[marleygirl]

Hello Everyone.

I am unable to find a solution for this issue on the web as the virus is not listed.  The main error that we see is 
" All of your files were protected by a strong encryption with AES. 
The OS is Windows 7 64bit.  

We already installed and ran malwarebyte, C Cleaner and superAntiSpyweare.  Removed everything which was flagged including registry, rootkit etc.  All scans are showing now as clean.  We tried in safe mode also.  I am unable to find the hidden process which is running at startup.  
All files are encrypted on the desktop as mp3 files this includes photos, documents etc.
The startup files attached are what appears immediately
The recovery files were in all directories of the Registry. 

I am attaching some screen shots.  If anyone has any ideas I really would appreciate your help.  Thank you
 

  

Attached Thumbnails

• 
• 
• 

[Advertisements]

There is nothing we can do about the encrypted files.  They are gone forever unless you pay the ransom then if the crooks feel like it they can send you a key to unlock them.  If you give us a FRST scan we can make sure the virus is gone and remove the annoying warnings.  

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

•  

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure the Addition.txt box is checked.

• Press Scan button. 

• It will produce  2 logs called FRST.txt and Addition.txt in the same directory the tool is run from.  

• Please copy and paste both logs back here. If they are too big to Copy and Paste then Attach them (More Reply Options, Chhose File, point at file, Open,  Attach this File)

 

 

 

[RKinner]

There is nothing we can do about the encrypted files.  They are gone forever unless you pay the ransom then if the crooks feel like it they can send you a key to unlock them.  If you give us a FRST scan we can make sure the virus is gone and remove the annoying warnings.  

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

•  

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Make sure the Addition.txt box is checked.

• Press Scan button. 

• It will produce  2 logs called FRST.txt and Addition.txt in the same directory the tool is run from.  

• Please copy and paste both logs back here. If they are too big to Copy and Paste then Attach them (More Reply Options, Chhose File, point at file, Open,  Attach this File)