MarcK 0 Report post Posted February 6, 2017 I understand there is no fix currently for the wallet malware correct? Can you please advise if there is anything that needs to be run on the pc's to see if the malware is still present on the machine? Share this post Link to post Share on other sites
Elise 242 Report post Posted February 6, 2017 Hello, You can just run a Malware Scan with Emsisoft Anti-Malware or Emsisoft Emergency Kit, which you can download from our product website. 1 Share this post Link to post Share on other sites
MarcK 0 Report post Posted February 6, 2017 Thanks, are you looking for the results of this to analyze or does this tool actually remove the malware from a potentially infected pc? This has gone through and infected 1000's of files on my file server. There is no fix for this as of yet correct? Share this post Link to post Share on other sites
Elise 242 Report post Posted February 6, 2017 The scan will give you to delete or quarantine any files detected yes. If you want to be sure you can delete everything found, please feel free to post the scan log here. Based on your information decryption is not possible. Just to be sure you identified the correct variant, you can check it here: https://id-ransomware.malwarehunterteam.com/ Share this post Link to post Share on other sites
MarcK 0 Report post Posted February 6, 2017 This malware has renamed everything including IE and Chrome such that they cannot be launched. Any other ides on how to upload samples? Share this post Link to post Share on other sites
MarcK 0 Report post Posted February 6, 2017 Please see print screen on server when I login. Download Image Share this post Link to post Share on other sites
Elise 242 Report post Posted February 7, 2017 TBH, in that case I'd just wipe/reinstall the server because since encryption is not possible, it is unlikely you will be able to restore functionality (you can reinstall a number of programs, but if IE's been affected, then likely so are other Windows components. You can transfer files using a flash drive, just make sure it does not contain anything important in case the encryption process is still active. The actual executables shouldn't spread on a USB drive, meaning that content could be encrypted, but it could not be used to transfer the infection to another computer. . Share this post Link to post Share on other sites
MarcK 0 Report post Posted February 7, 2017 Did an analysis and its the Dharma virus. It even renamed the local copy of the backups I was keeping, but not the cloud version. So no fix for this as of yet? Best Marc Share this post Link to post Share on other sites
Elise 242 Report post Posted February 7, 2017 No, unfortunately no decryption is possible for that variant. Share this post Link to post Share on other sites
