[BrianDrab]

Excellent. Good job. So your choices for your corrupted documents is to simply keep them where they are and if the private key ever gets leaked you will be able to decrypt them.

 

Or we can move all of them off into a folder to clean up the machine. Your choice. I can see benefits of doing it both ways.

 

Let me know.

[Advertisements]

I'd like them all to be together, please. Don't want them clogging up my files.

[OkayOkayOkay]

I'd like them all to be together, please. Don't want them clogging up my files.

[BrianDrab]

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download fixlist.txt and save it to the Desktop.

Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

[OkayOkayOkay]

That link seems to send me to an online document as opposed to a downloadable file! HELP!

[BrianDrab]

Can you right-click the link and choose Save Link as... (if using Chrome) or Save Target As.. (if using IE) and then save to your desktop?

[OkayOkayOkay]

Yes. Fixing now

[OkayOkayOkay]

I'm ry it took so long!! Here's the Fixlog, attached.

Attached Files

•  Fixlog.zip   546.66KB   301 downloads

[BrianDrab]

Looks good and yes it would have taken a long time. Ransomware is no fun. All of your documents are now consolidated into the folder named FRST on your C:\ drive.

 

Please make a copy of this folder (as we will be removing this shortly) and place it somewhere else so if you ever need it you will have access to it. Also rename the folder to something more logical for this purpose. Go ahead and look within this folder so you can see how all of your documents are arranged. I wanted to keep the directory structure so you knew where they used to be and also in case there were duplicates I didn't want to overwrite them. If you prefer some other organization method, simply let me know.

 

Let me know once this is done and we'll finish your cleanup. We're almost done.  Thanks.

[OkayOkayOkay]

Is it safe to delete the files I know I'll never need again? The likes of the Skype folder..?

 

I will change it up if necessary, thank you for the offer though. I have backed them up, what next!?

[BrianDrab]

Is it safe to delete the files I know I'll never need again? The likes of the Skype folder..?

 

If you are talking about things within the FRST folder (the copy you made) then yes you can delete everything you don't need.

 

I'll post instructions shortly.

[BrianDrab]

Let's first deal with your extra user account in case there is an infection hidden in there.

 

Remove simone_2 user account

1. Click your Start button

2. Right-click on Computer and select Properties

3. Click the Advanced System Settings link

4. Click the Settings button within the User Profiles section

5. The User Profiles screen should appear. Do you see a user named simone_2 in there?

6. If so, please select this account and choose Delete

 

Let me know once this is done or if you have any questions. Thanks.

[OkayOkayOkay]

I've deleted it.

 

I'm all set! Just one question though, am I free to use Google Chrome freely now?

[OkayOkayOkay]

Also two more things, what programs can I now uninstall? If it's simpler, what programs do you want me to keep?

 

Secondly, I have loads of files that are like, faded out...I'm not sure why and what they're for but they're in lots of places and it's very annoying. How do I combat this?

[BrianDrab]

Yes you are able to use Chrome freely now.

 

OK! Well done, your computer is clean again! Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 

 

Another product you may be interested in is CryptoMonitor which is currently free. 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

[BrianDrab]

Secondly, I have loads of files that are like, faded out...I'm not sure why and what they're for but they're in lots of places and it's very annoying. How do I combat this?

 

 

After you perform the cleanup from the previous post let me know if this is still an issue.