File extension changed to .datawait
Solved/Closed
hanif_99
Posts
3
Registration date
Monday November 5, 2018
Status
Member
Last seen
November 6, 2018
-
Updated on Nov 5, 2018 at 06:16 PM
Jean-François Pillou Posts 18707 Registration date Monday February 15, 1999 Status Webmaster Last seen February 16, 2023 - Nov 26, 2018 at 11:53 AM
Jean-François Pillou Posts 18707 Registration date Monday February 15, 1999 Status Webmaster Last seen February 16, 2023 - Nov 26, 2018 at 11:53 AM
Related:
- File extension changed to .datawait
- Windows 10 iso file download 64-bit - Download - Windows
- Save as pdf extension - Download - Other
- How to open .msi file - Guide
- Whatsapp date changed to 1970 - Guide
- Kmspico zip file download - Download - Other
11 responses
Anonymous User
Nov 5, 2018 at 06:13 PM
Nov 5, 2018 at 06:13 PM
Have you connected to a UNIX server over a local network or VPN.?
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7, 8 and 10 users, click right to ensure you run with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
CCM Community Manager and Virus/Security Contributor
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7, 8 and 10 users, click right to ensure you run with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
CCM Community Manager and Virus/Security Contributor
Jean-François Pillou
Posts
18707
Registration date
Monday February 15, 1999
Status
Webmaster
Last seen
February 16, 2023
Nov 26, 2018 at 11:53 AM
Nov 26, 2018 at 11:53 AM
Hello,
Datawait is a Ransomware, which means a malware that encrypts your file and ask for money in order to decrpyt them.
If, by chance, this ransomware did not corrupt your restore points, you can try to restore your system to a restore point before the computer was infected.
Datawait is a Ransomware, which means a malware that encrypts your file and ask for money in order to decrpyt them.
If, by chance, this ransomware did not corrupt your restore points, you can try to restore your system to a restore point before the computer was infected.
upload a screenshot. I beleive another moderator has already explained that Datawait is a sign of a virus. If your files have changed formats, and you DID NOT INSTALL anything, IT IS A VIRUS!
hanif_99
Posts
3
Registration date
Monday November 5, 2018
Status
Member
Last seen
November 6, 2018
Updated on Nov 6, 2018 at 04:55 PM
Updated on Nov 6, 2018 at 04:55 PM
hi
my jpeg and cr2 file change extension like(sample.jpeg.datawait and sample cr2.datawait)
i already format and reinstall windows and make new partitions.
all jpeg and crs file in my external hard disk and recopy to desktop.but file cant open
uplode 3 file here: [XXXXX removed. We cannot offer posible virus infected files to be distributed. We asked for a screen shot, not of the files. Thank you for understanding. Mark Moderator]
please give me a salution.
thank you
my jpeg and cr2 file change extension like(sample.jpeg.datawait and sample cr2.datawait)
i already format and reinstall windows and make new partitions.
all jpeg and crs file in my external hard disk and recopy to desktop.but file cant open
uplode 3 file here: [XXXXX removed. We cannot offer posible virus infected files to be distributed. We asked for a screen shot, not of the files. Thank you for understanding. Mark Moderator]
please give me a salution.
thank you
hanif_99
Posts
3
Registration date
Monday November 5, 2018
Status
Member
Last seen
November 6, 2018
Updated on Nov 7, 2018 at 02:44 PM
Updated on Nov 7, 2018 at 02:44 PM
hi thank you for replay.
sir i am already format hardisk make new partition and reinstall window . i have avast pro and antimalawerbit. before format hardisk i save all jpeg and cr2 file in my external harddisk.than i recopy my jpeg and cr2 file on c: desktop. no virus found. here link of my files .for better you understand my problem.
<REMOVED as it links to an infected file]
sir i am already format hardisk make new partition and reinstall window . i have avast pro and antimalawerbit. before format hardisk i save all jpeg and cr2 file in my external harddisk.than i recopy my jpeg and cr2 file on c: desktop. no virus found. here link of my files .for better you understand my problem.
<REMOVED as it links to an infected file]
Didn't find the answer you are looking for?
Ask a question
Anonymous User
Nov 6, 2018 at 05:41 PM
Nov 6, 2018 at 05:41 PM
Just what I expected.
Your external hard disk is infected by a worm and as soon as you connect and open your external hard disk you also reinfect your computer with the same worm.
No antivirus software can prevent worm infections. Having two antivirus software will create conflicts, you should have only one.
Do you wish to know how to get rid of the worm virus?
P.S. It's not replay by reply.:-)
Your external hard disk is infected by a worm and as soon as you connect and open your external hard disk you also reinfect your computer with the same worm.
No antivirus software can prevent worm infections. Having two antivirus software will create conflicts, you should have only one.
Do you wish to know how to get rid of the worm virus?
P.S. It's not replay by reply.:-)
Pduke
Posts
1
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 9, 2018
Updated on Nov 9, 2018 at 10:54 AM
Updated on Nov 9, 2018 at 10:54 AM
Same here, any help? 
mahdi97
Posts
1
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 9, 2018
Updated on Nov 13, 2018 at 08:45 AM
Updated on Nov 13, 2018 at 08:45 AM
help me ,virus in my pc , message virus
==================================!ATTENTION PLEASE!===========================================
Your databases, files, photos, documents and other important files are encrypted and have the extension: .DATAWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.
