that BTC crime wont pay.

You are in a really shitty situation, I do not know how I would react. as I have already told you: I also talked to them and I do not think that's scam.
I also offered to send him 0.35BTC (Of course I would not have sent it to him, I just wanted to see how he reacted) but he refused with the same explanation he give you, everything is automated.
No idea, if all was fraud, he would have safely accepted the 0.35BTC.

I hope for you that you still find someone who can crack that - but unfortunately I see little to no chance.

[kahc]

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

SCAM alert!
You are right, I'm certain this is a scam.


There are just too many signs that point to scam:
 
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page,  the same fucking screenshots.

2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .

3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.

4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.

5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image  provided)
TS thought people would not notice since they can't do a whois-lookup?

[Rickorick]

There are two possibilities here:

1.  Needfasthelp123 legitimately has 10.5 BTC locked up in a ransomware attack and can't afford the 0.5 BTC necessary to get the decryption completed (or is intelligently is unwilling to pay the ransom).

2.  Needfasthelp123 is a scammer that has provided a fake encrypted wallet and is trying to trick greedy people into sending him 0.5 BTC. He is hoping that someone will try to pay the ransom thinking that they will be able to decrypt the wallet and take the 10.5 BTC.  In that case, he receives the 10.5 BTC, and the fool that pays the ransom discovers that the encrypted file is not the wallet that Needfasthelp123 claims it is.

Unless you are Needfasthelp123 (or are willing to lose 0.5 BTC), DO NOT PAY THE RANSOM!
Unless you have adequate collateral (or are willing to lose 0.5 BTC), DO NOT LOAN the funds for the ransom to Needfasthelp123!

Hopefully the OP is honest, and hopefully someone can either help him crack the encryption of SELL him the necessary funds.

SCAM alert!
You are right, I'm certain this is a scam.


There are just too many signs that point to scam:
 
1. How convenient that this http://www.fixallthreats.com/help-get-rid-igza4c-file-virus/ suddenly appears on search engine.
Lol, check their removal methods for all their malwares/viruses listed on their page,  the same fucking screenshots.

2. TS had the chance to decrypt one file for free and chooses to decrypt a QR image instead of his wallet.dat .

3. iGZa4C isn't mentioned anywhere before, because the name was recently made up by TS.

4. TS tries to play innocent and offers to send his wallet and password to the trusted escrow ognasty, and that anyone willing to give 0.1 BTC would get 0.25 BTC after the wallet is decrypted.
However an escrow wouldn't be of much help in this case, since the wallet.dat most probably is empty/fake.

5. http://igza4c6icqzboodb.onion got indexed 08.03.2018. (image  provided)
TS thought people would not notice since they can't do a whois-lookup?

Kahc, you're one smart ass motherfucka, nice one.

[kahc]

Near28 : offered the guy on the email 0.35 BTC and he declined it !! what scammer does that !!!!

I just seem to be the only person on the planet stuck with this shitty .igza4c crap on my wallet.

now that all your points are mute -    HELP ME PLEASE !!!! SERIOUSLY IV LOST 10.5 BTC !!!!!!!!!


Is it possible you have the skillz to download a whole TOR site ?

THIS IS NOT A SCAM - IF IT WAS I WOULD SEND THE WALLET FILE EVERYWHERE I COULD !

I DO NOT WANT ANYONE'S BTC - I JUST WANT HELP !!!!!!!!!!

This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.

[cissrawk]

Here is my reply from the proton mail address :


This ransomware should be dead, very weird... I'm really sorry about the situation but If we cooperate, I want to know a few things.
First I want to know who you are, then I want to know what exactly happened? I want to know the coordinates of the computer and the exact time of the activation of the ransomware.
I also want to see the value of this registry keys WinService on this path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The value looks like this: "C:\Windows\System32\FOLDERNAME\.exe"
I need to know the NAME of the folder in which the .exe file is located.
These details are important to me, so I'll know if you're a friend or an enemy. I don't need your money and if you're on the right side I'll help you free. if you're an enemy, fuck yourself, your money works against my people and my help would be contradictory.
I hope I was clear, that's fair! I'm sorry but I have a lot of work. Please be clear in the response if you want help.
Salute


any idea what some of this means ? any clues ?

