Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Belle28

  1. ok, will re-run and post. will be a bit
  2. I do have a question about this ransomware stuff. from what I've read they can encrypt docs on a mapped drive. can it (the ransomeware) get to docs through a shortcut to a shared folder on the network? also would it make a different if the file extension are hidden - since they look for particular file extension?
  3. ok, file run from admin attached. Addition.txt FRST.txt scan_160526-115145.txt
  4. I'll try to log in to the local machine as admin. stand by. sorry, apparently I was logged in as the user last time. will get the correct files to you in a bit
  5. I've attached the files. the machine seems to be running ok. I have it completely off the network now. have tried several of the decryptors to recover all the files and nothing has worked so far. the marketing person - the user that got infected - is freaking out becasue all her docs and spreadsheets were on that machine, and no backup of course. told her to be patient. Addition.txt FRST.txt scan_160526-105412.txt
  6. fixlog file attached. Next step? Fixlog.txt
  7. ok, ran from infected user, attached files. trying the decrypt_crypboss.exe now. it asked about an email address in the randsomeware note and there was no email address - I used the default. Addition.txt FRST.txt scan_160525-110808.txt
  8. Ok, i've re-run the EEK and FRST and have attached the files. also ran the fixlist, as instructed above and attached. Next step? the decrypt_gomasom.exe didn't work. Addition.txt Fixlog.txt FRST.txt scan_160525-061525.txt
  9. the text docs I attached where from the infected machine. when I tried to update the EKK i kept getting a message saying it couldn't connect to the server. I can re-run those two, EKK and FRST, in the morning. i going to let the decrypt_gomasom.exe finish - which will probably be several more hours.
  10. Hi, the decrypt_gomasom.exe is still running. it's really slow and I'm letting it run. you asked about log files. what logs files are you looking for/where can I find them? also in your code, it's the jdm user that was infected. I don't see that user mentioned in your code.
  11. Hi, I work for a small family owned business and our marketing person got infected with ransomware. I followed your instructions and ran the Emsisoft Emergency Kit and then the Farbar recovery scan tool. Neither one would update - kept getting could not connect to server... It didn't look like the Emsisoft Emergency kit found the problem, I've attached the required files. the encryption infection is under user jdm. I've also attached the ransome text file and one of the encrypted files. Note: it won't let me attache the infected (the .cyprt) file. Please let me know what my opt
  • Create New...