Jump to content

my pc is infected,plz help

Recommended Posts

i believe i dont need to explain to much...in attacment, i am sending you a file of the virus/malware...all my files..images,videos,txt,pdf have extension .yhebyu

i tryed a few diffrent programs for removal,tutorials...even wet to see how big is the ransome..600 usd is not even a possibility for a single mother of 2

any help is welcomed with joy


Link to comment
Share on other sites

The extension looks random.

There are several different ransomware infections which append a random 4, 5, 6, 7, 8, etc character extension to the end of all affected filenames to include CTB-Locker, Crypt0L0cker, Magniber, GandCrab V5+, CryptON (Cry9, Cry36, Cry128, Nemesis), Skull, MrDec (Mr.Dec), SynAck, Maktub Locker, Alma Locker, Princess Locker, Princess Evolution, Locked-In, Mischa, Goldeneye, Al-Namrood 2.0, Cerber v4x/v5x and some Xorist variants.

The best way to identify the different ransomwares that use "random character extensions" is the ransom note (including it's actual name and contents), samples of the encrypted files, possible filemarkers, the malware file itself responsible for the infection and information related to any email addresses or hyperlinks provided by the cyber-criminals to request payment.

As already noted, you can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation of the infection.  ID Ransomware can identify ransomwares with random extension and more accurately identifies ransomwares by filemarkers if applicable.

Your attachments indicates you are dealing with GandCrab V5.2 which is not decryptable without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities like previous versions. The criminals released V5.2 after Bitdefender updated it's decrypter for V5.1 so it will not work on this latest version. Bitdefender confirmed that there is no decryption tool for GandCrab V5.2.

Link to comment
Share on other sites

If you need individual assistance only with removing the malware infection, there are advanced tools which can be used to investigate and clean your system. Please follow the instructions here for assistance by Emsisoft Experts.

Of course you can always choose to do a reinstall of Windows (clean install) instead but it never hurts to try a clean-up first with trustworthy security scanning tools if that is something you want to consider.

The process of reinstalling Windows (clean install) will erase all the data on your computer to include your files, any programs you installed and the settings you on your computer. It essentially will return the computer to the same state it was when you first purchsed and set it up.

Before attempting a reinstall or factory restore (reset) of Windows it is recommended to create a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) including encrypted files, ransom notes, key data files (if applicable) and registry entries containing possible information which may be needed in the event that a free decryption solution is developed in the future. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes, key data files (if applicable) and registry entries containing possible information which may be needed if a decryption solution is ever discovered. Alternatively, you can remove the hard drive, store it away and replace it with a new hard drive and a fresh install of Windows.


Link to comment
Share on other sites

13 hours ago, artisticfable said:

thank you very much for a fast answer...i guess all i can do,is reinstall my windows..will that remove the virus?

I'd suggest waiting, as most ransomware will delete itself when it's done encrypting files, and reinstalling Windows could guarantee that you never recover your files.


I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:

You can paste a link to the results into a reply if you would like for me to review them.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...