Jump to content

Frisco

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Many thanks for the quick answer. I'll read the article and do a scan with Kasperky as proposed.
  2. Hello, I would need some help to identify cryptographic malware by the changes done on the file extension. As well, any suggestion on "what else" to do to ensure the computer in question is clean are welcomed. Files extension changes: example would be, file test.docx converted into test.docx~ABCDEFGH where ABCDEFGH are letters/numbers on a pseudo-random but increasing pattern when you list all .docx files. Actions done: 1) Removed the malware by downloading and using the Microsoft Malicious Software Removal Tool. Unluckily, being on a hurry I did not copied the name of the malware removed... 2) Run Malwarebytes - nothing else. 3) Downloaded and Run Windows Sysinternals Process Explorer: All signatures valid and all running process identified, nothing suspicious reported against VirusTotal. 4) Run Avast full scan from boot time. 5) Installed a "Honey pot" 6) Removed all files with modified extension. 7) Recovered incremental backup, but "just in case" as I have the feeling that no file was erased... I think I stopped it while it was still doing the crypto work... All files erased as much as I can say still had their non-crypto original companion. So, questions are a) What malware it was? So to understand what he was doing and if it may have set something else: A backdoor? A process running at given intervals? A key logger? b) What else to check? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.