danial

Help, my PC is infected!

Recommended Posts

Quote

.No_More_Ransome

More precisely: .No_More_Ransom

I almost certainly know what ransomware of file encrypted your files, but not all of its variants can be decrypted.

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data and get an info about the available decryption or its absence.

https://id-ransomware.malwarehunterteam.com/

Share this post


Link to post
Share on other sites
On 7/20/2019 at 3:26 PM, danial said:

Hi there, I got infected with .No_More_Ransome. Please help me

Addition.txt 33.91 kB · 1 download FRST.txt 138.11 kB · 1 download

I'm not seeing any obvious signs of infection in the logs, however I'm also not seeing any signs that there was a ransomware infection. Normally I would see obvious encrypted files in the logs, however I don't see that here. Were the FRST logs from the infected computer?

Also, if you could attach a copy of the ransom note to a reply along with one or two encrypted files, then that would help with identifying it.

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

I'm not seeing any obvious signs of infection in the logs

There is a message from the Windows Defender

Quote

Date: 2018-11-14 15:54:17.003
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: High
Category: Tool
Path: containerfile:_C:\Users\MHU\Desktop\desktop\Windows KMS Activator Ultimate 2016 v3.0 - softasm.com\Windows KMS Activator Ultimate 2016 v3.0.exe;file:_C:\Users\MHU\Desktop\desktop\Windows KMS Activator Ultimate 2016 v3.0 - softasm.com\Windows KMS Activator Ultimate 2016 v3.0.exe->(inno#000000)->[MSILRES:Windows_8._1_Activator.Resources.resources]->(RarSfx)->AutoPico.exe;file:_C:\Users\MHU\Desktop\desktop\Windows KMS Activator Ultimate 2016 v3.0 - softasm.com\Windows KMS Activator Ultimate 2016 v3.0.exe->(inno#000000)->[MSILRES:Windows_8._1_Activator.Resources.resources]->(RarSfx)->KMSELDI.exe;file:_C:\Users\MHU\Desktop\desktop\Windows KMS Activator Ultimate 2016 v3.0 - softasm.com\Windows KMS Activator Ultimate 2016 v3.0.exe->(inno#000000)->[MSILRES:Windows_8._1_Activator.Resources.resources]->(RarSfx)->Service_KMS.exe

...and further.

Rapid Ransomware (probably, it that has been encrypts files) does not delete itself after encrypting the files, but continues to encrypt all new files on the computer. If there is no infection in the logs, then it was deleted by Windows Defender or McAfee, which are in the user's system.

Share this post


Link to post
Share on other sites
13 hours ago, Amigo-A said:

There is a message from the Windows Defender

Two detections on November 14th, 2018. If KMS was still installed at the time of the ransomware incident, then it certainly could have been the cause, however it doesn't appear to be there at the moment.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.