Over 1 million tech questions and answers.

Ransomware

Q: Ransomware

My laptop was attacked by ransomware. There was a message on the bottom of the screen to call Microsoft for help. I did call & gave the person access to my computer. He showed me all the viruses that were on my computer & assured me that he was going to help me clean up my computer. But then he asked for $500 for lifetime protection. That is when I hung up. My computer was frozen. I had to completely reboot to factory settings loosing my files.

I have since upgraded to Windows 10 & have run many different scans. The scans found 3 viruses.

My concern is that no matter what anti virus program I install will there always be something on my hard drive. Is my computer safe now? Should I buy a new computer?

I just don't know what to do.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Ransomware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 44.8

Do/can behavior based anti-ransomware solutions block a ransomware threat before it can even encrypt 1 file or they block it after they have encrypted atleast 1-2 files?
 

A:Do behavior based anti-ransomware solutions block a ransomware threat before it can even encrypt

Difficult to answer, it depends on BB patterns/algorithms and ransomware type.
Many ransomware use native Windows encryption APIs thus making difficult to recognize the malicious behavior.
 

Read other 1 answers
RELEVANCY SCORE 44.4

Recently, I stumbled on article from Bitdefender blog that claim they have released "a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families"

Their previous vaccine/version seem to protected /appdata and several folder that have higher possibility infected by ransomware.

Has anyone tried this latest version of BD anti ransomware?

here is the link

It is also covered in softpedia news:




Vaccine for CTB-Locker, Locky and TeslaCrypt Ransomware Released
It's better to prevent than to pay the ransom
Mar 28, 2016 17:35 GMT By Catalin Cimpanu
Romanian security vendor Bitdefender has updated its vaunted anti-ransomware vaccine to add support for the latest versions of the CTB-Locker, Locky and TeslaCrypt ransomware families currently ravaging users all over the globe.

The Bitdefender Anti-Ransomware toolkit has been around for some years now, ever since crypto-ransomware started to become popular and users understood that once locked, recovering the files was almost impossible without paying the crook's ransom fee.

Luck also plays a role if the ransomware contains encryption flaws that allow security researchers such as Fabian Wosar to create decryptors for various variants. But these situations are very rare, and often found in smaller, newly appeared ransomware families, not older trialed and tested variants.

An anti-Locky vaccine is needed these days
... Read more

Read other answers
RELEVANCY SCORE 42

One of the most profound changes in the modern business landscape has been the gradual shift to the Subscription Economy. In years gone by, you handed over your hard-earned money and in return received a product or service that was yours to keep. Now, both companies and consumers are ditching the traditional pay-per-product approach in favor of the as-a-service model ? an arrangement that offers greater flexibility for consumers and more predictable, stable income for businesses. In most cases, it?s a better all-round experience for everyone involved.

Sadly, it?s not just Netflix and Spotify that have adopted this way of offering their services. In the dark recesses of the digital underworld, malware authors hawk ransomware subscriptions that are swiftly snapped up by buyers with unscrupulous motives. A relatively recent phenomenon, Ransomware as a Service (RaaS) allows anyone with an internet connection ? regardless of their technical literacy ? to purchase powerful ransomware via the Dark Web and carry out devastating encryption attacks against the targets of their choice.

Read more here
 

Read other answers
RELEVANCY SCORE 39.6

Malwarebytes Anti-Ransomware beta vs Bitdefender Anti-Ransomware

these are the two anti-ransomware tools i know from good companies
which one is better ? i guess malwarebytes is

bitdefender just blocks formation of executables in temp folders ... do malwarebytes also work the same way ?
are there any better alternatives present ?
 

Read other answers
RELEVANCY SCORE 31.2

Title says all, where can I get this type of malware?
 

A:FBI Ransomware - Where can I get it?

Ransomware typically spread like Trojans, penetrating into the system through, for example, mail attachment, downloaded file or a vulnerability in the operating system, so if you're "lucky"...

Otherwise you have to analyze any malware present in online malware analysis database.

My curiosity, can I know why you're looking for it ?
 

Read other 5 answers
RELEVANCY SCORE 31.2

Hi. A friend of mine has a laptop he was having some issues with (running slow, etc. ) so he gave it to me to look at. Before he gave it to me he ran CCleaner andDefraggler thinking he could fix his issue. He uses Avast antivirus free and Malwarebytes Pro for protection. I noticed both programs were alerting the userto malicious programs and blocking them. I first ran Malwarebytes and it discovered Trojan Bedep (Nativehooks.dll); Rootkit Fileless MT Gen, and Trojan Clicker FMS.I then ran Adwcleaner and noticed under the Files tab instances of Cryptowall, but they were all just the HTML, PNG, URL, and TXT instances... notifying the userthey have been hit by Cryptowall and how to pay, etc. The odd thing is none of his pictures and documents are encrypted... nothing is encrypted as far as I can see.I was just going to do my usual run of Malwarebytes, Adwcleaner, Superantispyware, Junkware Removal Tool, and Kaspersky rescue disk to address his laptop, but nowI am curious... why are his files not encrypted? I have stopped my disinfection of his laptop at Malwarebytes, I have NOT let Adwcleaner do anything at this pointexcept for detection. I would like to learn something from this situation especially why his files did not get encrypted and of course it does need cleaned so...where do we go from here to find out more about this? If I have to transfer files (logs) via a flash drive from his computer to mine to do this is there anywayI can spread something from his computer to mine... Read more

A:Ransomware

CryptoWall does not change extensions on a file and does not leave anything behind once it has finished encrypting and removed itself...the only evidence will be the ransom notes and registry keys. However, there have been cases where the infection did not do what it was supposed to do.A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0 & CryptoWall 3.0 is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQThere are also ongoing discussions in these topics:CryptoWall - new variant of CryptoDefense Support & DiscussionCryptoWall 3.0 Support & DiscussionRather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in one of those topic discussions. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.ThanksThe BC Staff

Read other 1 answers
RELEVANCY SCORE 31.2

Ransomware is one of the most feared security threats today and it is fast becoming one of the most profitable areas of cybercrime for attackers. It allows criminals to monetize their cybercrime efforts quicker than previous tactics allowed. Historically, they would have to steal their target?s data, and then find an avenue to resell that data to make it profitable. With ransomware, criminals are simply stealing a person?s data and selling it back to them for a price.

The victim already owned the data so they will definitely want it back. This therefore means the cybercriminal does not have a hard sell ahead of him. In addition to this, with the rise of anonymous currency, such as Bitcoin, there is even less of a chance of cybercriminals getting caught. Attackers can make hundreds to thousands of dollars per infection and get paid immediately, instead of going through other risky steps to make a profit.
In addition to this, a large percentage of organizations have no way to combat ransomware and many will pay out of fear they will lose their data forever. This in turn drives more attacks because cybercriminals see how profitable ransomware can be. A zero-day exploit can be worth thousands of pounds, but the seller must find customers, and many of the customers they are targeting are not very trustworthy; with ransomware, the victim pays the attacker and then the ransomware can be used over and over against multiple victims.

So what do organizations need to know about ... Read more

Read other answers
RELEVANCY SCORE 31.2

Hi, I Have Seem to Have The Same Infection That This, http://www.bleepingcomputer.com/forums/t/479932/fbi-ransomware-in-safemode-also/ user has. Im running Windows 7 Home Premium (x64).I Have Already Scaned And Gotten A Log From Farbar, Results Below. Thanks,     Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03Ran by SYSTEM on 30-07-2013 18:47:35Running from D:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-04-09] (Synaptics Incorporated)HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()HKLM\...\Run: [HPToneControl] - C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-04-25] (Sun Microsystems, Inc.)HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-27] (Hewlett-Packard)HKLM\...\Winlogon:... Read more

A:FBI Ransomware

HelloPlease run the following:NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemPlease download [attachment=140449:FixList.txt]Save it to your flash drive.Boot to System Recovery Options as you did before and select "Command Prompt".Run FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your next reply.NEXTRefer to the ComboFix User's GuideDownload ComboFix from the following location:Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation at... Read more

Read other 2 answers
RELEVANCY SCORE 31.2

ransomware has taken my computer hostage for a $400.00 ransom. What are the steps to clean it up ?

A:RANSOMWARE

Can you boot into safemode or safemode with command prompt or safemode with networking?
 
Restart the PC and press F8
 
Do you have repair your computer option?
 
Can you login to another user account which has not infected by the ransomware?

Read other 3 answers
RELEVANCY SCORE 31.2

While surfing around on firefox, I suddenly had a pop-up in firefox that told me my computer/files are encrypted and I need to pay to have the files unlocked.
Unfortunately I did click on the "cancel" button on the pop-up window (with no effect), but did not click on anything else. After, I went into task manager and shut firefox down.
Now I am unsure if this was just a pop-up scam, or if anything has been downloaded and is currently infecting my machine. None of my files actually are encrypted as far as I can tell (I have checked a bunch of different files, and they all open just fine). I had both Avast and Malwarebytes running, and they didn't detect anything (nor did they pick up anything on a scan)
So I have no idea if this is a serious threat or just a pop up hoping to scare me to do something stupid. I have since backed all my files to an external drive (and disconnected the drive), and disconnected my PC from the internet. All my files still open fine.
It seems to me if this was a real threat, they would not have given me ample warning to back up all my files and disconnect my PC. But still, is there anything I can do to be sure there isn't some ransomware program waiting to encrypt my PC as soon as I reconnect online?

A:Is this RansomWare?

Hmm, that does sound odd. There's a million tech scams that work that way, but I haven't heard of a pop-up scaring you about encrypted files - yet.
That's good you backed up everything, that would be my first suggestion of course, and fully disconnect that external before turning the computer back on.
If you have everything backed up, I would first start in safe mode and run extensive scans. I recommend MalwareBytes and HitmanPro for second opinions. I would maybe throw MalwareBytes Anti-Rootkit in there too.
If you open a browser and happen to see it again, I would be very interested in seeing a screenshot, now that you know your data is safe.
Past those scans, I would suggest running FRST and posting a topic in the "Am I Infected" forum where the Malware Response team can help you in checking for any real dirty infections.