===============================================================================================
E-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch
Reserve e-mail address to contact us:
XXXXXXX
Your personal id:
XXXXXXX
==================================!ATTENTION PLEASE!===========================================
Your databases, files, photos, documents and other important files are encrypted and have the extension: .DATAWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.
===============================================================================================
E-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch
Reserve e-mail address to contact us:
XXXXXXX
Your personal id:
XXXXXXX
and my pc infected by virus , this message from virus
==================================!ATTENTION PLEASE!===========================================
Your databases, files, photos, documents and other important files are encrypted and have the extension: .DATAWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail ***@*** send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.
===============================================================================================
E-mail address to contact us:
***@***
Reserve e-mail address to contact us:
***@***
Your personal id:
003zS4VZvMkabFnY14Vkdq6lt6m9L2x0DtGR9XJ1zuV
any help
==================================!ATTENTION PLEASE!===========================================
Your databases, files, photos, documents and other important files are encrypted and have the extension: .DATAWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail ***@*** send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.
===============================================================================================
E-mail address to contact us:
***@***
Reserve e-mail address to contact us:
***@***
Your personal id:
003zS4VZvMkabFnY14Vkdq6lt6m9L2x0DtGR9XJ1zuV
any help
Yes indeed. Very interesting however. Files extensions are changed to .jpeg.datawait. Microsoft can't find a solution and is referring people here which is flattering.
It could be ransomware. In which case there is always a way to decrypt the files. I have asked the top expert in the matter on the French site. I am waiting for his reply.
If usb fix doesn't work, but find the solution, we will have a party, kind of a wiener roast with tall cool refreshing beverages. For I don't know of any man, woman or child who doesn't enjoy a cool refreshing beverage.
It could be ransomware. In which case there is always a way to decrypt the files. I have asked the top expert in the matter on the French site. I am waiting for his reply.
If usb fix doesn't work, but find the solution, we will have a party, kind of a wiener roast with tall cool refreshing beverages. For I don't know of any man, woman or child who doesn't enjoy a cool refreshing beverage.
renegard
Posts
6
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 10, 2018
Nov 9, 2018 at 06:57 PM
Nov 9, 2018 at 06:57 PM
Basic question: Is now a solution in sight? My computer is infected as well with this stupid .datawait extension!
Help is necessary. Please do your best. Thanks
Help is necessary. Please do your best. Thanks
Anonymous User
>
renegard
Posts
6
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 10, 2018
Nov 9, 2018 at 07:18 PM
Nov 9, 2018 at 07:18 PM
I will publish a solution on this thread here tomorrow. Just stay tune.
P.S. Did you ever open an email from an unknown source or attachment thereof ?
P.S. Did you ever open an email from an unknown source or attachment thereof ?
renegard
Posts
6
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 10, 2018
Nov 10, 2018 at 02:04 PM
Nov 10, 2018 at 02:04 PM
No. But it seems there was a worm included with a downloaded file from a program offer.
Unfortunately my Virus / Malware protection program did not recognize the worm!!
Please let me updated. Tks Attached you'll find more information comming for gangsters channel!!
Unfortunately my Virus / Malware protection program did not recognize the worm!!
Please let me updated. Tks Attached you'll find more information comming for gangsters channel!!
gobang80
Posts
1
Registration date
Saturday November 10, 2018
Status
Member
Last seen
November 10, 2018
Nov 10, 2018 at 01:00 PM
Nov 10, 2018 at 01:00 PM
i have a same problem, DATAWAIT... n malware too .
i already try to clean it, but it not works.
i found File virus with name qlscxb.ex* n try to delete it with cmd promt nbut it cant .
i hope someone can help me to fix the problem
ty
i already try to clean it, but it not works.
i found File virus with name qlscxb.ex* n try to delete it with cmd promt nbut it cant .
i hope someone can help me to fix the problem
ty
renegard
Posts
6
Registration date
Friday November 9, 2018
Status
Member
Last seen
November 10, 2018
Updated on Nov 12, 2018 at 04:38 PM
Updated on Nov 12, 2018 at 04:38 PM
Here is the statement you'll receive from the gangsters (savefiles@india.com) if you ask, to get the decrypt software to restore the infacted .datawait files:
Hello!
Your test decrypted files attached to the letter.
You need to purchase an decrypt software and unique private key.
After you will get software, start it and decrypt all your data.
Price of private key and decrypt software is 0.05 bitcoin.
0.05 bitcoin ~ 290 usd.
Before paying you can send to us up to 3 files for free decryption.
Send us your personal ID too.
Please note that files must NOT contain valuable information.
After payment we answer all your questions about server safety.
Now strictly recommend close internet connection on server.
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price.
Video manual:
1 - You need register localbitcoins account:
REMOVED
2 - Buy bitcoins in localbitcoins video:
REMOVED
3 - Send your bitcoins to our wallet video manual:
REMOVED
Any bitcoin exchangers:
REMOVED
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Hello!
