Post by cdharris on Jun 20, 2017 9:41:50 GMT -8
I was unable to open my Quicken file yesterday and soon discovered a "_HELP_INSTRUCTION.TXT" file which informed me that "All of your files are encrypted with RSA 2048 and AES-128 ciphers." It then gave instructions to download the TOR browser, go to a certain website and follow instruction to pay money, get a key, etc.
Fortunately it is not all of my files, but it is Quicken, Quickbooks, Excel and other files. It seems to have skipped (for now) a large folder with thousands of word processing files. The infected files are all long random names with the .MOLE02 extension.
I have backups, but some of those are now encrypted as the automatic backup ran after the encryption.
I think I can recover the data, but am most concerned about removing the infection so this does not happen again. I have run Malware Bytes twice (once in safe mode) and it does not find anything. Windows Defender does not find anything. However, my several thousand encrypted files tell me that something is there and I would like to remove it.
Following instructions in another thread, I ran the FRST64.EXE program and the FRST.txt file is attached. The link to the ADDITION.txt file is wikisend.com/download/942208/Addition.txt
Please let me know how to find and remove this infection and what is the best defense to prevent it from happening again.
Also, it is safe to delete all the encrypted files with the .MOLE02 extension?
Thanks very much for any help.
CD Harris
FRST.txt (62.9 KB)
Fortunately it is not all of my files, but it is Quicken, Quickbooks, Excel and other files. It seems to have skipped (for now) a large folder with thousands of word processing files. The infected files are all long random names with the .MOLE02 extension.
I have backups, but some of those are now encrypted as the automatic backup ran after the encryption.
I think I can recover the data, but am most concerned about removing the infection so this does not happen again. I have run Malware Bytes twice (once in safe mode) and it does not find anything. Windows Defender does not find anything. However, my several thousand encrypted files tell me that something is there and I would like to remove it.
Following instructions in another thread, I ran the FRST64.EXE program and the FRST.txt file is attached. The link to the ADDITION.txt file is wikisend.com/download/942208/Addition.txt
Please let me know how to find and remove this infection and what is the best defense to prevent it from happening again.
Also, it is safe to delete all the encrypted files with the .MOLE02 extension?
Thanks very much for any help.
CD Harris
FRST.txt (62.9 KB)