Read other 6 answers
RELEVANCY SCORE 31.2

Hello All,

Thanks in advance for any help. A friend of mine brought me an older system of his to see if I could help him with it. He said he stopped using it, because he couldn't connect to the internet anymore and it was infected with something. I boot into safe mode and first thing a notification comes up saying "You may be a victim of software counterfeiting. This copy of windows did not pass genuine windows validation". I immediately call and ask him about it, but he assures me it is genuine. I couldn't find any reliable documentation on this being some kind of ransomware. I ran malwarebytes antirootkit utility and it reported several problems. I also ran TDSSkiller and DDS. I have attached the logs.
 dds.txt   48.17KB
  3 downloads
 attach.txt   10.28KB
  0 downloads
 system-log.txt   29.95KB
  1 downloads

The TDSS log was too large to upload and wouldn't allow zipped

A:Possible ransomware?

Hello Hadnjury , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is n... Read more

Read other 8 answers
RELEVANCY SCORE 31.2

Hi,

I've picked up some virus from what I thought was a facebook thread and its completly blocked me out of my computer. it comes up with a box with the following
Attention!
Your computer has been blocked because of violating internet usage rules.
To unblock it you have to pay $100 to the U4752418 account of the Liberty Reserve payment system. After the payment you'll be provided with the code of automatic unblock.
In case of payment refusal, all of the information on your computer will be deleted without ability to restore.
Attempt of avoiding the blocked state without using the code will lead to full erase of the information stored on your computer.

Then there is a box for the unblock code.

I have tried following instrutions posted here yesterday with another computer and a usb and cd but can not reboot my laptop with with f9 f11 or f12
can anyone help me please I have a Dell Latitude e5500

Ta
Jonno

A:Ransomware

Hello there,

Can you please tell me what kind of OS you have? This is brand new, so we need to know.

Thank you!
tea

Read other 55 answers
RELEVANCY SCORE 31.2

Computer locked
Fbi cybercrime division
 
Followed removal instructions guide
 
created HitmanPro .kickstart usb flash drive
 
executed guide steps #8,9,10,11
 
Infected computer scan results, NOTHING
 
 
Computer will not boot
Startup repair ran
Windows can not repair automatically
 
Please Help!

A:Ransomware

 
Let's try another workaround: 
Download AVG Rescue USB version (.ZIP archive)
 
USING THE RAR/ZIP ARCHIVE TO CREATE A USB BOOTABLE DEVICE
To create a USB flash drive variant of AVG Rescue CD, you will need to do the following:
Extract the archive downloaded from AVG web to your preferred location.
Double-click the extracted setup.exe file. It will guide you through the whole process. You will be able to select a USB drive from a listbox and setup will copy all necessary files to the selected USB drive and it will make the USB drive bootable.
Please be careful not to run the makeboot.bat file directly from hard drive of the computer! This would overwrite the boot record and make your system un-bootable.
After this process is finished (message will be displayed) you can close the window.
 AVG Rescue:
 
Now plugin the USB-device with AVG-rescue on it.
 
1.  Reboot the computer and start the boot menu (F10 or F12). Then choose for the USB-device
 
2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter
3. Let it load, at the "Disclaimer Screen"... just choose I agree or not and press Enter
4. At the "Update Screen", choose Yes and press Enter
Next screen, Choose Update from Internet and press Enter
5. At the "Update Priority Configuration" window, choose Priority 2 Virus Database Update and press Enter
6. Let it update and when finished, Press any key to continue
7. You end up back at the "Update Screen", c... Read more

Read other 34 answers
RELEVANCY SCORE 31.2

i cant find anyone who was hit with ransomware - their screen shots were complete diff. 
 
it leaves a html file in ever folder called DECRYPT_INSTRUCTION.HTML
 
 
in it it list this
Your files were encrypted and locked with a RSA2048 key
To decrypt your files:
Download the Tor browser here and go to http://xxxxxx.onion within the browser.
Follow the instructions and you will receive the decrypter within 12 hours.
You have ten days to obtain the decrypter before the price to obtain the decrypter is doubled. Scheduled deletion of the private key from our server is after 30 days - leaving your files irrevocably broken.
Your ID is xxxxxxx
Guaranteed recovery is provided before scheduled deletion of private key on the day of 08/07/2015 09:49:29
Guaranteed recovery is provided before scheduled deletion of private key on the day of 08/07/2015 09:49:29
The price to obtain the decrypter goes from 2BTC to 4BTC on the day of 07/18/2015 09:49:29
 
when you goto the page its this
 
 
Instructions to unlock your files / data:
 
1. Download and install the Multibit application. This will give you your own Bitcoin-wallet address. You can find it under the "Request" tab. Paste this in the "Your BTC-address" field below.
2. Buy Bitcoins, (check DECRYPT_INSTRUCTION.HTML for correct amount based on date) and send it to your own Bitcoin-wallet address, they will show up in the Multibit app that you installed earlier. From ther... Read more

A:anyone know what ransomware this is?

Hi there,Are you sure DECRYPT_INSTRUCTION is the correct name of the ransom note? Because older variants of CryptoWall used that name, but they explicitly mentioned that it is CW. And currently both variants are no longer in the wild.Can you take a screenshot of the ransom screen (if it is still there)?

Read other 11 answers
RELEVANCY SCORE 31.2

I have just gone to my computer and have ransomware, it came up with a black screen saying all my files are infected and I have checked all files have a .cryp1 extension. It said I had to install tor etc I will not do that obviously but need help, I am on safe mode at the moment as my internet has locked in normal.

Read other answers
RELEVANCY SCORE 31.2

OMG me to!!!!!!!!!!!! I got all of the ransomware and trojans off my computer but all of my jpegs are still changed to jpeg.html and I can't change it back to just jpeg. Please help anyone who has any suggestions. Thank you in advance for all your help

A:Ransomware...

Have you tried to take ownership of these files, you can try, Rizone Take Ownership Shell Extension, or, Download TakeOwnership.zip from HTG !!
 
There is also full tutorials on how to take ownership Like this one ::
 

How to Take Ownership and Full Control Permissions of Files & Folders in Windows
 A lot of files and folders in Windows 7 & Vista does not actually belongs to users. Rather, most system files have “Trusted Installer” as owner, the assign or grant read+write, traverse or full control permissions to SYSTEM or CREATOR OWNER user account only. So users must take ownership and grant full access control permissions and rights to themselves if they want to modify, rename or delete these files or folders. Sometimes, users may need to take ownership and grant full rights to themselves on another drive or partition, especially on disk newly installed or inserted if they cannot browse the contents from the drive.
To take ownership and grant full control (or read write) permissions of files or folders in Windows Vista, do these steps.
1. In Windows Explorer window, locate the files or folders that you want to take ownership and grant or change full control or other access permissions.
2. Right click on the file or directory, and then select Properties on the right click menu.
3. Click on Security tab.
4. Click on Advanced button at the bottom.
5. In “Advanced Security Settings” dialog window, click on Owner tab.
6. Here y... Read more

Read other 23 answers
RELEVANCY SCORE 31.2

Last fall I bought a new computer, and shortly thereafter was hit with ransomware. I did a factory reset to get rid of the problem

I then purchased the full version of Malwarebytes, and additionally installed their free version of anti-exploit AND the beta version of anti ransomware.

Two days ago I was unable to access the internet from the computer, although there was no problem with the wireless router since both the phone and the tablet had no problem connecting through Wi-Fi.

The next day I got a phone call from an Indian - sounding guy who said he was from Microsoft Technical Support. I told him not to call back again. He sounded exactly like the guy with this ransomware scheme last fall.

I sent a message to Malwarebytes, but not sure I can expect very much from them. Do I need to do another factory reset, or is there a better solution that you can recommend.

No punishment could be too dire for these ransomware criminals.

Thanks for any help you can offer.

Read other answers
RELEVANCY SCORE 31.2

A lady I do a lot of tech work for just contacted me and said that when she starts her laptop she gets an audio message that says "But our support engineers can walk you through the removal process over the phone if you close this page before calling us we will be forced to disable your computer to prevent further damage to our network".

Any ideas? I don't trust her browsing, not that she goes to the wrong websites on purpose, but she insists on using Yahoo search engine and half of the time clicks the top results (ads).

Read other answers
RELEVANCY SCORE 31.2

I just want to know if this could be the result of some other vulnerability on my system or network. I am running several things including a free DNS pointer and two FTP servers - so I am concerned that over the years I may have opened a port or something that results in a massive security vulnerability.

<Attempting to provide relevant data only>

I upgraded to Windows 10 a few weeks ago, and today I woke up and SURPRISE; All my hard drives now read as encrypted with Bitlocker (except for my primary OS drive (SSD))

I went through the usual CMD steps playing with manage-bde and such. All signs point to some how some time during the night, all three separate physical hard drives were encrypted.

I just logged into the local administrator account (since my profiles are all on the now encrypted drive) and noticed a text document on the desktop.

Now, I have encountered variants of this from some of my clients - but I never thought it could happen to me.
The document reads as follows:

"Hello there.
I would like to tell you first I'm sorry about that. Your documents, files, databased most are in original places or some moved to your local data. If you want to regain access to your local disk, all your files, documents, etc please send 1 BTC (Bitcoin) to this address: 1PFkYtDbxQRTv8Xse77u7wYG5bht8QB6e2 as fast as you can and email me at [email protected] If you dont know what bitcoin is, please ask me for bitcoin website that you can buy it fast or ... Read more

A:Ransomware

CryptoMonitor, CryptoPrevent[or is it Protect?], WinRansom Beta [this is new! wait for stable release]. Can use both Cryptos on same computer. Haven't tried WinRansom yet. I don't know if any of those, or how any of those, work on a business network.

Read other 1 answers
RELEVANCY SCORE 31.2

It appears that Win 10 has already attracted a Ransomware attack. http://www.komando.com/happening-no...rce=notd&utm_content=2015-08-04-article_4-cta news on Kim Komando's site.
 

A:Win 10 Ransomware

yes, and I think the misleading thing here is
Microsoft is not emailing customers with the Windows 10 upgrade.Click to expand...

