|
Post by ostrich on Apr 7, 2015 16:08:38 GMT -8
I have read a few posts on the forum and understand the need for patience, specificity with my descriptions, and the need to only follow the instructions provided by you precisely as they are given. I have scolded the nannie for her poor use of the internet and am thinking of firing her, but I am still left with this issue on the PC. I am not posting from the affected PC and am leaving that sit untouched as I do not know if restarting will trigger an effect. I will await your instructions.
FYI: It took several hours of research to finally find your haven for malware removal. I came across too many conflicting "solutions", but, unfortunately, I had downloaded a program called SpyHunter; HOWEVER, after I ran just the scan and it required me to purchase a license for the removal, I became weary. I decided NOT to use that program and my research eventually found recommendations for you. I have not downloaded or attempted using any other software. I do understand that if it is Ransomware with encryption then my files can not be unlocked, but at best they may be able to be recovered (or so my research has led me to believe at this point). I only wish to remove the threat.
System: Windows 8.1 64-Bit
Thank you in advance for your time.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 7, 2015 16:48:57 GMT -8
Your Encrypted personal file types are basically gone due to the use of RSA 2048 encryption or AES for the odd few.
With the Good Ransomcrypts like CTB Locker / Critroni, Crptolocker, CryptoDefense and Cryptowall etc.,. Don't Plug in any backup drive until your system is clean because if the Ransomcrypt is running, it may be a variant that will find the plugged in backup drive(s) and encrypt files in the backups also.
This is why you do not now go ahead at this point connect a backup drive to the computer that is on the Bookshelf or wherever Connecting the drive to the system system infected means that the ransom sees the newly connected drive for instance "G:\My Backed Up Files" and scans though that drive now and encrypts personal files on "G:\My Backed Up Files" so now say BYE to those.
Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom on the Ransomcrypt Site. Brute forcing the decryption key is not realistic due to the length of time required to break this type of cryptography. (absolute donkey's years) Also any decryption tools that have been released by various companies for other malware will not work with this infection. The only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. To be tried AFTER the system is cleaned.
Understand??
Quads
|
|
|
Post by ostrich on Apr 8, 2015 9:04:23 GMT -8
I apologize for the delay. I do understand. I will await your reply before I proceed with any other action.
Thank you again.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 8, 2015 10:59:00 GMT -8
Do Not use any tools or any programs for cleaning used until being asked / instructed to do so!!!!!.
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system. This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Take longer to read if your language is not English, so that hopefully it is understood.
Reply stating you have read the post fully.
I also if it is busy (have a lot of systems at once to deal with) like being in a supermarket checkout line, waiting their turn, I use the forum like a checkout line.
|
|
|
Post by ostrich on Apr 8, 2015 14:14:37 GMT -8
I have read the post fully and I understand the content. I will await your instructions.
Thank you!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 8, 2015 14:43:26 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.Place FRST64.exe onto your desktop from where ever it downloaded to. Start FRST64 that is on your DesktopThe tool will start to run.When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make a logs ( FRST.txt and addition.txt) on your Desktop Please attach the log in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. IF ADDITION.txt does not want to upload go to Wikisend wikisend.com/ OR go to pastebin.com and upload the addition.txt there, then post the download link back in a message Quads
|
|
|
Post by ostrich on Apr 8, 2015 15:38:35 GMT -8
I have followed the instructions precisely and have come across a different effect. On the infected PC, I downloaded FRST64.exe from www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and moved it from the "Downloads" folder to the Desktop. I started FRST64.exe and it produced the FRST.txt and Addition.txt logs. I went to wikisend.com and uploaded the Addition.txt log where it gave me the download link (http://wikisend.com/download/184694/Addition.txt). I then logged into this forum and went through the process of creating the reply with the information instructed. I copy and pasted the data in FRST.txt log and pasted it into the reply. At the end of the reply, 2 lines down, I made a hyperlink to the wikisend download link and clicked the "Create Post" button. After clicking the button, it took me to an error page that says "Sorry, you have been blocked" that reads with a red and white "x" and more information. I can take a screen shot of the page and upload it to wikisend if that's possible and would help? I will await your instruction. Thanks again!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 8, 2015 15:42:14 GMT -8
Just use Wikisend or Pastebin for both logs.
Sometimes the data in the logs trips the Forums security / protection
Quads
|
|
|
Post by ostrich on Apr 8, 2015 16:15:44 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 8, 2015 16:31:46 GMT -8
Are you able to uninstall Shyhunter, or are you going to be another system that cannot remove it???
Quads
|
|