josevm700

i need help.rasomware

Recommended Posts

The problem I have is a rasomware since most of my documents have been encrypted. Already tried to use scrapers but none works and I do not know what else to do please I need your help. Thanks

With this name appear my documents :

[[email protected]] .5547467959573176636D55674C5342455A574E765A4755756258417A0D0A.happydayzz

The rescue request is like the globe.

scan_170319-230946.txt

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hi josevm700,

This is a new ransomware, we will need a sample of this to analyse.

Did you install C:\AntiShortCut\AntiUsbShortCut.zip?

Please upload the following file to VirusTotal.:

C:\Users\TECHI\AppData\Local\Temp\i4jdel0.exe

  • Please press the Scan it! button for each individual file to produce a fresh scan of each file.
  • When the scan completes, please copy and paste the URL/link for the analysis of each file from the top of the VirusTotal screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

 

Regards,

Sarah

 

Share this post


Link to post
Share on other sites

 

This is from C:\Users\TECHI\AppData\Local\Temp\i4jdel0.exe

https://www.virustotal.com/es/file/9090e674834008f3bfad5d19cc9b1b44702700d337ac26628d2c9076ada09e60/analysis/1490308726/

And of antishortcut I do not remember to have installed it but I think that it was previously had by the date and the infection of my pc was the 18/03/17

And tried to look for the file but it seems that it is also encrypted

 

Share this post


Link to post
Share on other sites

Hi josevm700,

Makes sense. Unfortunately, it looks like the malware sample isn't there anymore, meaning there is not much we can do currently. This ransomware came via malware already running on the system, which if you were running an antivirus it should have caught it. I suggest changing all passwords.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi
Which passwords?
If I had to uninstall my old antivirus since I realized it was not working and I think that is why I infiltrated this rasomware but already install another. I will be able to eliminate all viruses since they told me not to do anything to get the tests.
Do you think I have to keep waiting if there is any arrangement or I lose all the encrypted documents?
Regards

Share this post


Link to post
Share on other sites

Hi josevm700,

Any banking, email, Facebook and accounts you wouldn't want someone accessing.

That's definitely possible, I am glad you installed an antivirus now though. I suggest backing up your encrypted files and waiting for a solution to happen, for the time being. If anything changes, I will post here.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Hi josevm700,

We did find a sample of this ransomware, but it seems to be secure. You can either pay the criminal (we do not recommend this) or wait for a possible solution.

Regards,

Sarah

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.