Jump to content

chazz

Members
  • Content Count

    8
  • Joined

  • Last visited

About chazz

  • Rank
    New Member
  1. I was very afraid that would be the case. Alas. Apart from paying these clowns the ransom, there's unfortunately no way to get the data back... and what was supposedly a pretty solid AV just let this thing have its way with the machine. Saddening, it is.
  2. Alas, not Kaspersky. One of the things this virus did was break my Internet connectivity. Vexingly, it seems to have decided to encrypt DLLs as well, and one or more of the DLLs it has destroyed seems to be a filter driver on the network stack; the machine can see that it has a cable plugged in, and may eb able to get an IP address via DHCP, but can't see anything on the network. Every file that I've posted here, and every download that has run on that computer, has been transferred by thumb drive, because that's the only form of communication it has.
  3. Very sorry about the delay - a minor squabble with the landlord meant I didn't get into this office again until just now. Here's the CBS log, in all its "glory". CBS.zip
  4. The log file is attached. I'll note that a large number of applications would report failure to start originally; some of the more important ones looked to be preload bits for QuickBooks - this machine is used for accounting, apparently. After the fix, I'm not getting quite as many of those notifications. It would appear that this particular version of ransomware also will encrypt a lot of executable files, and programs were failing to start because their DLLs were no longer readable. Just before the reboot, there was a warning that UAC settings were less than optimal, and offered to correct them. I think that was from Kaspersky which - stupidly - I forgot to disable. I can easily rerun FarBar with a new fixlist to cover anything Kaspersky refused it permission for, if necessary. I'm guessing that Farbar changed UAC so that it could autorun on reboot, and I'm hoping it changed them back. Fixlog.txt
  5. Certainly. Files are attached. MB11.txt is the MalwareBytes scan from today. I have the scan that caught PUPs as well if you need it. AdwCleaner actually made two log files, an S00 scan log and a C00 clean log; attached is the C00 clean log. And of course the FRST logs are attached as well. Farbar did complain about no internet connection, AdwCleaner did not. And thank you very much for this. mb11.txt AdwCleaner.txt Addition.txt FRST.txt
  6. Just to confirm before I crank this up - I note that both AdwCleaner and Farbar Recovery are relatively small, 5 and 10 MB range. Given how many viruses are out there, this would suggest that there are no definitions included in these programs. Do these programs fetch definitions from the Internet - do I have to have a hot connection to run them? Also, MalwareBytes has already been run on this machine and isolated four files and one directory that were identified as PUP varieties, rather than active ransomware. I expect that a scan now will show no problems, making the scan report useless, and I'm wondering if there is a way to get a virus chest report in the format you want?
  7. Thank you to 1PW for the PM... now it's time to actually do some work, I guess.
  8. I've been handed a computer for cleaning. It's infected with the Phobos ransomware (Deuce variant), and because the infection is probably still active, I really don't want to connect it to my network, or any network I care about at all. The standard MalwareBytes install would seem to be a small installer that then goes out to the internet for (at least) definitions. Is there any way for me to retrieve a copy of the full installer, with definitions, that I can drop onto this machine via a thumb drive?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.