josevm700

i need help.rasomware

12 posts in this topic

The problem I have is a rasomware since most of my documents have been encrypted. Already tried to use scrapers but none works and I do not know what else to do please I need your help. Thanks

With this name appear my documents :

[[email protected]] .[email protected]ydayzz

The rescue request is like the globe.

scan_170319-230946.txt

Addition.txt

FRST.txt

0

Share this post


Link to post
Share on other sites

I have moved this to the appropriate forum.

0

Share this post


Link to post
Share on other sites

Hi josevm700,

This is a new ransomware, we will need a sample of this to analyse.

Did you install C:\AntiShortCut\AntiUsbShortCut.zip?

Please upload the following file to VirusTotal.:

C:\Users\TECHI\AppData\Local\Temp\i4jdel0.exe

  • Please press the Scan it! button for each individual file to produce a fresh scan of each file.
  • When the scan completes, please copy and paste the URL/link for the analysis of each file from the top of the VirusTotal screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

 

Regards,

Sarah

 

0

Share this post


Link to post
Share on other sites

 

This is from C:\Users\TECHI\AppData\Local\Temp\i4jdel0.exe

https://www.virustotal.com/es/file/9090e674834008f3bfad5d19cc9b1b44702700d337ac26628d2c9076ada09e60/analysis/1490308726/

And of antishortcut I do not remember to have installed it but I think that it was previously had by the date and the infection of my pc was the 18/03/17

And tried to look for the file but it seems that it is also encrypted

 

0

Share this post


Link to post
Share on other sites

Hi josevm700,

Makes sense. Unfortunately, it looks like the malware sample isn't there anymore, meaning there is not much we can do currently. This ransomware came via malware already running on the system, which if you were running an antivirus it should have caught it. I suggest changing all passwords.

Regards,

Sarah

0

Share this post


Link to post
Share on other sites

Hi
Which passwords?
If I had to uninstall my old antivirus since I realized it was not working and I think that is why I infiltrated this rasomware but already install another. I will be able to eliminate all viruses since they told me not to do anything to get the tests.
Do you think I have to keep waiting if there is any arrangement or I lose all the encrypted documents?
Regards

0

Share this post


Link to post
Share on other sites

Hi josevm700,

Any banking, email, Facebook and accounts you wouldn't want someone accessing.

That's definitely possible, I am glad you installed an antivirus now though. I suggest backing up your encrypted files and waiting for a solution to happen, for the time being. If anything changes, I will post here.

Regards,

Sarah

0

Share this post


Link to post
Share on other sites

Hi josevm700,

We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution.

Regards,

Sarah

0

Share this post


Link to post
Share on other sites

Hello
I think I'd better wait a while to see if there is any solution to this problem.

0

Share this post


Link to post
Share on other sites

Hi josevm700,

Hopefully we have a solution eventually.

Regards,

Sarah

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.