onlyoneeon

.ADAME Ransomware (very persistent)

Recommended Posts

I made the mistake of leaving my computer on whilst I was in rehab which I believe my brother used, that brother being notorious for trying to install cheats (viruses) for his games. I came back to the ransom page on my desktop. It’s practically identical to the rest I’ve seen here but the actual virus seems far more persistent. I was able to locate the executable responsible and delete it during safe mode but it came right back. I also manually found the registry entries related to the executable and deleted them. Literally every single executable is now encrypted meaning no access to the internet to grab a malware scanner. My Malwarebytes is also encrypted. I tried using a portable browser in safe mode (with networking) on a usb stick but it became infected/encrypted immediately. I assume my safest bet is buying a huge external drive and backing up the files until there’s a decrypter; assuming there ever will be one for Phobos or any it’s offshoots. 

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

Honestly the best thing any of us can do is just back up everything and completely format our drives, boot into safe mode and use portable software from a usb stick. Use malwarebytes and hitman pro to get rid of the virus then proceed to back everything up. Completely reinstall windows and just wait it out and keep our fingers crossed there will be a decrypter one day 💀

Share this post


Link to post
Share on other sites

Phobos Ransomware

Hello @onlyoneeon

You made several errors, but most importantly, you tried to delete the encryptor file. The correct decision in this matter is to save the file in the archive with a password or upload to VirusTotal it for analysis. So expert analysts will get a sample of the Ransomware.

Read the recommendations on this "First steps when dealing with ransomware"

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.