Your test decrypted files attached to the letter.
You need to purchase an decrypt software and unique private key.
After you will get software, start it and decrypt all your data.
Price of private key and decrypt software is 0.05 bitcoin.
0.05 bitcoin ~ 290 usd.
Before paying you can send to us up to 3 files for free decryption.
Send us your personal ID too.
Please note that files must NOT contain valuable information.
After payment we answer all your questions about server safety.
Now strictly recommend close internet connection on server.
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price.
Video manual:
1 - You need register localbitcoins account:
REMOVED
2 - Buy bitcoins in localbitcoins video:
REMOVED
3 - Send your bitcoins to our wallet video manual:
REMOVED
Any bitcoin exchangers:
REMOVED
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Anonymous User
Updated on Nov 10, 2018 at 05:34 PM
Updated on Nov 10, 2018 at 05:34 PM
Greetings to you all
.datawait is a ransomware which encrypts files. Those of you who became the victims probably have done so by downloading and opening an email attachment or a malicious website.
Changing the file extension is useless. Restoring your system is also useless. There is no third party software able to decrypt the files. The malware can be removed from your computer but the files will remain encrypted do not waste your money with a 3rd party software.
Now paying the pirates will encourage them to continue their evil deed, develop more ransomware even to infect your computer again. Keep in mind that the pirates are dishonest thieves, they have no honour. Suppose you send them money there is no guarantee that they will send you the decryption formula (if there is one) especially that the same formula could be distributed on all forum such as this one for free.
According to our experience, pirates know how to encrypt but don't know the solution to decrypt or clean their own dirt.
Nowadays, most ransomware and scam call centres seems to origin from India.
In order to find if there is an existing decrypting tool, we must identify the variant of the ransomware.
I would appreciate if any two of you members would go to the following site fill the form and report the results here.
Here is the site
https://id-ransomware.malwarehunterteam.com/
Also, could one of you go to #3 above and produce a ZHP Diag log, which may help me to identify all the systems files which were infected or malware.
Good luck
Jules
Community Manager and Virus/Security Contributor
.datawait is a ransomware which encrypts files. Those of you who became the victims probably have done so by downloading and opening an email attachment or a malicious website.
Changing the file extension is useless. Restoring your system is also useless. There is no third party software able to decrypt the files. The malware can be removed from your computer but the files will remain encrypted do not waste your money with a 3rd party software.
Now paying the pirates will encourage them to continue their evil deed, develop more ransomware even to infect your computer again. Keep in mind that the pirates are dishonest thieves, they have no honour. Suppose you send them money there is no guarantee that they will send you the decryption formula (if there is one) especially that the same formula could be distributed on all forum such as this one for free.
According to our experience, pirates know how to encrypt but don't know the solution to decrypt or clean their own dirt.
Nowadays, most ransomware and scam call centres seems to origin from India.
In order to find if there is an existing decrypting tool, we must identify the variant of the ransomware.
I would appreciate if any two of you members would go to the following site fill the form and report the results here.
Here is the site
https://id-ransomware.malwarehunterteam.com/
Also, could one of you go to #3 above and produce a ZHP Diag log, which may help me to identify all the systems files which were infected or malware.
Good luck
Jules
Community Manager and Virus/Security Contributor
This ransomware has no known way of decrypting data at this time.
It is recommended to backup your encrypted files, and hope for a solution in the future.
Identified by
ransomnote_email: ***@***
ransomnote_bitmessage: BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h
Click here for more information about STOP
Would you like to be notified if there is any development regarding this ransomware? Click here.
It is recommended to backup your encrypted files, and hope for a solution in the future.
Identified by
ransomnote_email: ***@***
ransomnote_bitmessage: BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h
Click here for more information about STOP
Would you like to be notified if there is any development regarding this ransomware? Click here.
Thank you loly,
Obviously this is new variant. I suggest you be very careful communicating with those scoundrels, they may have remote access to your computer. Most ransomware install Trojan horses.
Of course they will charge a lot of money as for many some files are precious.
It may still be able to recover all or some of your files however we must first rid of the malware on your computer otherwise, files will again get encrypted.
ZHP Diag?
Obviously this is new variant. I suggest you be very careful communicating with those scoundrels, they may have remote access to your computer. Most ransomware install Trojan horses.
Of course they will charge a lot of money as for many some files are precious.
It may still be able to recover all or some of your files however we must first rid of the malware on your computer otherwise, files will again get encrypted.
ZHP Diag?
Nov 12, 2018 at 11:32 AM
Nov 12, 2018 at 01:50 PM
Nov 12, 2018 at 02:28 PM
Here is mine, thanks.
Nov 12, 2018 at 05:26 PM
Thanks for the report.
Indeed your system is badly infected all kinds of malware: Trojan, adware, Toolbar.Agents and Hijacker. We can clearly where see where .datawait has lodged itself.
However, you also are using an illegal software to activate Windows programmes. For that reason, we cannot help you remove the viruses and the datawait ransomware.
Sorry
Nov 12, 2018 at 05:31 PM
You are also using a hacking programme for that reason, we cannot help you remove any virus.