Microsoft are emailing people about the upgrade - maybe not with the upgrade - But they are sending out emails
 

Read other 1 answers
RELEVANCY SCORE 31.2

Was browsing today and all of a sudden I got a pop up..then another and another telling me I had lots of trojans and if I clicked on something I could remove them. I did click but I didnt download anything or buy anything. I immediately found that my task manager had been disabled because I tried to bring it up to cut out this program. I ran Panda, Spybot, Adaware, A-Squared and trial version of prevx; Lots of small stuff was found buyt the trial prevx brought up these two threats:
sa7236.exe and an updater package. I recognised the latter fromt he thing that i clicked when these trojan warnings flashed up. Now I am not sure if my pc is safe. I managed to get my task manager back with combofix. Otherwise I am out of ideas and when I google this problem its looking pretty dire. can anyone help me please? Thanks

Ps I ran HJT and saw a couple of no name buttons but I couldnt delete them because it gave me a error message something to do with hosts???

Read other answers
RELEVANCY SCORE 31.2

Hello falks! In first I apologyse about my english. Im here because I was infected with a ransomware virus last month. For now I thing I got rid of it but I have a big problem still: I have all my documents encrypted. Since I have read FBI was stoped this attacks last year with some detentions but it seams they are still attacking or maybe others doing the same. I couldnt either have acess to the decryptlocker page so I have no idea what to do next. I have an old home computer runing XP still, the only thing I want to preserve and really has value is that I cant have acess anymore: my documents, specialy the books my daughter is writing, so its to sad. If someone could help me to get them back I will be thankful.

Read other answers
RELEVANCY SCORE 31.2

Hey - just got the ICE virus; ransomware.
So I've seen the fix for it but when I try to restart in safe mode my PC auto restarts. I know I can use the prevent auto restart but how do I also get the system in safe mode?
Any help is appreciated, needing this PC back up an running quick have some work to do tonight.
 

A:ICE ransomware

Please download Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If... Read more

Read other 1 answers
RELEVANCY SCORE 31.2

Hi guys. This annoying FBI thing popped up yesterday. I ran some of the scans that I saw recommended in another post and wanted to post the logs for help. Thanks in advance. Here's TDSkiller:

18:29:55.0414 1580 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:29:55.0759 1580 ============================================================
18:29:55.0759 1580 Current date / time: 2012/09/24 18:29:55.0759
18:29:55.0759 1580 SystemInfo:
18:29:55.0759 1580
18:29:55.0764 1580 OS Version: 6.1.7601 ServicePack: 1.0
18:29:55.0764 1580 Product type: Workstation
18:29:55.0764 1580 ComputerName: BYRDFAM-HP
18:29:55.0764 1580 UserName: Byrd Fam
18:29:55.0764 1580 Windows directory: C:\Windows
18:29:55.0764 1580 System windows directory: C:\Windows
18:29:55.0764 1580 Running under WOW64
18:29:55.0764 1580 Processor architecture: Intel x64
18:29:55.0764 1580 Number of processors: 2
18:29:55.0764 1580 Page size: 0x1000
18:29:55.0764 1580 Boot type: Safe boot with network
18:29:55.0764 1580 ============================================================
18:29:56.0704 1580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:56.0709 1580 ============================================================
18:29:56.0709 1580 \Device\Harddisk0\DR0:
18:29:56.0709 1580 MBR partitions:
18:29:56.070... Read more

A:FBI Ransomware Help

Also MINITOOL log:MiniToolBox by Farbar Version: 23-07-2012Ran by Byrd Fam (administrator) on 25-09-2012 at 06:43:09Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Network***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set."Reset IE Proxy Settings": IE Proxy Settings were reset.========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset.========================= Hosts content: ========================================================== IP Configuration: ================================Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledpopd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : ByrdFam-HP Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabl... Read more

Read other 3 answers
RELEVANCY SCORE 31.2

SORRY, REALISED IT'S IN THE WRONG SECTION. PLEASE IGNORE AND I'LL REPOST IN RIGHT SECTION.

Hi folks,

My friends computer is showing the message below just after the password screen. I've run ransom.sh, drivers.sh and shellfix.sh to no avial. Any ideas?
Attention!
Your computer has been blocked because of violating internet usage rules.
To unblock it you have to pay $100 to the U4752418 account of the Liberty Reserve payment system. After the payment you'll be provided with the code of automatic unblock.
In case of payment refusal, all of the information on your computer will be deleted without ability to restore.
Attempt of avoiding the blocked state without using the code will lead to full erase of the information stored on your computer.

A:Ransomware!

Please re-post this here

Read other 2 answers
RELEVANCY SCORE 31.2

Posting this topic by instruction of boopme. Here is the original topic link:http://www.bleepingcomputer.com/forums/topic456569.htmlAnd my original post from there:---Hi all,Last night while browsing some folders, I noticed a big text file on my desktop called "WARNING," which said the following:YOUR ID: 286YOUR COMPUTER IS BLOCKED. All your documents, text files and databases are securely encrypted.You can unblock your computer by completing three easy steps.STEP 1: Buy a MoneyPak in amount of $50 at the nearest store.STEP2: Fill out the fields on the black screen on your cumputer. Otherwise send as an e-mail at [email protected] Indicate your ID in the message title and provide MoneyPak number.STEP 3: Check your e-mail. We will send you a program to remove the malware and decrypt your files once payment is verified. Your computer will roll back to the ordinary state. Q: How I can make sure that you can really decipher my files?A: You can send ONE any ciphered file on email [email protected] (Indicate your ID and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file. Q: Where can I purchase a MoneyPak?A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Walmart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Q: How do I buy a MoneyPak at the store? A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the reg... Read more

A:Ransomware

Hello, Mr. Quasar.My name is etavares and I will be helping you with this log.Here are some guidelines to ensure we are able to get your machine back under your control.Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.Please reply within 3 days to be fair to other people asking for help.When in doubt, please stop and ask first. There's no harm in asking questions!Step 1P2P Warning and RequestThe log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, how... Read more

Read other 28 answers
RELEVANCY SCORE 31.2

Hello,I had been attacked by ransomware that encrypted many of my documents. My issue is similar to a previous thread started by another user: http://www.bleepingcomputer.com/forums/topic456569.html/page__pid__2726791#entry2726791 I believe the attack occured on the evening of Saturday,June 9th. My documents (Word, Excel, txt, PDF, JPG, etc.) had been encrypted and they all have ".crypt" extention at the end. Some of these file reside in my external hardrive which was connected to my computer at the time. There is a big black popup showing on my desktop and also a "WARNING" file created in each of my folders affected showing the following message:YOUR ID: 94YOUR COMPUTER IS BLOCKED. All your documents, text files and databases are securely encrypted.You can unblock your computer by completing three easy steps.STEP 1: Buy a MoneyPak in amount of $50 at the nearest store.STEP2: Fill out the fields on the black screen on your cumputer. Otherwise send as an e-mail at [email protected] Indicate your ID in the message title and provide MoneyPak number.STEP 3: Check your e-mail. We will send you a program to remove the malware and decrypt your files once payment is verified. Your computer will roll back to the ordinary state. Q: How I can make sure that you can really decipher my files?A: You can send ONE any ciphered file on email [email protected] (Indicate your ID and /test decrypt/ phrase in the message title), in the response message you r... Read more

A:Ransomware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===The only solution found so far on this infection is to make a system restore.Success here:https://www.opengrow.com/topic/46027-holding-my-comp-hostage/Try to do a system restore under utilities. It will take your computer back a few days, before the evil crack head got a hold of it. Let me know if it works or not.

Read other 2 answers
RELEVANCY SCORE 31.2

I believe my computer has been infected with ransomware called Locky. It has encrypted all of my Word files, and there's a ransom note. I have no intention of paying the blackmailers, and am hoping someone here might know how to deal with the problem. There are companies purporting to have remedies, but I have no idea whether or not any of them are effective, or not. Any help will be appreciated. Here are screenshots of the .doc properties, the page identifying the malware, and the ransom note. Thanks in advance.

Read other answers
RELEVANCY SCORE 31.2

Hi there as you are all aware there is a lot of ransomware about on the tv in the news so i wonder if antone can help with a bit of advice i have the latest web user magazine and in that it says i should back up my entire pc to cds or dvd as putting it on an external h/d can be risky what i want to know is this the thing to do will i be safe doing this have a look at the web site i was given see for your self www.broadexsystems.com/discarchiver mant thx
 

Read other answers
RELEVANCY SCORE 31.2

Hi All,
A friend of mine recently had an online experience where he was browsing and a screen popped-up telling him he had been downloading blahblahblah, demanding $300 , locking his computer, he thinks. He is a bit of a novice on-line and I first thought he had some ransom malware or virus. He said that it locked his browser and couldn't shut down his computer. When he brought it over, I turned it on and was expecting to see a blocked computer screen but it booted normally into Windows. He is using Windows Firewall, AVG Free and Malwarebytes Free for security and Windows Updates are current. I ran AVG scan and it showed no infections, ran MBAM and all it showed was the Ask Bar, which I allowed it to remove. Then ran AVG and MBAM in Safe Mode. AVG scan in safe mode showed 92 infections? and MBAM showed nothing. I then ran TDSS Killer, Hitman Pro and Kaspersky Rescue Disk 10 and AVG and MBAM several times in normal and safe mode. Nothing seems to show up except when I run AVG in safe mode, or maybe I don't understand the report (please see attached).
Sorry for the lengthy post, but any help to make sure his machine is clean would be greatly appreciated.

A:Ransomware?

Sounds like in addition to having some infections found by avg; I would also download, install, and run superantispyware from the following link and let it scan for spyware:

SUPERAntiSpyware - Downloading File

Read other 6 answers
RELEVANCY SCORE 31.2

after following a link my computor now shows me this

Attention!
Your computer has been blocked because of violating internet usage rules.
To unblock it you have to pay $100 to the U4752418 account of the Liberty Reserve payment system. After the payment you'll be provided with the code of automatic unblock.
In case of payment refusal, all of the information on your computer will be deleted without ability to restore.
Attempt of avoiding the blocked state without using the code will lead to full erase of the information stored on your computer.

i followed the help posted by teacup61 on another post i got quite far until i typed in bash ransom.sh the script that followed wasnt what i was told.

does anyone have any sugestions? right now i would be happy if someone would tell me how to format the drives without being able to login

thank you

A:Ransomware

Hello jcabourne,

Yes, I posted that before I realized it is not the same thing......we can fix it if you don't want to reformat. We've just got it figured out, so we do have a successful resolution under the belt if you want to do it.

tea

Read other 2 answers
RELEVANCY SCORE 31.2

I posted this yesterday but I think it was in the wrong forum.
Running Windows XP Media Center
I believe that the malware I have is called Ukash.
Once Windows loads, I get the request for $$ and the computer is completely frozen, including the mouse (how you're supposed to enter the code is beyond me).
I am unable to start Windows in safe mode as well.
I have already tried the Kaspersky rescue disc and run a full system scan. Two Trojans were found and cleaned but it has not made a difference. I am still locked out of my computer.
Any help will be greatly appreciated.
RCTekkie.

A:Ransomware

Download and run:
Hitman kickstart http://www.surfright.nl/en/kickstart

Read other 8 answers
RELEVANCY SCORE 31.2

I had one of those FBI ransomware viruses. I went through some steps outlined. I couldn't run the emsisoft emergency kit. I loaded it, but the buttons would not work. I Used Emsisoft ant malware which found and removed 6 items. I went through some steps prscribed for another user. I may have not gone in the right order. I can log on but things are not working correctly. It is almost as if the whole computer has been resent with new settings. Help is appreciated.

A:Had a ransomware not sure what else

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 16 answers
RELEVANCY SCORE 31.2

Running Windows XP Media Center
I believe that the malware I have is called Ukash.
Once Windows loads, I get the request for $$ and the computer is completely frozen, including the mouse (how you're supposed to enter the code is beyond me).
I am unable to start Windows in safe mode as well.
I have already tried the Kaspersky rescue disc and run a full system scan.  Two Trojans were found and cleaned but it has not made a difference.  I am still locked out of my computer.
Any help will be greatly appreciated.
RCTekkie.

A:Ransomware

This is a duplicate topic but was posted in the wrong forum and moved by a Moderator. Another duplicate has been deleted.Since you are already receiving help here, please continue in that thread. Do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning to remove duplicate postings...time which could have been provided to others needing assistance and prevents your helper from knowing what else you have done.Thanks for your cooperation.This thread is closed. If you have any questions, please PM me or another Moderator.

Read other 1 answers
RELEVANCY SCORE 31.2

Hello,

what is a good way of protecting my office server from Ransomware? I was doing daily backups on an always plugged in USB but it got hit too (no i cant plug it in and out every day)

Will a NAS help? is CrashPlan better solution? Maybe Macrium Reflex HOME edition that has this Ransomware protection is just enough?
 

A:Ransomware

Office environment? Why not use Software Restriction Policy software?

Office or business environment is better protected when using default-deny model of protection.
 

Read other 2 answers
RELEVANCY SCORE 31.2

A lady I do a lot of tech work for just contacted me and said that when she starts her laptop she gets an audio message that says "But our support engineers can walk you through the removal process over the phone if you close this page before calling us we will be forced to disable your computer to prevent further damage to our network".

Any ideas? I don't trust her browsing, not that she goes to the wrong websites on purpose, but she insists on using Yahoo search engine and half of the time clicks the top results (ads).

Read other answers
RELEVANCY SCORE 31.2

My hubby was surfing the net and got hit with the USA Cyber Crime Investigation rasomware virus.  The computer is locked up and I am fearful of doing anything without expert guidance.  I am hoping you all can lend a hand.
 
The laptop is running Windows 7.  I am assuming it is a 64 bit but I am not 100% sure.

A:Got Hit with Ransomware

Hello BerriesI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

Read other 24 answers
RELEVANCY SCORE 31.2

Hi everybody:
Have you seen this ransomware window?Do you know what name has this cryptoware?Is it "famous" or it is new?
Thank you very much
 
 

A:New ransomware?

The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

Read other 2 answers
RELEVANCY SCORE 31.2

My dell Inspiron duo is infected with the Cheshire police ekash virus pretty much I have no idea what to do so help would be appreciated ! Thanks

A:Ransomware

G'day Jordstew123, and Welcome to BC.
 
This looks like it may fit your situation...
 
http://www.bleepingcomputer.com/virus-removal/remove-united-kingdom-police-virus
 
If you need help with this....post a fresh topic....and then be prepared to be Patient...
 
 
Please follow the instructions in the Preparation Guide For Requesting Help  starting at Step #6.
 
When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs   forum, NOT here, for assistance by the Malware Response Team Experts.
NOTE :If you are unable to complete any step, please just post the topic and leave a good description of your problems
Best of Luck !

Read other 11 answers
RELEVANCY SCORE 31.2

Hello, I'm running Windows 64 bit and have recently gotten what looks to be a bad version of the ICE Ransomware virus.

I am unable to login to my account normally due to the ransom screen popping up immediately and going to the BSOD after several moments.

None of the safe-mode options work. Even safe-mode with command prompt which is what I usually due in this kind of situation. I've always been able to use the rstrui.exe to solve this type of issue but not this time. When I enter my password and try to login in safe-mode it says "shutting down" and then "restarting" which it proceeds to do.

When I put in my Windows installation disc and boot from it I know it's supposed to go to a screen where you can either repair, format and reinstall or restore previous state. When I boot from CD/DVD it just goes to a BIOS screen where it says at the top "Windows failed to load" or something like that. It then lists the same options that I have already tried.

