Help, my PC is infected with the .locky ransomware.

[Ferrari 0]

Recently our office computer has been infected with the Locky ransomware, and the majority of the files are encrypted. I'm aware that there isn't a way to decrypt the files at this point.

Thank you!

 

~Austin

Addition.txt

FRST.txt

scan_160602-110148.txt

[Kevin Zoll 309]

Austin,

This will remove what I see in your logs.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

(Microsoft Corporation) C:\Windows\Temp\2C4B866F-5240-42AB-B0FB-BCC892718112\DismHost.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2223335084-2945628509-1393833174-1001 -> {06374647-9CF6-40AB-A73A-1CC136754827} URL = 
2015-05-13 09:54 - 2015-05-13 09:54 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-04 09:22 - 2015-04-04 09:22 - 0000017 _____ () C:\Users\Andy\AppData\Local\resmon.resmoncfg
2016-05-17 09:42 - 2016-05-17 09:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-28 14:46 - 2014-08-28 14:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-08-28 14:44 - 2014-08-28 14:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-08-28 14:44 - 2014-08-28 14:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-08-28 14:45 - 2014-08-28 14:46 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-08-28 14:43 - 2014-08-28 14:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
CustomCLSID: HKU\S-1-5-21-2223335084-2945628509-1393833174-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll => No File
Task: {11169AD3-1B4C-45E6-AF1C-690DBE24BE56} - System32\Tasks\UpdaterEX => C:\Users\Andy\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {25BF84DE-FC0A-4C96-856D-3DC3798E6336} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {35BD7D23-CC89-4395-9E48-9105991D03D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {36317237-B23E-43A3-A190-6DC4FE664E99} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {38E58D7A-38BF-480A-8C07-128C4E361CBA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {45382CE7-6102-40FC-A353-FAB02790A6DA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {472C6D00-4752-4430-BCCD-908382968521} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {53E8E54F-A825-4B39-9D83-53EB97336E28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {632B01B8-1335-4CFA-B4EB-E7AD6B8807B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {69EF2607-7401-4DE9-89AB-F47493519FA2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8A0BE104-4711-4A57-82CC-3E10891F977E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {93B4D542-EC1C-434E-B2C1-9DBFE006B42D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {97483647-1D95-4F0C-A50B-B161EB2DBD2E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F9D97A1-CAC5-4D8C-A739-C0053BF52901} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E37A6C6A-1F5B-499C-970D-43CAB2317568} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Andy\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\WINDOWS\Tasks\UpdaterEX.job
C:\Users\Andy\AppData\Local\Microsoft\Windows\INetCache\IE\F4J3J6C8\78tg768b[1].txt

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.