MarcK 0 Posted February 6, 2017 Report Share Posted February 6, 2017 I understand there is no fix currently for the wallet malware correct? Can you please advise if there is anything that needs to be run on the pc's to see if the malware is still present on the machine? Quote Link to post Share on other sites
Elise 276 Posted February 6, 2017 Report Share Posted February 6, 2017 Hello, You can just run a Malware Scan with Emsisoft Anti-Malware or Emsisoft Emergency Kit, which you can download from our product website. 1 Quote Link to post Share on other sites
MarcK 0 Posted February 6, 2017 Author Report Share Posted February 6, 2017 Thanks, are you looking for the results of this to analyze or does this tool actually remove the malware from a potentially infected pc? This has gone through and infected 1000's of files on my file server. There is no fix for this as of yet correct? Quote Link to post Share on other sites
Elise 276 Posted February 6, 2017 Report Share Posted February 6, 2017 The scan will give you to delete or quarantine any files detected yes. If you want to be sure you can delete everything found, please feel free to post the scan log here. Based on your information decryption is not possible. Just to be sure you identified the correct variant, you can check it here: https://id-ransomware.malwarehunterteam.com/ Quote Link to post Share on other sites
MarcK 0 Posted February 6, 2017 Author Report Share Posted February 6, 2017 This malware has renamed everything including IE and Chrome such that they cannot be launched. Any other ides on how to upload samples? Quote Link to post Share on other sites
MarcK 0 Posted February 6, 2017 Author Report Share Posted February 6, 2017 Please see print screen on server when I login. Quote Link to post Share on other sites
Elise 276 Posted February 7, 2017 Report Share Posted February 7, 2017 TBH, in that case I'd just wipe/reinstall the server because since encryption is not possible, it is unlikely you will be able to restore functionality (you can reinstall a number of programs, but if IE's been affected, then likely so are other Windows components. You can transfer files using a flash drive, just make sure it does not contain anything important in case the encryption process is still active. The actual executables shouldn't spread on a USB drive, meaning that content could be encrypted, but it could not be used to transfer the infection to another computer. . Quote Link to post Share on other sites
MarcK 0 Posted February 7, 2017 Author Report Share Posted February 7, 2017 Did an analysis and its the Dharma virus. It even renamed the local copy of the backups I was keeping, but not the cloud version. So no fix for this as of yet? Best Marc Quote Link to post Share on other sites
Elise 276 Posted February 7, 2017 Report Share Posted February 7, 2017 No, unfortunately no decryption is possible for that variant. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.