Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I need help with ransomware [Solved]


  • This topic is locked This topic is locked

#1
mx842

mx842

    Member

  • Member
  • PipPip
  • 39 posts

I'm running a win 10, 64-bit computer and have been getting some really strange stuff going on for a while now. In the past two years I have gotten that ransomware screen and when I did, I shut the computer down right away and rebooted and everything started back up like it should. Lately I have noticed slow boot time......longer than it normally does. When online my web page/pages will just close on their own and I'll have to start all over again. 

What brought this up is my debit card was used by someone else and bought $4,745.00 worth of stuff off the internet and it's taken a couple days to get that straight and I'm wondering if someone got my card # off the net somehow. I try to be careful when I'm on the net by not opening e-mails that look suspicious and staying off unsecured sites and such but sometimes, I get in a hurry like most people do and things happen.

I looked in task manager and found this process that didn't look right, I did a search on it and it seems to be some kind of ransomware file. I don't know this to be true but by going by a few sites I looked at they seemed to think so anyway. the file in question is, jaauutkoqqw.2jednkntrjj.

I'm going to try a attach a screen shot if that is permissible of my task manager in hopes you get a better idea and maybe you may see something else that may need to be addressed. 

Screenshot (2).png  

I don't know if you can make anything out of that it looks kind of small.


  • 0

Advertisements


#2
phillpower2

phillpower2

    Mechanised Mod

  • Global Moderator
  • 24,693 posts

Sorry but your OP should not be on this forum, see link below and if necessary please only start a thread on the appropriate security forum and follow the guide accordingly.

 

Attention! Read Malware and Spyware Cleaning Guide before posting.

 

Thread closed as per the above explanation.


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello, mx842.

 

I moved your topic in the Malware Removal Forum.

 

As my colleague Phillpower2 explained to you above, you must now read the instructions here and post the requested logs. That way, we will be able to diagnose and clean your system. 


  • 0

#4
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sorry its been a while since I was here. But let me ask, what's going to happen if I'm downloading that first program and the page closes by itself? I thought I had fixed that by downloading a couple updates that somehow got missed but I see that didn't help. It's closed down 3 times this morning while I have been working on this.


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

I am not sure I got you. You mean that you downloaded FRST and then disappeared from your Desktop? What page closes by itself? Please, be a bit more specific, so I can understand what is happening. 


  • 0

#6
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

No, I haven't done anything yet but reset edge hoping that would help with the problem I'm having where edge just shuts down by itself and I have to reload all my tabs. My question is what's going to happen if I'm in the middle of the download and it shuts down. I don't need any more problems than I already have.

A better way to explain it is I'll be working online and sometimes I'll have several tabs open. When this happens all the pages just go away and all I have left is my desktop. I don't know any better way to explain it than that. 


  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Nothing will happen if the you are in the middle of a download and Edge closes itself. If this happens only in Edge, try to download FRST using another browser. 


  • 0

#8
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Do you want me to copy and paste or attach the files?


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

I would prefer them as attached text files, please. 


  • 0

#10
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ok I have to go out for a few hours and I'll check in before I shut down. Thanks

Attached Files


  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts
Actually, I won't be able to review them until tomorrow. Have in mind that my time zone is GMT +2.
 
Since we are going to start the cleaning procedure soon, please adhere to the basic guidelines below. They are very important during the whole process.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
  • 0

#12
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

No problem, that will be better for me anyway. Thanks


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello, mx842.
 
YTDownloader is considered as a Potentially Unwanted Software (See here). Since the tools we are going to use detect it, I'll include it in the fix to be uninstalled. 
 
So, let's begin.
 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\MountPoints2: {379f5904-6e44-11ec-8bc0-18037334bed0} - "J:\LaunchU3.exe" -a
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1rbbpxua1so.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: 1rbbpxua1so.lnk -> C:\Users\Lin\AppData\Roaming\4jdssrxmart.jesp3sezani () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23urk41kcq3.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: 23urk41kcq3.lnk -> C:\Users\Lin\AppData\Roaming\2fugt50fm2v.nepsbmwrmva () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\454anxo3zs4.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: 454anxo3zs4.lnk -> C:\Users\Lin\AppData\Roaming\agjrvwdmgju.w0iiciae4y5 () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fy03yvfx4js.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: fy03yvfx4js.lnk -> C:\Users\Lin\AppData\Roaming\qrwrm1e3ctm.1xvgaifxcpg () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nexdzsmtige.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: nexdzsmtige.lnk -> C:\Users\Lin\AppData\Roaming\bs0rttvrjv3.hdt5t1vd1bx () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p02kspk5miu.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: p02kspk5miu.lnk -> C:\Users\Lin\AppData\Roaming\jaauutkoqqw.2jednkntrjj () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qpankyg5qrs.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: qpankyg5qrs.lnk -> C:\Users\Lin\AppData\Roaming\nkdbw5xeoxb.e4idopyldds () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syirve3ptmu.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: syirve3ptmu.lnk -> C:\Users\Lin\AppData\Roaming\fxcojpk0ods.cxr5mylbpcz () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
Startup: C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wxaw0rbu5jj.lnk [2023-11-22] <==== ATTENTION
ShortcutTarget: wxaw0rbu5jj.lnk -> C:\Users\Lin\AppData\Roaming\emdorsisnmw.tx1i5yt5beg () <==== ATTENTION [zero byte File/Folder] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2023-11-22 12:04 - 2023-11-22 12:04 - 000000093 _____ () C:\Users\Lin\AppData\Roaming\7EcHqckoSNxx1XM84RCbez0QNT8PTctu9tGchKfyqeUR1840HXGlRaNT5HQamI7H
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply please post:

  • The fixlog.txt
  • The eset.txt

  • 0

#14
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Ok, I've been looking at this for almost 2 hours and I can't seem to find this Start and End line to copy the stuff in-between . I know I must be doing something wrong, I just can't figure out what it is. I'm wondering if you mean copy what you have in the box above??


Edited by mx842, 07 December 2023 - 10:08 AM.

  • 0

#15
mx842

mx842

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Sorry I figured it out..........

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP