Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. What constitutes a "neutral extension"? The file I assume is the culprit is an .exe. So do I restore the files, then immediately turn off my antivirus, then pack them up in a .rar/.zip, then upload?
  2. Thank you so much, that is massively helpful. So if possible, I can just let it restore the files without any adverse effects to my PC? As long as I don't open them, right?
  3. I totally understand. I made an assumption that I at least appeared slightly more tech-savvy than most who post in this forum because I provided so much detail. That's on me, I apologize. No matter, I meant no harm by what I said at least. I'm just really itching to reinstall this PC, I want this to be as over as it can be as quickly as possible. Kaspersky is the software I used to scan & clean. It says it deleted the .exe file, but it also seems I can restore it? I actually see a bunch of "interesting" files in the quarantine section of Kaspersky. DiskWriter.gen - Hosts2.gen - SelfDel.pef amongst others. Would any of these be of any use to you alongside the loader tool .exe?
  4. I'm fully aware of everything you just said, I'm not new to computers, hardware or software. When one has done something for a good decade or two with no negative consequences though, that habit is hard to break. Especially when it's easy and free, considering my extremely low income, being disabled. Habit's broken now, I learned my lesson. I can't use this information for anything at all right now. Because I know it already and it doesn't help me move on from here. I need to know how to extract the malicious file so I can upload it and finally format and reinstall this computer. Thanks, though.
  5. There's only one thing that could really be the culprit on my system. In my case, it's most likely a Windows Activation Loader. I know. I'm aware. Never had an issue before. But I had to re-get it after dualbooting my system with Windows 10 as well. Just a few weeks ago. Then one day, my computer utilized 100% CPU for a few minutes after booting and everything was encrypted. That file is still in quarantine somewhere, I just need to figure out how to safely get it and upload it.
  6. That would be great. I, however, am more proficient in other areas of computing, so I have no clue how to safely get it, store it and upload it for you. Do you have a guide or a quick step-by-step for me? Do I restore the file via my antimalware software (is that even safe?) or grab the (what appears to be encrypted/split apart) bits in the quarantine folder, is my main question?
  7. It seems Rajesh has been attacked by the exact same ransomware or at least the same people that I was though. I really want to wipe my drive and start over, so can I grab the quarantined malicious file for you guys first? Will that help any?
  8. ShadowPuterDude - Thanks! I hope it can help. It's a horrific thing to do to people :( --------- Demonslay, I've only found 2 files that have the .xls.mme file ending, everything else is just .xls files. So hopefully they aren't all double-encrypted >.< I will keep an eye out for developments on the GlobeImpostor 2.0 front, thank you very much for the relevant and detailed response. If I have a copy of the malicious file in a temp folder somewhere (have not cleared those yet it seems), how would I go about finding it for you guys?
  9. Thank you very much. Is there any way this information can provide a positive ID for me so I can keep an eye out for future decryption possibilities?
  10. Yesterday, I was hit with the above. I have to admit I panicked and wiped anything my antimalwares found when I had discovered it and pulled the internet as well as non-essential hard drives, so I have no clue what the name of the original malware file was, nor do I think I have a copy. I can almost guarantee it was nested and hibernating in a Windows Loader Tool. (I know, lesson learned.) All .exe files from my C-drive software have vanished and next to all remaining files on this partition has the .XLS extension. (As well as a good chunk on my external harddrive that I used for backup. Also not wise, I'm aware now.) There are very few .XLS.MME. A new partition of 499MB has been created, of which 35MB has been used, despite it only containing the ransom note which is a 1,40KB file (I do have hidden files shown). I also can't make changes to boot in msconfig, there's just nothing there. (I'm dualbooting win7 with win10 secondary. I know I'm behind but I'm autistic and Win10 just doesn't work for me mentally yet.) When trying to check the safe mode boot option, I get an error message and cannot check it again. I've put the ransom note, a few different .xls encrypted files, a screenshot of the msconfig issue and an .xls.mme file in a .zip folder. I've also added the file found in my \AppData\Roaming as Kaspersky advised on one of their recovery tools that it might hold a key or ID that could make recovery easier, as far as I could gather. I'm aware that there probably isn't a functioning decryption method currently, but I'm hoping these files can be of assistance in getting me a solid identification for future reference and possibly help decryptors find a solution down the road. I tried using dropmefiles, but I got an error message in russian so I hope filebin is okay. The link to the .zip: https://filebin.net/nhso3s8nrj5yt1q3 The link they want me to open: http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV Alternative link given: http://helpqvrg3cc5mvb3.onion/ ID: 49 FC B2 C3 E4 94 A2 4B 5A 42 85 04 86 D4 15 9B 40 05 D5 E6 F9 FA D0 46 3D F7 9E 70 69 78 43 F3 51 BA 4F 54 47 20 D6 D7 95 C1 E1 5E 81 74 70 23 98 0A 83 B7 B7 18 ED 80 AB B4 95 A0 21 91 DE EC C9 50 64 4D E7 13 5E F0 BF 50 D5 70 36 A2 8E 7E D6 61 F3 6F 9A CB FC 1C A7 A2 13 BE AA 3A FB 35 45 07 FD 60 20 65 61 35 56 CC B2 29 54 37 8E 5C FF A9 4F D2 DC BE 13 F1 D1 CD 2E 17 17 E8 4B CC 6C DF 56 8D D6 AF AA C9 4F 9C 6B B6 38 EE AA 9C B8 50 6D 73 CC 97 98 8A 92 AA F1 7E D0 3B E7 A7 E9 1E 0F 37 2F 3A 17 09 25 A5 AF 82 C1 EB 0A 3E 29 A4 76 C5 55 52 2C A9 09 47 F9 3A D9 68 81 68 74 05 E1 70 5B F0 96 72 56 9E 58 9E 4C DF 7A 34 08 86 B7 A8 DB 68 12 6D C4 3E 44 97 78 FC 37 C0 6F 29 48 13 7F 7D 68 22 48 10 E9 23 B0 5E AF 72 3A 24 91 DC 32 0E A3 15 F0 5B 42 4D DD FD 03 A5
  • Create New...