1
Malware removal help / Re: Removing Ransomware
« on: June 26, 2015, 12:55:34 AM »
Thank you. I will.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Malware removal help / Re: Removing Ransomware
« on: June 25, 2015, 03:21:47 PM »
Thank you so much for helping. I've downloaded that tool, but Trend Micro keeps blocking me from installing it saying it is a suspicious file??
3
Malware removal help / Re: Removing Ransomware
« on: June 19, 2015, 08:21:24 PM »
Yes, my files were all encrypted (except for some which were saved as more unusual type file extensions)
I was unable to decrypt them because I had no restore points saved and no previous versions saved. I ended up deleting all the encrypted files but I do have backups of almost everything as I backup regularly.
Getting all the weird stuff that has shown up since then is proving very bothersome though!
Here are the scan results from Malwarebytes.
Thank you so much for helping!!
PS: The report is HUGE. Way, way too many characters even to put into a Facebook note to post a link on here.
I've uploaded the report as a text file to my photography website contact page (right above the word "contact" where you can click on it a view it in Notepad. I'm sorry, I didn't know how else to show it to you.
Here is a link to the page it's on
http://pukekophotography.com/contact/4586694325?preview=Y
I was unable to decrypt them because I had no restore points saved and no previous versions saved. I ended up deleting all the encrypted files but I do have backups of almost everything as I backup regularly.
Getting all the weird stuff that has shown up since then is proving very bothersome though!
Here are the scan results from Malwarebytes.
Thank you so much for helping!!
PS: The report is HUGE. Way, way too many characters even to put into a Facebook note to post a link on here.
I've uploaded the report as a text file to my photography website contact page (right above the word "contact" where you can click on it a view it in Notepad. I'm sorry, I didn't know how else to show it to you.
Here is a link to the page it's on
http://pukekophotography.com/contact/4586694325?preview=Y
4
Malware removal help / Removing Ransomware
« on: June 18, 2015, 01:58:56 AM »
Hi, I've recently been the victim of some ransomeware (CryptoWall 3.0 Virus) and have been going through the motions of removing the virus. I ended up with some software called SpyHunter, which apparently removed it.
However, Malwarebytes, which I have been using for years and years, is still picking up a bunch of stuff on my computer, but will not work anymore. It finds hundreds of objects, but when I click to remove them, it tells me it removed zero objects and stops working.
I've even uninstalled Malwarebytes and reinstalled it again.
Further Googling led me to RogueKiller today, which I downloaded and ran with the following results. These look nothing like the Malwarebytes results and I was wondering if anyone could tell me whether I should delete these things or not?
RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Donna [Administrator]
Started from : C:\Users\Donna\Downloads\RogueKiller.exe
Mode : Scan -- Date : 06/17/2015 18:34:46
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 76101a3af9edca1b7559b6aadf7b98f2
[BSP] aab83534d19c2a76d425e4eec8dfbad6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 462937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 948097024 | Size: 14001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06172015_144440.log
However, Malwarebytes, which I have been using for years and years, is still picking up a bunch of stuff on my computer, but will not work anymore. It finds hundreds of objects, but when I click to remove them, it tells me it removed zero objects and stops working.
I've even uninstalled Malwarebytes and reinstalled it again.
Further Googling led me to RogueKiller today, which I downloaded and ran with the following results. These look nothing like the Malwarebytes results and I was wondering if anyone could tell me whether I should delete these things or not?
RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Donna [Administrator]
Started from : C:\Users\Donna\Downloads\RogueKiller.exe
Mode : Scan -- Date : 06/17/2015 18:34:46
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81D57D73-E9E9-416B-A52A-02F56C4B4EB5} | DhcpNameServer : 24.116.0.53 24.116.2.50 [UNITED STATES (US)][-] -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 76101a3af9edca1b7559b6aadf7b98f2
[BSP] aab83534d19c2a76d425e4eec8dfbad6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 462937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 948097024 | Size: 14001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06172015_144440.log
Pages: [1]
