Jump to content

Aura

Experts
  • Posts

    16,364
  • Joined

  • Last visited

  • Days Won

    7

Everything posted by Aura

  1. Hi onphiya I split both of your posts in their own thread to make things easier. As stated by ID-Ransomware, further analysis of that Ransomware is required. Is your friend from Poland? Also, according to the article, the campaign died quickly, so I wonder if this is from a new one. https://www.bleepingcomputer.com/news/security/nozelesn-ransomware-reportedly-using-spam-to-target-poland/
  2. Thanks Devin. If you need logs or anything let me know and I'll be happy to assist
  3. Hi Sustagen My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt
  4. I'm getting the same behavior in my Google Chrome, usually when I try to download a file. A bunch of tabs will open (and by "bunch", I mean over 30), all of them blocked by Malwarebytes for Chrome.
  5. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  6. All good, sorry that we weren't able to pick up your thread before. Glad to know that you were able to solve your issue though And yes, pirating software is one of the best way to get infected, so I would avoid engaging in that kind of activity! Stay safe!
  7. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  8. Hi spartacusroxx, Are you still with me?
  9. Hi microspace38, Are you still with me?
  10. Alright so that file is over 700mb because after the PowerShell content, trash data (basically %%%PADDING%%% all over) has been added to increase the filesize. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt
  11. Can you copy/paste the result from ID-Ransomware here so I can see it?
  12. Hi FSilveira If ID-Ransomware says that there's no decrypter available for that ransomware yet, then there's none. Sadly the only thing you can do is back up your encrypted files somewhere safe and hope that a free decrypter will be released in the future.
  13. I don't see anything in your logs that would indicate how this malware keeps coming back. By chance, is it possible that this server isn't fully patched (Windows Updates missing)?
  14. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  15. You should be good, yes You can delete the FRST logs, the .exe and also the C:\FRST folder.
  16. So I don't see any traces of malware in your logs. Looks like the reinstallation of Google Chrome and AdBlock Plus did the trick. Looks like this domain is associated with advertising of some sort, so not "malicious" per say, but probably flagged because of bad ads (malvertising).
  17. Hi DaveMc100 This is a fake email sent in an attempt to scam you. These extortion emails have been around for about a year now. What they do is take email adresses and passwords from public data breaches, and then send an email to the email address with the associated password in an attempt to scare the user into thinking that he was indeed hacked and to pay the ransom. You should really change your password on any websites, services that uses the one you were sent in the email, but other than that, you can delete the email and move on with your day. https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/
  18. Alright in that case let's take a quick look and see if we can find something Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system: FRST 32-bit FRST 64-bit Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Make sure the Addition.txt box is checked Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply
  19. 750mb? That's really big for a .lnk file. I think there's more to it. Can you upload it on Google Drive, Dropbox or another cloud service, get a download URL for it and PM me it?
  20. The script isn't complete sadly. It would be very useful to have it and analyze what it does so I can see what I need to look for in your logs. Do you still have that .lnk file? Or did you upload it to VirusTotal?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.