Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Encrypted Files, blackmail letter [Solved]


  • This topic is locked This topic is locked

#46
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That all sounds pretty good! Anything else we need to do? :)


  • 0

Advertisements


#47
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Things seem to be running smoothly on my computer. There is still my flash drive that has the original encryped files on it to deal with if possible. Any last steps for my computer? Holly


  • 0

#48
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

There is still my flash drive that has the original encryped files on it to deal with if possible

Ah yes, let's clean that USB drive! Once we get that done I have a program that will remove all the tools we used and then I have some final thoughts and suggestions :)

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Select logs and then copy/paste it to your next post


  • 0

#49
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Ok, here is the log from MCShield:

 

You didn't say to delete suspicious items so I didn't.

 

>>> MCShield AllScans.txt <<<
 
-----------------------------
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.11.23.1 / Windows 7 <<<
 
 
11/25/2014 8:57:13 AM > Drive C: - scan started (OS ~907 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
11/25/2014 8:57:13 AM > Drive Y: - scan started (RECOVERY ~24 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.11.23.1 / Windows 7 <<<
 
 
11/25/2014 9:02:07 AM > Drive E: - scan started (no label ~15 GB, FAT32 HDD )...
 
 
 
---> Note: traces of file replicators have been found!
 
---> Executing generic S&D routine...
 
 
>>> E:\Minecraft (1).exe > ignored (user request). (MD5: 0f1931e26c21219db1c90e90037f11f6)
 
>>> E:\Minecraft (3).exe > ignored (user request). (MD5: f3af9e6be544b4a28b2abff08292cde6)
 
>>> E:\UnityWebPlayer (1).exe > ignored (user request). (MD5: 9994f539b965c6addb2ec871fc9d650b)
 
>>> E:\desktop.ini > ignored (user request). (MD5: 3a37312509712d4e12d27240137ff377)
 
 
=> The drive is clean.

  • 0

#50
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry, yes, delete.


  • 0

#51
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

New log:

 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.11.23.1 / Windows 7 <<<
 
 
11/25/2014 11:07:04 PM > Drive E: - scan started (no label ~15 GB, FAT32 HDD )...
 
 
 
---> Note: traces of file replicators have been found!
 
---> Executing generic S&D routine...
 
 
>>> E:\Minecraft (1).exe - Malware > Deleted. (14.11.25. 23.07 Minecraft (1).exe.250469; MD5: 0f1931e26c21219db1c90e90037f11f6)
 
>>> E:\Minecraft (2).exe - Malware > Deleted. (14.11.25. 23.07 Minecraft (2).exe.579994; MD5: 0f1931e26c21219db1c90e90037f11f6)
 
>>> E:\Minecraft (3).exe - Malware > Deleted. (14.11.25. 23.07 Minecraft (3).exe.967855; MD5: f3af9e6be544b4a28b2abff08292cde6)
 
>>> E:\Minecraft (4).exe - Malware > Deleted. (14.11.25. 23.07 Minecraft (4).exe.764996; MD5: f3af9e6be544b4a28b2abff08292cde6)
 
>>> E:\Minecraft (5).exe - Malware > Deleted. (14.11.25. 23.07 Minecraft (5).exe.440956; MD5: f3af9e6be544b4a28b2abff08292cde6)
 
>>> E:\UnityWebPlayer (1).exe - Malware > Deleted. (14.11.25. 23.07 UnityWebPlayer (1).exe.916998; MD5: 9994f539b965c6addb2ec871fc9d650b)
 
>>> E:\UnityWebPlayer (2).exe - Malware > Deleted. (14.11.25. 23.07 UnityWebPlayer (2).exe.320384; MD5: 9994f539b965c6addb2ec871fc9d650b)
 
>>> E:\UnityWebPlayer (3).exe - Malware > Deleted. (14.11.25. 23.07 UnityWebPlayer (3).exe.851376; MD5: 9994f539b965c6addb2ec871fc9d650b)
 
>>> E:\UnityWebPlayer.exe - Malware > Deleted. (14.11.25. 23.07 UnityWebPlayer.exe.477179; MD5: 9994f539b965c6addb2ec871fc9d650b)
 
>>> E:\desktop.ini - Suspicious > Renamed. (MD5: 3a37312509712d4e12d27240137ff377)
 
 
=> Malicious files   : 9/9 deleted.
=> Suspicious files  : 1/1 renamed.
 
____________________________________________
 
::::: Scan duration: (Interactive mode) ::::
____________________________________________
 Next steps?

  • 0

#52
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Unless you can think of something that I've forgotten, I think we're done :thumbsup:

 

A good workman always cleans up his tools, so that is what DelFix will do. Also, I will add some preventitive information below. :)  If you have any questions, let me know. I'll keep the topic open for a few days "just in case". After that, PM me or any Admin to have the topic re-opened if something goes wonky!

 

From my side, it's been a pleasure!! :wave:  Take care!!

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.

Preventing Re-Infection

An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

Adobe products have to always be updated, because they also are being used to infect your computer.

  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.

FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

Recommendations for security programs

  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

For some good tips about how to prevent infection in the future, visit this site.


  • 0

#53
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Although McShield said the flash drive was clean, all the files on it are still encrypted. The implanted files on where to go to pay to get them decrypted are still on there also. Is there anyway to decrypt the flash drive?


  • 0

#54
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Although McShield said the flash drive was clean,

 

I feel pretty confident that the drive is clean. That was what we were trying for and we succeeded.

 

 

all the files on it are still encrypted.

 

Not surprising in that the infection you had, did that as it's mission.

 

 

The implanted files on where to go to pay to get them decrypted are still on there also. Is there anyway to decrypt the flash drive?

 

I'm going to put some info next that will give you a bit of clarity, but I think the quick answer is...no. Although there is, with some luck (depending on the infection that encrypted them) and a lot of effort, the possibility that they can be unencrypted. I would ask, is it worth the effort? If so, then have a read below and to the extent I can help, I will. Although I've not goine through the process myself.

 

This is the start of your reading.


  • 0

#55
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the  Del Fix log:
 
 
# DelFix v10.8 - Logfile created 26/11/2014 at 22:45:23
# Updated 29/07/2014 by Xplode
# Username : Holly - HOLLY-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Holly\Desktop\mbar
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Holly\Desktop\Addition.txt
Deleted : C:\Users\Holly\Desktop\AdwCleaner.exe
Deleted : C:\Users\Holly\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Holly\Desktop\Extras.Txt
Deleted : C:\Users\Holly\Desktop\Fixlog.txt
Deleted : C:\Users\Holly\Desktop\FRST.exe
Deleted : C:\Users\Holly\Desktop\FRST.txt
Deleted : C:\Users\Holly\Desktop\FRST64.exe
Deleted : C:\Users\Holly\Desktop\FSS.exe
Deleted : C:\Users\Holly\Desktop\FSS.txt
Deleted : C:\Users\Holly\Desktop\JRT.exe
Deleted : C:\Users\Holly\Desktop\JRT.txt
Deleted : C:\Users\Holly\Desktop\MiniToolBox.exe
Deleted : C:\Users\Holly\Desktop\OTL.Txt
Deleted : C:\Users\Holly\Desktop\OTL (1).exe
Deleted : C:\Users\Holly\Desktop\OTL.exe
Deleted : C:\Users\Holly\Desktop\Result.txt
Deleted : C:\Users\Holly\Desktop\RogueKiller.exe
Deleted : C:\Users\Holly\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
 
~ Cleaning system restore ...
 
Deleted : RP #15 [Installed Jazz-Plugin | 11/08/2014 20:03:19]
Deleted : RP #16 [Windows Update | 11/12/2014 07:48:27]
Deleted : RP #17 [Malwarebytes Anti-Rootkit Restore Point | 11/12/2014 19:33:30]
Deleted : RP #18 [Windows Update | 11/18/2014 05:54:53]
Deleted : RP #19 [Windows Update | 11/19/2014 07:24:03]
Deleted : RP #20 [Windows Update | 11/25/2014 16:44:49]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
 
It left ESET Powliks and MCShield on the desktop. 
 
I read the article about cryptolocker. Do you think that the site that is offering this free key is legit? There are some pictures on the flash drive that I don't have backups of. Do I have anything to worry about if I do send them one of the files and my email address?
 
Anything else I should do on my computer? 
 
Thanks,
 
 
Happy Thanksgiving.
 
Holly

  • 0

Advertisements


#56
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Oh, another question re: Hippofiles. I installed and ran it it shows that there are 2 outdated programs but that the updates are beta updates one was for chrome. and the other for IE version of adobe. Do I really want to use beta updates?

 

Thanks.


  • 0

#57
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thanks for all your help.

Holly


  • 0

#58
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

You are quite welcome!! Any other questions or issues? :)


  • 0

#59
AuntieHolly

AuntieHolly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I think I'm good here. Thank you so much for all your help and advice. Getting rid of malware is a really interesting process but I hope that I don't have to go through it again. Holly


  • 0

#60
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I think I'm good here. Thank you so much for all your help and advice.

 

You're very welcome!!! It was a pleasure!

 

Getting rid of malware is a really interesting process but I hope that I don't have to go through it again.

I hope you don't either, but if you do, don't forget where we are :thumbsup:


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP