Recommended Posts

I understand there is no fix currently for the wallet malware correct?  Can you please advise if there is anything that needs to be run on the pc's to see if the malware is still present on the machine?

Share this post


Link to post
Share on other sites

Hello,

You can just run a Malware Scan with Emsisoft Anti-Malware or Emsisoft Emergency Kit, which you can download from our product website.

  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks, are you looking for the results of this to analyze or does this tool actually remove the malware from a potentially infected pc?  This has gone through and infected 1000's of files on my file server.  There is no fix for this as of yet correct?

Share this post


Link to post
Share on other sites

The scan will give you to delete or quarantine any files detected yes. If you want to be sure you can delete everything found, please feel free to post the scan log here.

Based on your information decryption is not possible. Just to be sure you identified the correct variant, you can check it here: https://id-ransomware.malwarehunterteam.com/

Share this post


Link to post
Share on other sites

This malware has renamed everything including IE and Chrome such that they cannot be launched.  Any other ides on how to upload samples?

Share this post


Link to post
Share on other sites

TBH, in that case I'd just wipe/reinstall the server because since encryption is not possible, it is unlikely you will be able to restore functionality (you can reinstall a number of programs, but if IE's been affected, then likely so are other Windows components.

You can transfer files using a flash drive, just make sure it does not contain anything important in case the encryption process is still active. The actual executables shouldn't spread on a USB drive, meaning that content could be encrypted, but it could not be used to transfer the infection to another computer.

.

Share this post


Link to post
Share on other sites

Did an analysis and its the Dharma virus.  It even renamed the local copy of the backups I was keeping, but not the cloud version.  So no fix for this as of yet?

 

Best

 

Marc

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.