Jump to content

.ADAME Ransomware (very persistent)

Recommended Posts

I made the mistake of leaving my computer on whilst I was in rehab which I believe my brother used, that brother being notorious for trying to install cheats (viruses) for his games. I came back to the ransom page on my desktop. It’s practically identical to the rest I’ve seen here but the actual virus seems far more persistent. I was able to locate the executable responsible and delete it during safe mode but it came right back. I also manually found the registry entries related to the executable and deleted them. Literally every single executable is now encrypted meaning no access to the internet to grab a malware scanner. My Malwarebytes is also encrypted. I tried using a portable browser in safe mode (with networking) on a usb stick but it became infected/encrypted immediately. I assume my safest bet is buying a huge external drive and backing up the files until there’s a decrypter; assuming there ever will be one for Phobos or any it’s offshoots. 

Link to post
Share on other sites

Honestly the best thing any of us can do is just back up everything and completely format our drives, boot into safe mode and use portable software from a usb stick. Use malwarebytes and hitman pro to get rid of the virus then proceed to back everything up. Completely reinstall windows and just wait it out and keep our fingers crossed there will be a decrypter one day 💀

Link to post
Share on other sites

Phobos Ransomware

Hello @onlyoneeon

You made several errors, but most importantly, you tried to delete the encryptor file. The correct decision in this matter is to save the file in the archive with a password or upload to VirusTotal it for analysis. So expert analysts will get a sample of the Ransomware.

Read the recommendations on this "First steps when dealing with ransomware"

Link to post
Share on other sites
  • 2 weeks later...
On 8/10/2019 at 12:21 PM, onlyoneeon said:

I somehow managed to decrypt a jpeg file from faffing around.

Some files are partially encrypted and can be fixed in another way. But this is a very small percentage.

Link to post
Share on other sites
23 hours ago, appledom said:

The RANSOMWARE has asked me to pay 500 USD and this is the final price that they have mentioned

We recommend that you don't contact the criminals yourself. It's best to have a third party (such as Coveware) with experience negotiating with such criminals contact them for you.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...