This mean for pc that still infected with ransomware which "??.exe" is ransom software that active on your pc background.

[Near28]

This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.

However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.

[kahc]

This is exactly what caught my attention to investigate.

Either Near28 is you alt-account or you are actually the guy behind the proton email-address replying him.
You trying so hard to act like you are the victim backfired.

Good luck with your scamming.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?
If you had read the whole thread, you would have seen that the whole story looks strange to me as well - That's why I sent an email to the operator of the onion site - to see how he reacts.

However, I can not help the TS - So I stay away from the thread before the next "investigator" comes and suspects me for no reason.

You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.

What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.


You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.

If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.

[imjustagirl]

Seriously, if the guy was legit, he would just post his encrypted wallet.dat file instead of his qr code.
He claims the wallet file is password protected, so I see no reason not to give it to anyone who wants to crack this type of encryption. There is a password protected file with 1 BTC in it, which nobody has cracked, so this is safe.

[Near28]

You are welcome, the whole story doesn't looks strange to me, it looks exactly like a scam attempt.
You are just too blind to see.

What did you accomplish by sending that email? Let me tell you, nothing at all.
TS is the one behind that email and playing you like a fool.

You know what, what about you bet with me?
A symbolic amount of 0.1BTC, of course we will use a trusted escrow for that.

If TS can't provide a signed message from his address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx within 3 months time, I win.
Otherwise you win.

I do not care what you think, I never defended the TS. Your allegations against him are not my problem.

And now I'll explain it in detail because you are too blind to see it.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?

refers only to that:

Either Near28 is you alt-account....

Roger that? Because slowly it gets annoying.

[kahc]

I do not care what you think, I never defended the TS. Your allegations against him are not my problem.

And now I'll explain it in detail because you are too blind to see it.

Thanks for the accusation but next time let it be if you have no proof and only suspect because.. because of what?

refers only to that:

Either Near28 is you alt-account....

Roger that? Because slowly it gets annoying.

You clearly are blind.
Did you notice the "Either Near28 is you alt-account OR you are actually the guy behind the proton email-address replying him", that makes you a suspect at best.

I accused TS, and suddenly you make it all about you, so you are TS after all?

[kahc]

Can some like admin not look at see who is who and get the guy tuned quick lol

I just got home gimmie a few mins will get the wallet posted

Lucky as this crap makes ppl read the thread from the start !! go now if you ended up here lol

The more people see this, less people fall for your scam.

Looking forward to that day you send a signed message from this address 13Lo5aZDZuEm4qVF478KfWJUvi9JCDngAx .

[akes2090]

@OP: Let me be very frank and honest with you:

Anyone here who will mention that they can decrypt the files - is talking shit purely because they 1) just want to get your wallet.dat hoping that they can get lucky, or, 2) have no idea what they are talking about.
You can quote me on this: no-one, and I repeat NO-ONE will be able to decrypt your files. You can try to prove me wrong - but before that go take a primer in basic cryptography, specifically asymmetrical encryption to see why it is impossible to decrypt a message without having the signing private key. Unfortunately for you- the only person/people having this private key are those who have written the malware/ransomware. So basically - if you cannot get at least the latter (i.e.: actual ransomware app used for encryption) for someone to reverse engineer and extract the private key used for signing - I am afraid you are solely at the mercy of the people that have created the ransomware.

For anyone else now who will be able to claim that they can decrypt the OP's wallet.dat - please send me a PM, I will make you famous for being able to do the impossible.

@OP: If you someday can find the actual ransomware app - let me know, I am a Certified Ethical Hacker, and have reverse engineering skills. I make no promises of being able to extract the private key (assuming it is embedded therein without heavy code obfuscation) but will do it for you for free - I don't expect remuneration for helping someone.