Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ransomware Infection [Solved]


  • This topic is locked This topic is locked

#16
pdsdave1

pdsdave1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Here is the requested report:


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Identities
Identity Ordinal REG_DWORD 0x2
Migrated5 REG_DWORD 0x1
Last Username REG_SZ Main Identity
Last User ID REG_SZ {DFF16927-88E6-4EAA-A097-460B7E65289B}
Default User ID REG_SZ {DFF16927-88E6-4EAA-A097-460B7E65289B}
Identity Login REG_DWORD 0x98053

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Username REG_SZ Main Identity
User ID REG_SZ {DFF16927-88E6-4EAA-A097-460B7E65289B}
Directory Name REG_DWORD 0xdff16927
Identity Ordinal REG_DWORD 0x1

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0
VerStamp REG_DWORD 0x3
SpellDontIgnoreDBCS REG_DWORD 0x1
MSIMN REG_DWORD 0x1
StoreMigratedV5 REG_DWORD 0x1
ConvertedToDBX REG_DWORD 0x1
Settings Upgraded REG_DWORD 0x7
Running REG_DWORD 0x0
Store Root REG_EXPAND_SZ %UserProfile%\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\
PrevToolbarTextStyle REG_DWORD 0x1
Outlook Bar Settings REG_BINARY 0100000000000000000000000500000000000000000000000400000005000000060000000700000008000000
Launch Inbox REG_DWORD 0x0
Migration Done REG_DWORD 0x1
Compact Check Count REG_DWORD 0x69
Saved Toolbar Settings REG_BINARY 119E0000FFFFFFFF019D0000FFFFFFFF079D0000C49C0000
Saved Toolbar Settings Version REG_DWORD 0x11
Browser Bands REG_BINARY 1100000004000000640000008002000064000000660000000200000016000000650000000102000064000000670000000900000064000000
ShowToolbarIEAK REG_DWORD 0x1
Toolbar Text REG_DWORD 0x1
Toolbar Icon Size REG_DWORD 0x1
BodyBarPos REG_DWORD 0x0
Nav Pane Width REG_DWORD 0xc8
Nav Pane Split REG_DWORD 0x42
Contact Pane Sorting REG_DWORD 0x0
BrowserPos REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9F000000780000005B040000ED020000
ShowStatus REG_DWORD 0x1
HideFolderBar REG_DWORD 0x0
Tree REG_DWORD 0x1
Tip of the Day REG_DWORD 0x1
ShowBodyBar REG_DWORD 0x0
Show Outlook Bar REG_DWORD 0x0
Show Contacts REG_DWORD 0x1
SpoolerDlgPos REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF89010000EB000000710300007A020000
SpoolerTack REG_DWORD 0x0
Note Bands REG_BINARY 0F00000003000000640000008002000064000000660000000200000016000000650000000102000064000000
Preview Message REG_BINARY 00B7CBB125AEC801
Show Deleted Messages REG_DWORD 0x1
Show Replies To My Messages REG_DWORD 0x0

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Columns
Mail Column Info (In) REG_BINARY 10000000060000000F00000009000000FFFFFFFF1000000009000000FFFFFFFF1400000009000000FFFFFFFF0100000001000000FFFFFFFF0200000001000000FFFFFFFF0300000003000000FFFFFFFF

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Mail
Welcome Message REG_DWORD 0x0
Accounts Checked REG_DWORD 0x1
Safe Attachments REG_DWORD 0x1
Secure Safe Attachments REG_DWORD 0x1
ShowHybridView REG_DWORD 0x1
Show Header Info REG_DWORD 0x1
SplitDir REG_DWORD 0x0
SplitHorzPct REG_DWORD 0x32
SplitVertPct REG_DWORD 0x32
Default_CodePage REG_DWORD 0x6faf
Attach VCard REG_DWORD 0x0
NotePosEx REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB9010000E10000004903000085020000
ThreadArticles REG_DWORD 0x0
Saved Toolbar Settings REG_BINARY 119E0000F09C0000F19C0000F49C0000FFFFFFFFB49C0000F29D0000FFFFFFFF019D0000FFFFFFFF079D0000C49C0000
Saved Toolbar Settings Version REG_DWORD 0x11

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\MailNote
Send Mail Toolbar Settings REG_BINARY DB9D0000FFFFFFFF269D0000249E0000279D0000259D0000FFFFFFFF489D0000479D0000FFFFFFFF2D9D0000DC9D0000FFFFFFFF6B9D0000449D0000B99C0000
Saved Toolbar Settings Version REG_DWORD 0xf

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\News
Accounts Checked REG_BINARY 00000000
ShowHybridView REG_DWORD 0x1
Show Header Info REG_DWORD 0x1
SplitDir REG_DWORD 0x0
SplitHorzPct REG_DWORD 0x32
SplitVertPct REG_DWORD 0x32

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List
File0 REG_SZ Clear Day.htm
File1 REG_SZ Nature.htm
File2 REG_SZ Maize.htm
File3 REG_SZ Sunflower.htm
File4 REG_SZ Citrus Punch.htm
File5 REG_SZ Blank.htm
File6 REG_SZ Leaves.htm

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Recent Stationery Wide List
File0 REG_SZ Clear Day.htm
File1 REG_SZ Nature.htm
File2 REG_SZ Maize.htm
File3 REG_SZ Sunflower.htm
File4 REG_SZ Citrus Punch.htm
File5 REG_SZ Blank.htm
File6 REG_SZ Leaves.htm
File7 REG_SZ
File8 REG_SZ
File9 REG_SZ

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter
Version REG_DWORD 0x50000
Order REG_SZ FFA FFB FFC FFF

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA
Name REG_SZ Show All Messages
Enabled REG_DWORD 0x1
Version REG_DWORD 0x4

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Actions
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Actions\000
Type REG_DWORD 0xf
Flags REG_DWORD 0x0
ValueType REG_DWORD 0x13
Value REG_DWORD 0x1

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Criteria
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFA\Criteria\000
Type REG_DWORD 0x14
Logic REG_DWORD 0x0
Flags REG_DWORD 0x0

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB
Name REG_SZ Hide Read Messages
Enabled REG_DWORD 0x1
Version REG_DWORD 0x4

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Actions
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Actions\000
Type REG_DWORD 0xf
Flags REG_DWORD 0x0
ValueType REG_DWORD 0x13
Value REG_DWORD 0x2

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Criteria
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFB\Criteria\000
Type REG_DWORD 0x1c
Logic REG_DWORD 0x0
Flags REG_DWORD 0x0

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC
Name REG_SZ Show Downloaded Messages
Enabled REG_DWORD 0x1
Version REG_DWORD 0x4

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Actions
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Actions\000
Type REG_DWORD 0xf
Flags REG_DWORD 0x0
ValueType REG_DWORD 0x13
Value REG_DWORD 0x1

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Criteria
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFC\Criteria\000
Type REG_DWORD 0x19
Logic REG_DWORD 0x0
Flags REG_DWORD 0x0

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF
Name REG_SZ Hide Read or Ignored Messages
Enabled REG_DWORD 0x1
Version REG_DWORD 0x4

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Actions
Order REG_SZ 000

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Actions\000
Type REG_DWORD 0xf
Flags REG_DWORD 0x0
ValueType REG_DWORD 0x13
Value REG_DWORD 0x2

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria
Order REG_SZ 000 001

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria\000
Type REG_DWORD 0x1b
Logic REG_DWORD 0x1
Flags REG_DWORD 0x0
ValueType REG_DWORD 0x13
Value REG_DWORD 0x2

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\FFF\Criteria\001
Type REG_DWORD 0x1c
Logic REG_DWORD 0x0
Flags REG_DWORD 0x0

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Filter\MRU List

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Rules\Mail

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Shared Settings

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Shared Settings\Setup
MigToLWP REG_BINARY 2769F1DFE688AA4EA097460B7E65289B
MigToLWPVer REG_SZ 6,0,2900,2180

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\signatures

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Trident

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Trident\Main

HKEY_CURRENT_USER\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Software\Microsoft\Outlook Express\5.0\Trident\Settings
  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Download the enclosed folder. Attached File  RegFix.zip   354bytes   37 downloads

Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Restart the computer.

Let me know if that stops the Outlook Express message at startup.
  • 0

#18
pdsdave1

pdsdave1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

The Outlook message is gone, as are the rest of the issues, seemingly!

Thanks so much for the help thus far!

-Dave
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

The following will implement some cleanup procedures as well as reset System Restore points:


  • Press the Windows key + R. At the Run command type or copy and paste the following:

    Combofix /uninstall


Run OTL. Click on the Cleanup button and follow the prompts.

Remove the C:\FRST folder if present.

Run AdwCleaner and uninstall.

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#20
pdsdave1

pdsdave1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks again for all your help & expertise! The system is 100% now, which is much appreciated!

Cheers!
Dave
  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
You are welcome. :)
  • 0

#22
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP