Shang Maull

Ransom Virus [still problematic after research]

Recommended Posts

Hi there,

I am still suffering from a data loss and yet, I'm unable to recover the files that are encrypted by someone and the decryption is not available for it too, on the website. Though, I have request that can you please help me out to sought out this problem. If yes then, really, thank you very much. This is the extension of the file,

".-7CE0F832-A90E-C81C-6AB3-1FDFBCB25171"

And the .txt log is ""!!! YOUR FILES ARE ENCRYPTED !!!.txt"

 

Patiently waiting for your kind response.

Warm Regards.

Share this post


Link to post
Share on other sites

Your Internet Explorer is infected with a 'www.ihotsee.com' site anf hacked of DAEMON Tools Toolbar. You need reset browser settings to default.
Also reset Chrome browser  settings to default. 

Also need remove Dll-Files Fixer. This will not help you, but may cause problems with the computer, if not worse.

I noticed about 4 antiviruses in the logs or this is their residual modules. I did not look at their functionality.
You need to leave only 1 the most actual, which be work in real-time. The rest need to be removed.
Free antiviruses can not protect your PC from encryptors! Do not believe advertising promises!

I noticed a lot of programs that could harm your PC before the Buran Ransomware attacked or made it more vulnerable. Some of them may still be active. If you want to clean the PC from this, then you will need the help of specialists in the treatment of malware. Say it here.

 

  • Like 1

Share this post


Link to post
Share on other sites
On 7/15/2019 at 9:58 PM, Shang Maull said:

I can clearly see KMSpico in the logs. Please note that you'll have to remove any pirated software from the computer before we can assist you further.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

you'll have to remove any pirated software

How can he do it?
KMSpico is easy to install, but the uninstaller may simply be missing. It can also be a very old version that has no active lines left.

Share this post


Link to post
Share on other sites
14 hours ago, Amigo-A said:

How can he do it?
KMSpico is easy to install, but the uninstaller may simply be missing. It can also be a very old version that has no active lines left.

If he can't remove it, then I can write a script for FRST that can remove it. That being said, it doesn't appear to be old. KMSpico used to use a Scheduled Task, however this version appears to be using a service, which is (as far as I know) a new behavior.

  • Like 1

Share this post


Link to post
Share on other sites

Hey there,

I can now see the cause. Thank you very much for informing and really sorry for the late reply [I didn't checked the notify button on the other case too, so, really sorry for that]. On the other hand, the owner of the PC re-installed the Windows and shifted to Win 10 now as this PC isn't mine and the other case is that, it was running Win 7 that officially stopped receiving any further loop hole fixes and security patch updates. The PC didn't had any Anti-Virus to begin with [except of Windows Defender that was also not updated] and I installed the Anti-viruses on this PC after checking up that there was a Ransom Virus. After my further research, I was also able to find out that the problematic Ransom-ware virus was known as (Jamper) that hadn't gain any official free Decryption yet. [It was about 1 hour after I posted my query here and found about this virus on a site called "https://id-ransomware.malwarehunterteam.com"]. 

(Note: The owner of the PC test things up using Pirate Software's and also, you can find many other pirated softwares on the logs too, if my hunch is correct and mostly would be based on games).

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Though, I made this query because of this virus, my data also got locked up and I was in the middle of Game Developing and animation process that made a problem hence he re-installed the windows and I simply use this PC for Animation and Game Development purpose and also, he doesn't install any anti-virus because it lags up his games sometimes [i.e not much of a problem tbh]. Yet, is there still a chance of removing the error because I'm also planning to make decrypters too and also wanted to collect some information that if this virus can still be removed even after a new OS is installed because other drives aren't affected by the installation process except of the OS drive and most likely if I'm correct then the keys/certificates are also made on the OS drive. Thank you so much for answering my query and I'm really grateful to both of you .

 

Patiently waiting for your reply and really thank you so much for answering my query once again.

Share this post


Link to post
Share on other sites
3 hours ago, Shang Maull said:

(Note: The owner of the PC test things up using Pirate Software's and also, you can find many other pirated softwares on the logs too, if my hunch is correct and mostly would be based on games).

Obviously we can't condone or endorse piracy, however if someone wants to take risks with their computer then they should be running risky software in a sandbox or a virtual machine.

 

3 hours ago, Shang Maull said:

he doesn't install any anti-virus because it lags up his games sometimes [i.e not much of a problem tbh]

Tell him to add exclusions for the games, as well as for Steam/Origin/Uplay/etc. That should help with performance issues.

In Emsisoft Anti-Mawlare for instance, you can exclude the entire Steam folder like in the screenshot below, and that covers any games in the SteamApps folder as well:

image.png
Download Image

  • Thanks 1

Share this post


Link to post
Share on other sites

@Shang Maull

Operations recommended by the employee GT500, you only have to perform with the software that was installed from the official website, was not hacked or otherwise modified, and that the known manufacturer of the game you are using is officially registered and verified partner of the official Steam. If the answers have at least one “no”, then you risk again being affected by malware, data hijackers and hacker attacks.

Even with all the answers "yes" there is a risk of be affected. We know many cases when even Steam be themselves were misled and distributed games that were produced by cyber-crime or by unknown individuals with certain malicious goals.

Share this post


Link to post
Share on other sites
17 hours ago, Amigo-A said:

Operations recommended by the employee GT500, you only have to perform with the software that was installed from the official website, was not hacked or otherwise modified, and that the known manufacturer of the game you are using is officially registered and verified partner of the official Steam.

That's a very good point. Only something you consider trustworthy should be added to exclusions. Anything you're not certain about should not be excluded, or should be executed in a sandbox or virtual machine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.