Jump to content

Search the Community

Showing results for tags 'ransomware'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 82 results

  1. Hi guys, I'll keep my story short. I think my PC is being remotely controlled and infected with Trojans malware ransomware ect... what makes me feel like that? Well my certificates, credentials, passwords, user rights and much more being changed/blocked/deleted. I had to exchange my comcast router, I had a technician coming to my house to do a checkup he found my outside Xfinity box open and the cables were played with. He installed a moca point of entry adapter just in case im a victim of w man of the middle or evil twin attack. I installed ExpressVPN, brand new bitdefender 2019 top security software, changed my security settings within my router to basically max security. Blocked mac addresses... I Recovered my own laptop for the 10th time but somehow someone or something keeps getting access to my laptop. I have extremely high data consumption at night while I sleep even tho my PC is shut down before I go to sleep. Current status I disabled my wifi adapter within bios and am plugged into ethernet. My antivirus and VPN are broken because they don't work anymore, I can't deinstall certain software anymore like malwarebytes for example.I have weird background tasks running. There is unknown root kit certificates installed by root agency and lots and lots of other stuff happening... I am attaching some pictures for you that looked suspicious to me. I am writing this from my galaxy so which also has a VPN on it because my phone started to act strange. Please, I need an expert like you folks to look into this and tell me what's going on. Much appreciated.
  2. I wanted to sign up for endpoint protection since we are recovering from ransomware attack. But i have some questions. I heard that it is unsupported for rdp or terminal services. I support a server remotely, and use rdp to connect. So, my first queston is - will it work if i use rdp? Recently we had a ransomware attack originating from a workstation, and being afraid that it might affect the server, I installed Malwarebytes to do a scan. It started a trial, and seemed to be intercepting riskware through the mail transport (it is exchange server) at first i thought this was a good thing, But i am not so sure now since my exchange search service is continuously stopping and restarting. Question #2: That version is Malwarebytes Premium, is it a no-no to run it on exchange server? Then I was trying to manually delete encrypted files which i wanted to do all at once , and then tried 200,000 files at once while connected remotely. Each time i tried, I got booted out and the exchange server went down, I would have to wait a few hours and then restart services manually. Question #3: was malwarebytes premium involved in any of that and should I uninstall it? Please respond since I am in the middle of this now!
  3. Hi y'all. My HP Pavilion Sleekbook running Windows 8.1 just had its entire hard drive nuked without any warning, and I'm pretty sure GandCrab V4 had something to do with it. I haven't found any documented incidents of GandCrab causing data erasure, but I do know that the ransom note it creates does mention the possibility of "loss of your data forever." Is it possible that the ransomware somehow failed in encrypting my files, and instead decided to delete them all? When I was trying to download some files onto my laptop, I accidentally ran an executable with the good old .(file extension I want).exe trick. My fault for never turning on file extensions. The file didn't do much of anything, and my Avast Premier didn't detect anything. I ran Avast and MBAM free just to be sure, but everything came back clean. I figured the executable was probably just broken or something, and even if it was something nasty, I'd be alright because I have network discovery disabled and I don't have anything important on there. My laptop worked fine as usual for a couple days until it refused to boot. Windows kept giving me a startup repair loop and said it couldn't find anything. Refreshing wouldn't work as it said that the drive was locked, and resetting the drive wouldn't work either. No system restore images were found (odd considering my laptop just had a major update), and the HP recovery manager couldn't even perform a factory reset. After trying the HP factory reset, I shut down my computer in anger and turned it on again a bit later. This time, instead of booting into startup repair, a message appeared that no operating system was found on the hard disk. I got a Windows 8.1 ISO, and when I booted into it and got the directory of the C drive in command prompt, it was completely empty. I decided to look in the D drive, which was previously used for HP recovery, and found nothing but the GandCrab V4 ransom note telling me to cough up some money or else my files would stay encrypted. I find it odd that all my files were deleted and the ransom note happened to be the only file that survived on the entire hard disk. There were no .KRAB files, no Windows folder, nothing. Just the note in the D drive. Is it possible that this is a new manifestation of GandCrab? TLDR: It looks like GandCrab nuked my hard disk instead of encrypting my files. Is that even possible??
  4. Hello, Whenever windows restarts i get the message you are not fully protected, "Manage security settings" to turn Malware bytes on with every reboot. This wasn't the case before. Also ransomware cannot be turned on. I tried to whitelist the Malware bytes from Windows defender, still same behavior.
  5. Hello there! I represent the https://www.myassays.com/ development team. We received several complaints from our customers that Malwarebytes Pro is blocking MyAssays.Desktop.Analysis.exe. So I used your trial version to explore this. Triggering does not occur when scanning. Detection happens by accident upon working with the application. There are no exact steps. I tried doing the same thing many times after reinstalling the MyAssays Desktop application, but Malwarebytes does not block the app again. I attach log files of my detection (detection log + json). Hope they will help you. Best regards, MyAssays Team. RansomwareBlocked.zip
  6. Friend came over to help me with an issue I was having with Office 2016. Recently had it and now it wasn't working. He told me about KMS and as I was looking it up seeing if it was safe, legal, etc... he installs it from the zip and I've never seen a virus/malware/ransomware act like this. All of a sudden programs start opening up: a radio program streaming podcasts or online radio, took control of Firefox, installed their own version of IE, and I noticed the mouse moving on it's own and that's when I just freaked and shut it down. Tried to start in advanced options, the safe mode, but now it's giving me an SrtTrail logfile missing error message. When it boots up AT ALL and tries to access windows, it shows the dell boot up logo, "prepairing automatic repair," two (what looks like) cmd windows flash for a millisecond, then "diagnosing your pic" "repairing files (sometimes) and then says "automatic repair couldn't repair your PC" Bc of c:\windows\system32\logfiles\srt\srttrail.txt AND a system reset to factory settings AND factory image restore don't seem to work because of "not enough space" I've tried to fix the logfile issue in cmd promt, I've tried to delete the KMS file in cmd prompt but couldn't find it I don't mind resetting, reverting or reformatting the computer (as long as I keep windows) as it's only a few months old.... is there a way to either rid the virus OR just "freeing up space" IF that's even true? Could the virus be filling up the hard drive for THAT main reason?
  7. rgam