-Safe-mode
-Safe-mode with networking
-Safe mode with command prompt

I've also tried Hitman.Pro Kickstart and got the message MRB Failed to load. The only thing that worked with Kickstart was the boot normally option which ended up getting the ransomware screen again.

The only thing I haven't tried yet is Kaspersky 10 Repair disc which I will try tonight, but I'm not holding my breath.

Every forum I've seen on this issue seems to say if safe-mode doesnt work use your installation d... Read more

A:Bad ICE Ransomware, Please HELP!

Since you've also posted for assistance at Bleepingcomputer and stated to them that you will continue with them, this thread is closed.

Read other 1 answers
RELEVANCY SCORE 31.2

Hi,
Few days ago I got redirected to a page with the fbi ransomware that popped up. Couldn't exit out of the screen so I ctrl-alt-dlt and shut down chrome that way. I don't have the typical symptoms that most infected users have. I have no symptoms whatsoever. Computer works fine. I do use a hosts file to block not sure if that helped or not. I did a scan with Macafee, which is my main antivirus and nothing turned up. Downloaded Malwarebytes, nothing showed up except for a few pups. Spybot showed nothing except for 2 or 3 false positives. Last night I scanned with Emsisoft, and nothing showed up except for Trace.registry.universalsearchtoolbar (med risk) and Gen:[email protected] (high risk) however the latter is a false positive, confirmed with developer of that particular file. I haven't deleted anything from the scans but I need to make sure there is nothing that buried itself in the background to be on the safe side.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Jonathan at 13:06:03 on 2013-12-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16288.7088 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy... Read more

A:fbi ransomware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518511 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 10 answers
RELEVANCY SCORE 31.2

Just picked up a laptop from someone who got hit by ransomware encryption. I'm familiar with cryptowall and some the traces it leaves behind but this seems to be a little new. There isn't any html pages that open with images other than the text below. It doesn't really state what ransomware that they got..  All of their file extensions got changed to a .abc files extension (ex:  "Test.docx.abc"). I've tried correcting the file extensions but when opening in the proper programs it says the files are corrupted. Also in all folder locations it has put the decryption files "restore_files_rvrk.txt" and "restore_files_rvrk.html" which just say the text below (I took out the web addresses it listed at the end). They do not have any system restore points and none of the files can be restored to a previous version so I am probably just going to do a rebuild on the laptop  but I was curious to see what you guys thought.
 
 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
 
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
 
H... Read more

A:Has anyone seen this Ransomware?

You are most likely dealing with a newer unnamed variant of TeslaCrypt which is for the most part the same as Alpha Crypt.Any files that are encrypted with the newer unnamed variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa or .abc extension appended to the end of the filename. The .aaa/.abc variant drops files with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt files, (where ***** are random characters) and pretends to be CryptoWall 3.0.A repository of all current knowledge regarding TeslaCrypt, Alpha Crypt and newer variants is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQInformation about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCryptFrom the above topicUnfortunately there is no way how to decrypt .xyz, .zzz and .aaa variants without Tesla's 256 bit private key or logged request to server encrypted by AES sent before encryption started.BloodDolly, Post #123There is an ongoing discussion in this topic: New TeslaCrypt version that uses the .EXX extension Support & Discussion.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will als... Read more

Read other 1 answers
RELEVANCY SCORE 31.2

Running Windows Vista infected with FBI ransomware. When I try to open the infected user profile in safe mode it executes a restart command into normal mode. Does this for safe mode and safe mode with networking. Can open safe mode with command prompt. All other user profiles open without issue. Ran Norton power eraser under a different administrator account yesterday. It found yhych eytig.exe and removed it problem still exists on my main user account. Thanks in advance for any help.

A:fbi ransomware

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 24 answers
RELEVANCY SCORE 31.2

My laptop (Windows XP) got infected last night w/ FBI Ransomware. I am required by my employer to have Microsoft Security Essentials. I ran a full scan and pulled of some "threats" last night, however it was obvious the computer was still infected. Before joining and reading some rules in the forum, I downloaded ComboFix (using another computer) onto a flashdrive. I started my laptop in Safe Mode w/ Networking and transferred the ComboFix to the desktop. I've run ComboFix. I have a log, which I can post to the appropriate place when directed to do so. What next???? Thank you in advance!! SDD

A:FBI Ransomware

We do not analyze combofix logs hereRead the guide here on preparing logshttp://www.bleepingcomputer.com/forums/topic34773.htmland create a topic herehttp://www.bleepingcomputer.com/forums/forum22.htmlGood luck

Read other 1 answers
RELEVANCY SCORE 31.2

Hi folks,

My friends computer is showing the message below just after the password screen. I've run ransom.sh, drivers.sh and shellfix.sh to no avial. Any ideas?
Attention!
Your computer has been blocked because of violating internet usage rules.
To unblock it you have to pay $100 to the U4752418 account of the Liberty Reserve payment system. After the payment you'll be provided with the code of automatic unblock.
In case of payment refusal, all of the information on your computer will be deleted without ability to restore.
Attempt of avoiding the blocked state without using the code will lead to full erase of the information stored on your computer.

A:Ransomware!

Hello Flangehead ,

Can you please verify something for me? You can get into Xpud all right? And, can you see the Operating System? It would be sda1 or sda2, or similar.

Thanks,
tea

Read other 49 answers