Jump to content

Help, my PC is infected! .locky virus


Recommended Posts

Hello

my client just got infected with the locky virus ....

unfortunately the mapped drives got infected and we need the data.

since i assume that you cant decrypt the files yet ... can you tell me if we would get the key if we would pay the 4 BTC. we need the files.

(i know about backups ... the server is safe, but it affected the NAS, and those files are mirrored but not backuped)

 

pls let me know if you have any ideas

 

thank you

 

 

Addition.txt

FRST.txt

scan_160528-164335.txt

Link to post
Share on other sites

You are infected with Locky and not AutoLocky. Files that have been encrypted by Locky cannot be decrypted.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

Winlogon\Notify\ScCertProp: wlnotify.dll [X]
2016-04-28 09:33 - 2016-04-28 09:33 - 00000000 ____D C:\Users\USER2b\AppData\Local\ACP
Task: {0B35D866-76EC-4D1F-B634-F0D3EE0AFE2F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {33B1B314-075F-4E71-965F-7C7C8292721A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3B80BF01-0D4C-4B76-8AA4-9D5759F80AE4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {630E5403-7D0F-47F8-B5BD-BE7A3A56BF55} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {696B5A85-4307-4B66-8D6F-E330061E953E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6CD6C52A-215F-46F2-B8BC-7FFB3EBDB456} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {77CF439D-BAEA-47B9-BAED-2C8F9BD39334} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7A5CB700-9348-4BD0-918E-9F0EEFB5021E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {7F848CCE-A615-454C-B40E-00EC76C928AE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {85177D4D-7806-412E-834A-2FF19E7E70F0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B4B90B0C-08F4-4DAF-A5DD-57FEC655B8E0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {D52D1838-89D5-4417-B7EB-3B036F9783C6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

thank you helping: i'm right that this file just eliminates the virus from the machine. we disconnected the computer from the network anyway. does the virus spread over the LAN as well or does the virus only operate from the one machine and destroys the files in the LAN ?

 

will you ever be able to decrypt the files you think?

shall we pay?

Link to post
Share on other sites

The script I sent only eliminates the what is shown in the script. Some ransomware variants are capable of encrypting network shares, at present none of the ransomware variants have displayed the ability to infect other machines on the network.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...