I have uploaded a file to https://id-ransomware.malwarehunterteam.com/ and it is coming back as AI-Namrood. The system was scanned using the paid version of Malewarebytes which did not find anything. A large amount of the files are encrypted like the attached file. My question is what do I need to do to make sure it's really gone. I did notice a large amount of attempts to log in from an unknown IP with no PID with a ton of user name guesses in the security log. I have since turned off the IIS server and it seems to have stopped the flood of attempts but the machine went off-line and is currently unreachable. It appears to have encrypted a large amount of pdf/doc/excel files but it also seems to have stopped my BackupExec because the services will no longer start and various other programs are now broken as well. All files are marked with the [email protected]
address.The services for BackupExec were also marked as disabled when I went into see why it wouldn't start but I haven't seen anything online about this happening to other people. This is machine is running Server 2008 and I cannot run the Emergency kit because of the OS level but theFRST log is attached. What other info would be needed to be sure I have gotten rid of this Ransomware? Our backups should be good from a few days back I am hoping. We do not plan on paying this criminals off. I would like to not have to rebuild the server from scratch.
Any help is greatly appreciated