Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

REGSVR32 ERROR ON START UP MODULE FAILED TO LOAD AND INTERNAL HDD CAN&


  • Please log in to reply

#31
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I'm having a hard time finding it when I restored it. Avast blocked it


  • 0

Advertisements


#32
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

That could be the installer.
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?

Omg! Avast blocked when I restored it. It's totally gone now?


  • 0

#33
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
It will be in the Avast Virus Chest then.
I never thought of that scenario.
  • 0

#34
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

It will be in the Avast Virus Chest then.
I never thought of that scenario.

It's not there


  • 0

#35
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

 

It will be in the Avast Virus Chest then.
I never thought of that scenario.

It's not there

 

DO I need to rescan avast?


  • 0

#36
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

sy48ip.jpg

 

The pop up msg from avast


  • 0

#37
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Once again I will ask about the .txt or .html files.
Are there any in your libraries?
  • 0

#38
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Unfortunately, I can't find any


  • 0

#39
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. I will search our repositories by filename and detection-namea to see if I can find a matching sample.
Don't panic any more then you already did. OK?
  • 0

#40
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

OK. I will search our repositories by filename and detection-namea to see if I can find a matching sample.
Don't panic any more then you already did. OK?

Thank you Appreciate it so much


  • 0

Advertisements


#41
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK I found one that has the same detection names in Malwarebytes Trojan.Ransom.ED and Avast Win32:Malware-gen
Also the filename is only slightly different:
https://www.virustot...9f1a8/analysis/
Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.
  • 0

#42
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
PS Did you check if any Windows Restore points were available from last week?

This would be a good topic to read:
http://www.bleepingc...are-information

and to follow: http://www.bleepingc...-cryptodefense/
  • 0

#43
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

PS Did you check if any Windows Restore points were available from last week?

This would be a good topic to read:
http://www.bleepingc...are-information

and to follow: http://www.bleepingc...-cryptodefense/

 

OK I found one that has the same detection names in Malwarebytes Trojan.Ransom.ED and Avast Win32:Malware-gen
Also the filename is only slightly different:
https://www.virustot...9f1a8/analysis/
Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.

 

There are no decryption program for the trojan.ransom.ed yet?

 

My system restore was off. I don't have any restore points.

 

So I would just have to wait to a have something for it to decrypt and won't do anything on the harddrive?


  • 0

#44
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
As far as I can tell the Ransomware itself has been removed.
You can test this by downloading some new pictures into "My Pictures"
They should stay un-changed.

It would take a supercomputer about 1000 years to find the right key to decrypt your files.
There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.
What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.
  • 0

#45
Paopawdecarabao

Paopawdecarabao

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

As far as I can tell the Ransomware itself has been removed.
You can test this by downloading some new pictures into "My Pictures"
They should stay un-changed.

It would take a supercomputer about 1000 years to find the right key to decrypt your files.
There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.
What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.

Emailed you the files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP