I'm having a hard time finding it when I restored it. Avast blocked it
REGSVR32 ERROR ON START UP MODULE FAILED TO LOAD AND INTERNAL HDD CAN&
#31
Posted 04 February 2015 - 03:03 AM
#32
Posted 04 February 2015 - 03:15 AM
That could be the installer.
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?
Omg! Avast blocked when I restored it. It's totally gone now?
#33
Posted 04 February 2015 - 03:20 AM
I never thought of that scenario.
#34
Posted 04 February 2015 - 03:28 AM
It will be in the Avast Virus Chest then.
I never thought of that scenario.
It's not there
#35
Posted 04 February 2015 - 03:29 AM
It will be in the Avast Virus Chest then.
I never thought of that scenario.It's not there
DO I need to rescan avast?
#36
Posted 04 February 2015 - 03:42 AM
The pop up msg from avast
#37
Posted 04 February 2015 - 03:48 AM
Are there any in your libraries?
#38
Posted 04 February 2015 - 03:52 AM
Unfortunately, I can't find any
#39
Posted 04 February 2015 - 03:59 AM
Don't panic any more then you already did. OK?
#40
Posted 04 February 2015 - 04:01 AM
OK. I will search our repositories by filename and detection-namea to see if I can find a matching sample.
Don't panic any more then you already did. OK?
Thank you Appreciate it so much
#41
Posted 04 February 2015 - 04:56 AM
Also the filename is only slightly different:
https://www.virustot...9f1a8/analysis/
Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.
#42
Posted 04 February 2015 - 05:34 AM
This would be a good topic to read:
http://www.bleepingc...are-information
and to follow: http://www.bleepingc...-cryptodefense/
#43
Posted 04 February 2015 - 01:03 PM
PS Did you check if any Windows Restore points were available from last week?
This would be a good topic to read:
http://www.bleepingc...are-information
and to follow: http://www.bleepingc...-cryptodefense/
OK I found one that has the same detection names in Malwarebytes Trojan.Ransom.ED and Avast Win32:Malware-gen
Also the filename is only slightly different:
https://www.virustot...9f1a8/analysis/
Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.
There are no decryption program for the trojan.ransom.ed yet?
My system restore was off. I don't have any restore points.
So I would just have to wait to a have something for it to decrypt and won't do anything on the harddrive?
#44
Posted 04 February 2015 - 01:35 PM
You can test this by downloading some new pictures into "My Pictures"
They should stay un-changed.
It would take a supercomputer about 1000 years to find the right key to decrypt your files.
There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.
What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.
#45
Posted 04 February 2015 - 02:19 PM
As far as I can tell the Ransomware itself has been removed.
You can test this by downloading some new pictures into "My Pictures"
They should stay un-changed.
It would take a supercomputer about 1000 years to find the right key to decrypt your files.
There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.
What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.
Emailed you the files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users