Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Malware ransom encryption, AES

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts

Hello Everyone.

I am unable to find a solution for this issue on the web as the virus is not listed.  The main error that we see is 
" All of your files were protected by a strong encryption with AES. 
The OS is Windows 7 64bit.  

We already installed and ran malwarebyte, C Cleaner and superAntiSpyweare.  Removed everything which was flagged including registry, rootkit etc.  All scans are showing now as clean.  We tried in safe mode also.  I am unable to find the hidden process which is running at startup.  
All files are encrypted on the desktop as mp3 files this includes photos, documents etc.
The startup files attached are what appears immediately
The recovery files were in all directories of the Registry. 

I am attaching some screen shots.  If anyone has any ideas I really would appreciate your help.  Thank you


Attached Thumbnails

  • startupfiles2.jpg
  • Startupfiles.jpg
  • recoveryfiles.jpg

  • 0




    Malware Expert

  • Expert
  • 21,461 posts
  • MVP

There is nothing we can do about the encrypted files.  They are gone forever unless you pay the ransom then if the crooks feel like it they can send you a key to unlock them.  If you give us a FRST scan we can make sure the virus is gone and remove the annoying warnings.  


Please download Farbar Recovery Scan Tool and save it to your Desktop. 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure the Addition.txt box is checked.
  • Press Scan button. 
  • It will produce  2 logs called FRST.txt and Addition.txt in the same directory the tool is run from.  
  • Please copy and paste both logs back here. If they are too big to Copy and Paste then Attach them (More Reply Options, Chhose File, point at file, Open,  Attach this File)

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP