Jump to content

Search the Community

Showing results for tags 'ransomware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 51 results

  1. Hi, All my computer files have been infected and the .heard extension has been added to all files. Please help to resolve the problem. Thank you
  2. Hi I've just discovered that some of my files on my NAS drive have been infected with a ransomware virus called NamPoHyu. it has put a file in every folder !!!CHEKYSHKA_DECRYPT_README>TXT "All your files have been encrypted. Your unique id: A3663CED1B824F259C8F95D020755DAA You can buy decryption for 350$ in Bitcoins. But before you pay, you can make sure that we can really decrypt any of your files. The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files. To do this: 1) Download and install Tor Browser ( https://www.torproject.org/download/ ) 2) Open the y7c5bdswtvcfbb2c6waotudyrwhvetxt5xzdkq5hyxnd7clpc3dernqd.onion web page in the Tor Browser and follow the instructions." All of the files now have an extension .nampohyu. Fortunately there is nothing important on this drive but I would like to remove the virus and make this drive safe. Any suggestions?
  3. These windows pages claim that my security and financial information is being captured and sent to thieves unless I contact the number given. Malwarebytes and McAfee do not stop it. Windows health system checks do not find it.
  4. This is my first use of the support forum. I am not a sophisticated user, so I apologize in advance if I have violated any forum protocols or user rules. I rec'd a ransomware email today which I think is BS, but would appreciate assistance with how to detect if this is a real threat or a phishing attempt for bitcoins. My suspicions are raised because I do not have a camera in use as my laptop is always closed, and also has a movable lens cover, also closed. There is no external camera, only a 23" display. I have a speaker system and use it's external jack for webinar audio and VOIP calls. I rec'd a similar threat like this two years ago but there was no time delay in the ransom demand. At that time I did not have MalBytes software. I did a system restore and did not have any repercussions. Due to a hard drive failure I have since replaced that computer with my current laptop: Lenovo IdeaPad Flex 6-14IKB. I have Norton, I use CCleaner after all internet sessions, and MalwareBytes runs daily with update checks every 4 hours. MalwareBytes Threat Scan log shows nothing detected. Is it possible there is a driver breach that is not being identified by MalwareBytes? Lastly, after some recent Lenovo BIOS and Windows updates, I have noticed a command screen during startup that flickers by very quickly, but I do not know how to capture this for further review. I have this original e-mail quarantined in my Spam file.....the message content is below...... Thank you in advance for your constructive guidance, comments or assistance. From: papelucho@papelariapapelucho.com.br Hello! I am a hacker who has access to your operating system. I also have full access to your account. I've been watching you for a few months now. The fact is that you were infected with malware through a site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing you in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 3Lgb1jV4mFr4jDZD2tCxSMySLujRLJykRt After receiving the payment, I will delete the video and you will never hear me again. I give you 50 hours (more than 2 days) to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed.
  5. I have a nasty virus. It closes tabs in my browser when I try to switch to them. I can not click on the tab I am in or it closes. When I run malwarebites, it finds MANY pup files, but I can not click on the quarantine button because it is deactivated as are all others. I just don't know what to do. I have run combofix with no resolution. I'm at my wits end.
  6. Hi, I batch files using robocopy to backup my network files. Until recently never had a problem, but now Malwarewarebytes determines them as ransomware while running, stops the process midway, quarantines the .bat file and locks me out from trying to edit the file (Please refer jpg). I have tried the following but get the same outcome: 1) excluding the individual files and the entire folder where i keep the batch files (pls refer jpg) 2) disabling the ransomware protection temporarily before running the batch file Please advise, many thanks dch Attachments:- (A) sample of the batch file saved as "1 Backup media to_W.txt" file as the .bat extension is not allowed by your upload filter. (B) PermissionDenied.jpg (C) Exclusions.jpg 1 Backup media to_W.txt
  7. I reinstalled Windows 7 on my Media Center last week. As part of the setup I installed a dodgy-looking exe file (CyberLinkDVD16, I have a valid paid-for key but I couldn't find the install files and the official download link doesn't work) I ran Malwarebytes straight after, everything was OK. 2 days later all my files were encrypted with extension 'crypted_luedtkis@feudtory_com', I have backups for the OS etc. but not for 4TB of TV shows (annoying but not the end of the world). Malwarebytes still didn't find anything! id-ransomware tells me this is GlobelImposter 2.0 There is also a post about this from bcj1998
  8. So, this may be entirely unreasonable in a productivity sense, but I have been thinking about a ransom software firewall that would essentially remove almost all ability for even unknown ransomware threats to truly be feasible in large scale attacks. The unreasonable part I will start with in that, this is an entirely different approach to security than normal. Generally, almost all IT software that must be maintained on systems approach security as well as others interests with the idea that productivity first and foremost are the most important aspect of IT. There was also a time in history when productivity was more important than employee safety, and as time went on this has mostly changed. I believe too, with IT security, there is a change coming from where instead of approaching security with productivity being the leading factor forcing an allow all ideology unless otherwise known to be malicious in nature to the opposite, where security concerns and breaches will outweigh the gains in productivity to approach security in this manner, and at this time, like productivity and worker safety, they will invert, and security will become more important than productivity which will spur a new way of thinking of security instead of an allow all unless otherwise known to be malicious, it will be the block all unless otherwise known to be good. We have already reached this point with firewalls and so on, which was not always the case before. With this thinking, it makes me wander if creating a true ransomware soft firewall would be in line with this notion. In ransomware, there is primarily one major flaw that can be exploited to be used against itself in my opinion which ties almost all ransomware together in this one flaw. Encryption requires a key, there are only two true ways of creating an encryption key, there are PSK's, pre-shared keys, which are not suggested to be used unless necessary and in large deployments they are essentially their own undoing because there are more "victim" machines to manipulate to garnish this PSK from and that is the flaw in the PSK method, rendering it a less secure way of creating encryption keys and as such, easier to "break" the encryption key or acquire it by other means such as decompilation of malware, and so on. The only other method for creating encryption keys, which all Ransomware and encryption requires, is to use the RNG(Random number generator) chips and functions to create a truly unique string to be used as a key. In this method, because each key is random and unique, and usually the formulas are not reversible, you cannot find, acquire, or break the decryption key, with a single victim machine using this key. As such, I believe creating software with signatures to block all calls to RNG's chips/functions first and foremost, and have a whitelist function to allow bypassing of this check or block, would be one way of stopping almost all credible Ransomware threats known and unknown, while PSK ransomware will be it's own undoing in the long run. Mostly, while others do for one reason or another, RNG calls are used in encryption and gaming. As such, whitelist could be pre-filled with known good software for encryption and games, etc, while blocking anything else from creating uniquely random strings. I do not have the experience to write the signatures myself, so I am not sure if this is a reasonably effective way of blocking ransomware. Does it seem this might be worth pursuing or researching from other more experienced security engineers?
  9. Hi! On Sunday, Feb 24, 2019, I helped a friend transfer data to a new PC and discovered a number of his files had been encrypted. Apparently, back in 2015, his system was hit by the "CTB-Locker" ransomware. He and his wife simply didn't notice the documents, photos, and music files CTB-Locker encrypted were no longer available. I also found the ransom files CTB-Locker left behind, with instructions on paying the ransom, etc. Back in 2011, I helped him purchase a MBAM license and I made sure to activate that license on his new PC. He has the latest version of MBAM running on his new Windows 10-based system. In any event, I assume MBAM protects against CTB-Locker, by now, but my question is: when did MBAM start detecting and/or protecting against CTB-Locker? By virtue of his having a MBAM license, I don't assume MBAM was actually running or had the real-time protection enabled, etc, but I'm going to make sure *he* knows how to make sure MBAM is providing the appropriate protection. I have no clue how his system got hit, in the first place. I assume someone downloaded or ran something that resulted in the infection. Thanks in advance?
  10. I atached a pdf file I can open it but I can see it. I have a bunch a files like this. Do i need a software or what can i do? ElecticalComputerEng14-15.pdf
  11. Malwarebytes version Premium 3.6.1. Ransomware Realtime protection off and will not turn on. Problem surfaced after upgraded to Windows 10 Pro version 1803. I see Windows defender also has ransomware protection.
  12. I know I downloaded a ton of viruses from a fake torrent. Some trojans and even ransomware that was turning my files into .tfudet files and making them inaccessible. I think I got rid of most of it but not all, now I can't access some programs like I can't open MLWB or some others antiviruses, I can't open chrome, and some other issues that I wasn't having before. I don't know what to do anymore please help, how I identify what's wrong and how do I fix it.
  13. Hello, I had a windows update the other day and now I can't turn on ransomware for malwarebytes. I have included the log file requested. please help. thanks. mbst-grab-results.zip
  14. Hi guys, I'll keep my story short. I think my PC is being remotely controlled and infected with Trojans malware ransomware ect... what makes me feel like that? Well my certificates, credentials, passwords, user rights and much more being changed/blocked/deleted. I had to exchange my comcast router, I had a technician coming to my house to do a checkup he found my outside Xfinity box open and the cables were played with. He installed a moca point of entry adapter just in case im a victim of w man of the middle or evil twin attack. I installed ExpressVPN, brand new bitdefender 2019 top security software, changed my security settings within my router to basically max security. Blocked mac addresses... I Recovered my own laptop for the 10th time but somehow someone or something keeps getting access to my laptop. I have extremely high data consumption at night while I sleep even tho my PC is shut down before I go to sleep. Current status I disabled my wifi adapter within bios and am plugged into ethernet. My antivirus and VPN are broken because they don't work anymore, I can't deinstall certain software anymore like malwarebytes for example.I have weird background tasks running. There is unknown root kit certificates installed by root agency and lots and lots of other stuff happening... I am attaching some pictures for you that looked suspicious to me. I am writing this from my galaxy so which also has a VPN on it because my phone started to act strange. Please, I need an expert like you folks to look into this and tell me what's going on. Much appreciated.
  15. I wanted to sign up for endpoint protection since we are recovering from ransomware attack. But i have some questions. I heard that it is unsupported for rdp or terminal services. I support a server remotely, and use rdp to connect. So, my first queston is - will it work if i use rdp? Recently we had a ransomware attack originating from a workstation, and being afraid that it might affect the server, I installed Malwarebytes to do a scan. It started a trial, and seemed to be intercepting riskware through the mail transport (it is exchange server) at first i thought this was a good thing, But i am not so sure now since my exchange search service is continuously stopping and restarting. Question #2: That version is Malwarebytes Premium, is it a no-no to run it on exchange server? Then I was trying to manually delete encrypted files which i wanted to do all at once , and then tried 200,000 files at once while connected remotely. Each time i tried, I got booted out and the exchange server went down, I would have to wait a few hours and then restart services manually. Question #3: was malwarebytes premium involved in any of that and should I uninstall it? Please respond since I am in the middle of this now!
  16. Hi y'all. My HP Pavilion Sleekbook running Windows 8.1 just had its entire hard drive nuked without any warning, and I'm pretty sure GandCrab V4 had something to do with it. I haven't found any documented incidents of GandCrab causing data erasure, but I do know that the ransom note it creates does mention the possibility of "loss of your data forever." Is it possible that the ransomware somehow failed in encrypting my files, and instead decided to delete them all? When I was trying to download some files onto my laptop, I accidentally ran an executable with the good old .(file extension I want).exe trick. My fault for never turning on file extensions. The file didn't do much of anything, and my Avast Premier didn't detect anything. I ran Avast and MBAM free just to be sure, but everything came back clean. I figured the executable was probably just broken or something, and even if it was something nasty, I'd be alright because I have network discovery disabled and I don't have anything important on there. My laptop worked fine as usual for a couple days until it refused to boot. Windows kept giving me a startup repair loop and said it couldn't find anything. Refreshing wouldn't work as it said that the drive was locked, and resetting the drive wouldn't work either. No system restore images were found (odd considering my laptop just had a major update), and the HP recovery manager couldn't even perform a factory reset. After trying the HP factory reset, I shut down my computer in anger and turned it on again a bit later. This time, instead of booting into startup repair, a message appeared that no operating system was found on the hard disk. I got a Windows 8.1 ISO, and when I booted into it and got the directory of the C drive in command prompt, it was completely empty. I decided to look in the D drive, which was previously used for HP recovery, and found nothing but the GandCrab V4 ransom note telling me to cough up some money or else my files would stay encrypted. I find it odd that all my files were deleted and the ransom note happened to be the only file that survived on the entire hard disk. There were no .KRAB files, no Windows folder, nothing. Just the note in the D drive. Is it possible that this is a new manifestation of GandCrab? TLDR: It looks like GandCrab nuked my hard disk instead of encrypting my files. Is that even possible??
  17. Hello, Whenever windows restarts i get the message you are not fully protected, "Manage security settings" to turn Malware bytes on with every reboot. This wasn't the case before. Also ransomware cannot be turned on. I tried to whitelist the Malware bytes from Windows defender, still same behavior.
  18. Hello there! I represent the https://www.myassays.com/ development team. We received several complaints from our customers that Malwarebytes Pro is blocking MyAssays.Desktop.Analysis.exe. So I used your trial version to explore this. Triggering does not occur when scanning. Detection happens by accident upon working with the application. There are no exact steps. I tried doing the same thing many times after reinstalling the MyAssays Desktop application, but Malwarebytes does not block the app again. I attach log files of my detection (detection log + json). Hope they will help you. Best regards, MyAssays Team. RansomwareBlocked.zip
  19. Friend came over to help me with an issue I was having with Office 2016. Recently had it and now it wasn't working. He told me about KMS and as I was looking it up seeing if it was safe, legal, etc... he installs it from the zip and I've never seen a virus/malware/ransomware act like this. All of a sudden programs start opening up: a radio program streaming podcasts or online radio, took control of Firefox, installed their own version of IE, and I noticed the mouse moving on it's own and that's when I just freaked and shut it down. Tried to start in advanced options, the safe mode, but now it's giving me an SrtTrail logfile missing error message. When it boots up AT ALL and tries to access windows, it shows the dell boot up logo, "prepairing automatic repair," two (what looks like) cmd windows flash for a millisecond, then "diagnosing your pic" "repairing files (sometimes) and then says "automatic repair couldn't repair your PC" Bc of c:\windows\system32\logfiles\srt\srttrail.txt AND a system reset to factory settings AND factory image restore don't seem to work because of "not enough space" I've tried to fix the logfile issue in cmd promt, I've tried to delete the KMS file in cmd prompt but couldn't find it I don't mind resetting, reverting or reformatting the computer (as long as I keep windows) as it's only a few months old.... is there a way to either rid the virus OR just "freeing up space" IF that's even true? Could the virus be filling up the hard drive for THAT main reason?
  20. Sorry if this is the wrong forum to post this in. This is my first time posting on these forums. I was wondering if there's a way to confirm if a USB flash drive is free of viruses, malware, and/or ransomware? I used this USB flash drive back on Feb. 23rd with a computer (Windows XP) that was a part of a network. The server was infected with Ransomware and all the files on the shared network were encrypted on Feb. 25th. Supposedly nobody used any of the computers on the network on the 25th, so I suspect that the infection happened earlier and activated the Ransomware at a later date (I don't know if this is even possible). I always remove the flash drive from the computer when I'm not using it, however, since I don't know when exactly the infection occurred, I really don't know if it was infected or not. The tech that was hired was unable to decrypt the files and couldn't contact the hacker to pay the ransom, so we ended up replacing the computer with Windows 10 and restoring some of the files from an older backup. There are files I'd like to transfer from the flash drive to the new Windows 10 computer (Computer #1) and to an older spare computer running Windows XP (Computer #2), as the backup the tech used did not have copies of these files. After avoiding the flash drive for weeks, I decided to test it out on Computer #1 (Apr. 3rd), since I thought Windows 10 would be more secure. After plugging it in, there was a notification saying "There is a problem with this drive. Scan the drive now and fix it." I ran Windows Defender and the scan detected "no threats" on the USB flash drive. I also ran a full system scan and it was also clean. Since then, I have been saving documents to the flash drive and opening files on it (always while using Computer #1), but I've refrained from copying the flash drive's files to Computers #1 and #2 because of a lingering fear of infection. Every time I plug it in, I always get the same notification to scan & fix it, but every time I scan it with Windows Defender, no threats are ever found. It's been over two weeks now since I've tried inserting the flash drive and nothing bad has happened to Computer #1 (or the rest of the network for that matter). I've avoided using the flash drive on Computer #2, because I worry Windows XP will be more vulnerable or the infection will only effect XP but not 10. Questions: 1) MAIN QUESTION: Is the USB Flash Drive safe to use (free of Ransomware, Malware, Viruses, etc.)? 2) Does Ransomware usually wait a period of time before activating or take awhile to encrypt files? 3) Are Windows Defender and Avast Antivirus even capable of detecting Ransomware or am I wasting time running scans with them? 4) Have I made a big mistake by opening files on the flash drive with Computer #1, and spread malware on the network? 5) Does Ransomware even make copies of itself and spread like viruses do? EDIT: Another thing I noticed is that the Flash Drive is supposed to have a size of 16 GB, but according to Windows Explorer, its total size is only 14.9 GB. Is this just false advertisement of the product, or is something wrong with the flash drive? Notes: USB Flash Drive: SanDisk Cruzer Glide 16GB Computer #1: Windows 10 Computer #2: Windows XP (Service Pack 3) Windows Defender: Updates automatically (up to date) - for Computer #1 Avast Antivirus: Updates automatically (up to date) - for Computer #2 * The USB Flash Drive is usually plugged into a computer for 2 hours or less. I very rarely leave it in for a long duration. Thanks for your help, T-Ruth
  21. I sent this in as a question to Malwarebytes support three days ago, but no one has answered. I want to know if Malwarebytes for Mac guards against ransomware. Does it?
  22. I have Amazon's Appstore and Malwarebytes on both my phone (LG G5) and Tablet (Nvidia Shield K1). Both are running Android 7.0. Only difference is on my phone's Amazon Appstore was installed from Google Play Store and on my tablet I installed the APK from Amazon's website (https://www.amazon.com/gp/mas/get/android/ref=get_appstore?ie=UTF8&appName=appstore&ref_=mas_sms_dl) ^Exact URL used Any scan results do not indicate anything on either device, however after turning my tablet's screen off for several minutes and turning it back on I keep getting ransomware notifications from Malwarebytes about the Amazon Appstore (I'm assuming because it is not from the play store and has control over the apps installed from it in some fashion) Wouldn't be too big of a problem if Malwarebytes didn't add an HTML file to my tablet's home screen every time. I'd would uninstall Amazon Appstore from my tablet but, being my gaming tablet and running games smoother than my phone, I really don't want to (nice to have access to apps I bought from Amazon on my tablet too. And some of the free apps are not available in the Play Store for my tablet, but are on Appstore and install/run fine on my tablet for example) Anyway to get Malwarebytes Mobile to ignore Appstore when installed from Amazon's site or can someone from Support look into it and fix it in a future database update?
  23. Does Malwarebytes Premium detect Wannacry? I am a paying customer, and I keep seeing Wannacry being talked about, but I am not familiar with these sort of thimgs...
  24. Below is an email I received yesterday. It had a Word file attached as a resume. I downloaded it and all of my files are locked now. Malwarebytes got rid of the virus but files are still locked. Now what do I do. Thanks, Mitch Monica Deal <0f8b4466083130dfa7debce430f7747e@reply.craigslist.org> Mar 15 (1 day ago) to f2hnn-65041430. Original craigslist post: https://columbus.craigslist.org/trd/6504143066.html About craigslist mail: https://craigslist.org/about/help/email-relay Please flag unwanted messages (spam, scam, other): https://craigslist.org/mf/972553ffcd59c491b6b94b629ae6216098f8ae60.1 Attachments area Click here to Reply, Reply to all, or Forward ReadMe.txt
  25. I, too, received the same type of e-mailed response to a Craigslist job posting I had listed. It appeared to be an attached CV, which had to be opened w/ a password. Ironically, when I was reading through previous posts, it was even the same password? "5558"? However, I thought that my virus software did not allow this to be opened, since I immediately received a notification? Unfortunately, a few moments later I received a 'ransom' note w/ instructions on how to purchase special decryption software to receive 'my RSA private key' if I ever wanted my files back?! There were instructions on how to open a tor browser, etc. I have not proceeded with any actions at all on my computer--not even restarting in safe mode. Just curious if any progress has been made regarding this ransom-type file encryption? I received this craigslist e-mail on Wednesday, March 7, but did not open it until Sunday, 3-11-18.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.