.iGZa4C file virus ransomeware removal

[BitMaxz]

I experienced to remove encrypted files or infected PC with ransomware before I use 2 types of tools, one is kaspersky ransomware decryptor and the other one is Hiren's Proteus, which is paid version. I don't know if the free version of hiren's can remove the latest ransomware but you can try.

Try this first https://noransom.kaspersky.com/

There are different tools of decryptor in kaspersky and try them 1 by 1 because we don't know what type of ransomware you have.

You can try the hiren's for scanning your pc on bootable built in os and scan using avira and you must choose clean or fix only Do this at your own risk because if you choose to delete/remove some of your system files could be deleted that can affect your pc boot up.

You can download the free version of hiren's here https://www.hiren.info/pages/bootcd

But you need an extra usb flashdrive or cd to burn hiren's bootcd.

This tool is for technician only, but if you wanted to repair and remove viruses and malware to your pc this tool could help.

Honestly, I am using the hiren's proteus version which includes premium tools than a free version. However, you can try the free version.

[1714028200]

1714028200

[1714028200]

1714028200

[1714028200]

1714028200

[1714028200]

1714028200

[1714028200]

1714028200

[1714028200]

1714028200

[grafich]

your encrypted file is only qr code of your address? LOL

https://prnt.sc/ip088v

[akes2090]

@OP: There's something odd here - how were you notified by the attacker of the ransomware and receive instructions for payment? 
It's highly improbable that you were sent an email. So what method was used to inform you??

[Cryptohasher76]

I might be able to help.   shoot me an email cryptohasher76@gmail.com, I need additional information.

[Thirdspace]

if only you've made several copies of your wallet.dat, this won't be happening
make multiple copies, rename them and store them in different places
or dump private keys in a text, zip encrypt it, hide it with inconspicuous name
anything could've helped you gain control back of your fund without paying the ransom

[BitMaxz]

Don't deal with anyone or newbie except for higher ranks with neutral or positive trust.

Could you try this method?

First, you must show hidden files and folders by opening folder option,

Folder option can be found here, click start>use the search bar>type "folder option" without quote>click view tab

Now, change the "hidden files and folders" to show hidden files, folders and drive-off

Then scroll down and look for "Hide protected operating system files" then uncheck.

Now go to  C:\Users\admin\AppData\Roaming\Electrum\wallets

inside the folder, it must be your wallet.dat but the attributes still are hidden you can use the unhide tool.

Copy that wallet.dat into USB and use this tool http://ccm.net/download/download-24190-usb-show

open USB show then locate your USB to unhide the file.

Now you should have the wallet.dat unhide,

Note you must use a clean computer where you wanted to import your wallet.dat for safety purposes.

Hope this time your problem solve.

If not let me try to solve your problem via chrome remote desktop just pm me.

[Rickorick]

If this is the encryption used here, then i think you don't have a problem

https://imgur.com/a/1KX1j

[Rickorick]

If you do it pm me your email address

PM sent.

[Near28]

You should provide a file that is not allready cracked and downloadable for each one on the .onion site.
Each dork can download the decrypted .png file (http://igza4c6icqzboodb.onion/tmpdwn/Q7Lh4Rqr.png.iGZa4C.decrypt) and claim he has cracked it.

just my 2 cents.

[cr4ckheaD]

I can help you. The encryption on this is weak. Email me at fremantal@protonmail.com

[kahc]

May I ask why you didn't use the offered one free decrypt on your wallet?
Instead you upload a QR image?

[grafich]

can you upload more encrypted files except your wallet without renamed it (3 or 5 encrypted files)

[Cdjaw2016]

Hi just went through ur post mayb I can help u . But not here start with email and on email we will share our numbers then we will start decrypting
Regards
Chandan
cd.jaw2016@gmail.com

[bitcoinpeddler]

It seems you have a lot of people professing they can solve your problem but the fact of the matter is that most ransomware viruses generate special keys per infected user usually something like (public key + master key) = decrypt files. most of the time the time these ransomware programs are impossible to decrypt unless there keys have been confiscated by authorities. I was surprised that google showed virtually nothing for igza4c as this seems to be there file extension. do you recall anything else around the time of infection such as a screen locker any relevant pictures or even a brand such as (coinvault) ?

[imjustagirl]

I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?
This would be your decoded QR file, right?
https://imgur.com/a/uR1lN

[bob123]

I haven't tried breaking ransomeware before, sounds challenging.
A question though ,would it not be easier to run something like Recuva on the HD to try to recover the old unencrypted wallet.dat instead of trying to decrypt the new one?

Ransomware is coded to encrypt the whole HD (somtimes: except from a few directories to still show desktop, ransom notice, etc.. ).
Usually there are no unencrypted files anywhere on the hard drive left.

Since recuva is a software to restore deleted[1] files, this unfortunately can't work out.


[1] deleted in terms of removed from the trash bin, but not yet overwritten on the HD.

[imjustagirl]

So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file. Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat 

[bob123]

So basically if the guy at some point moved - duplicated - deleted to trashcan one copy of wallet.dat - emptied the trashcan, Recuva would work to recover it even if the HD is encrypted, since the ransomware would not encrypt that deleted file.

Never heared from such an idea 

I think this depends on how the ransomware is coded. It might be the case that the ransomware is going to encrypt the whole HD (not just all files, but all sectors of the hard drive).
In this case this wouldn't work, unfortunately.

Additionally it also depends on whether the deleted files already got overwritten.
Assuming HDD (because recovery is extremely difficulty on SSD's):
If you move your file into the trashcan and empty it, the file is not really 'deleted'. The space (where the file was) is being released.
Depending on how much space your HD has and how much you are writing onto your HD, the timeframe in which the file is still available varys heavily.
For example: If you 'fill' your harddrive completely, your file is no longer available on your HD, for sure.

Wow, that's a good reason to create a copy of your wallet.dat, delete it to trashcan and empty it, just in case you ever get ransomware. Interesting way to back up a wallet.dat 

At least that could work in such a case
But i'd still recommend a 'standard' backup (e.g. move to USB's) instead of deleting a copy in the hope of being able to recover it someday

[preshpr1nce]

It's a shame you formatted the computer and lost the malware/virus that did this, cracking a key on a strong encryption is going to be pretty well impossible, your best bet would of been to try reverse engineer the executable that encrypted your wallet.dat and find the key this way, good chance they're using a mainstream encryption like AES, getting the key from the executable was really your only hope.

If you can some how get it back through a file recovery tool, assuming you identified it first, I'll give it a go.

But not backing up wallet.dat and formatting the machine seems a bit suspicious.

[preshpr1nce]

Have got no where with this.

Going to have to pay this asshole !!

Do you think there is any the encryption password is the ID # ?

ID:#Ez9Sfk6BsgKnnq9E0E8fdtiMpt2BcbYG#

if this was the case could one of these programs maybe unlock the files ?

http://listoffreeware.com/list-best-free-file-encryption-software/

i'm struggling

What is uniquePass? if that's your wallet password then I would avoid going through with this, in that case it's most likely he has your wallet.dat and is using this to try get your password so he can take over your wallet, probably takes the wallet, assigns an ID, waits for you to hand over your pass phrase then you're screwed, you'll lose what ever you send him + your wallet.