Haris Shabbir

Member
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Haris Shabbir

  • Rank
    New Member
  1. Actually all the MS office files have been encrypted and dont know where to get the image file now. I have had a malware scan and got the following results. Scan start: 12/17/2016 9:26:21 AM C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe Gen:Variant.Mikey.35617 (B) [krnl.xmd] C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png Trojan.PHP.Ransom.G (B) [krnl.xmd] C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png Trojan.GenericKD.3881767 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\49BC.tmp.exe Gen:Variant.Mikey.53488 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\FE8.tmp.exe Gen:Variant.Mikey.53488 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe Trojan.GenericKD.3512135 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe Gen:Variant.Zusy.207196 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe Gen:Variant.Zusy.207196 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe Gen:Variant.Graftor.301472 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe Gen:Variant.Zusy.207196 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe Gen:Variant.Zusy.207196 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe Gen:Variant.Zusy.207196 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe Gen:Variant.Graftor.312393 (B) [krnl.xmd] C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe Gen:Variant.Mikey.53159 (B) [krnl.xmd] C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6 Trojan.Generic.13113315 (B) [krnl.xmd] C:\Windows\TEMP\TMP000000067315A002D4DA75E7 Trojan.Generic.13113315 (B) [krnl.xmd] C:\Windows\TEMP\TMP000000090497765CB19E941F Trojan.Generic.13113315 (B) [krnl.xmd] C:\Windows\TEMP\TMP0000005C549BAFC2365917B4 Trojan.Generic.13113315 (B) [krnl.xmd] C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E Trojan.Generic.13113315 (B) [krnl.xmd] C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593 Trojan.Generic.13113315 (B) [krnl.xmd] Scanned 85846 Found 20 Scan end: 12/17/2016 9:40:22 AM Scan time: 0:14:01 C:\Windows\TEMP\TMP000000ED05D597AE2BC9A593 Quarantined: Trojan.Generic.13113315 (B) C:\Windows\TEMP\TMP000000AFC04264A80D5B3E6E Quarantined: Trojan.Generic.13113315 (B) C:\Windows\TEMP\TMP0000005C549BAFC2365917B4 Quarantined: Trojan.Generic.13113315 (B) C:\Windows\TEMP\TMP000000090497765CB19E941F Quarantined: Trojan.Generic.13113315 (B) C:\Windows\TEMP\TMP000000067315A002D4DA75E7 Quarantined: Trojan.Generic.13113315 (B) C:\Windows\TEMP\TMP000000030FECD0673CB5E0E6 Quarantined: Trojan.Generic.13113315 (B) C:\Users\User\AppData\Local\Temp\is-N87FO.tmp\helloearth.exe Quarantined: Gen:Variant.Mikey.53159 (B) C:\Users\User\AppData\Local\Temp\is-39KSH.tmp\helloearth.exe Quarantined: Gen:Variant.Graftor.312393 (B) C:\Users\User\AppData\Local\Temp\GPUpd5805B0090.exe Quarantined: Gen:Variant.Zusy.207196 (B) C:\Users\User\AppData\Local\Temp\GPUpd5801BCA20.exe Quarantined: Gen:Variant.Zusy.207196 (B) C:\Users\User\AppData\Local\Temp\GPUpd57FC73AC0.exe Quarantined: Gen:Variant.Zusy.207196 (B) C:\Users\User\AppData\Local\Temp\GPUpd57F881080.exe Quarantined: Gen:Variant.Graftor.301472 (B) C:\Users\User\AppData\Local\Temp\GPUpd57F48DD60.exe Quarantined: Gen:Variant.Zusy.207196 (B) C:\Users\User\AppData\Local\Temp\GPUpd57F09C030.exe Quarantined: Gen:Variant.Zusy.207196 (B) C:\Users\User\AppData\Local\Temp\GPUpd57CA5C390.exe Quarantined: Trojan.GenericKD.3512135 (B) C:\Users\User\AppData\Local\Temp\FE8.tmp.exe Quarantined: Gen:Variant.Mikey.53488 (B) C:\Users\User\AppData\Local\Temp\49BC.tmp.exe Quarantined: Gen:Variant.Mikey.53488 (B) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX1N6EJZ\33ce9[1].png Quarantined: Trojan.GenericKD.3881767 (B) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYBRPGTV\b550dda192e[1].png Quarantined: Trojan.PHP.Ransom.G (B) C:\Program Files (x86)\Safesoft Security\SafesoftSecurity.exe Quarantined: Gen:Variant.Mikey.35617 (B) Quarantined: 20
  2. Hi, My pc is infected with this crap Nemucod thing and all the files have gone to .crypted format. I have tried everything but no use. even tried decrypt_Nemucod.exe but when I try to install the software, it gives the error that not a valid key and couldnt install it. I have attached a sample file which is infected. Can you please check? AMICO - Payments.xls.crypted