    UrBackup Server

    Uppgraded to MBAM Premium 3.0.4 today--- It is doing a false positive detection on Urbackup server program (I'm using 1.4.14) windows-based client-server backup program. The file is: urbackup_srv.exe 825kb which can be found: https://www.urbackup.org/downloads/Server/1.4.14/ The sticky post does not indicate how to do logs/report false positive with the MBAM V3....
  8. Sorry if this is the wrong forum to post this in. This is my first time posting on these forums. I was wondering if there's a way to confirm if a USB flash drive is free of viruses, malware, and/or ransomware? I used this USB flash drive back on Feb. 23rd with a computer (Windows XP) that was a part of a network. The server was infected with Ransomware and all the files on the shared network were encrypted on Feb. 25th. Supposedly nobody used any of the computers on the network on the 25th, so I suspect that the infection happened earlier and activated the Ransomware at a later date (I don't know if this is even possible). I always remove the flash drive from the computer when I'm not using it, however, since I don't know when exactly the infection occurred, I really don't know if it was infected or not. The tech that was hired was unable to decrypt the files and couldn't contact the hacker to pay the ransom, so we ended up replacing the computer with Windows 10 and restoring some of the files from an older backup. There are files I'd like to transfer from the flash drive to the new Windows 10 computer (Computer #1) and to an older spare computer running Windows XP (Computer #2), as the backup the tech used did not have copies of these files. After avoiding the flash drive for weeks, I decided to test it out on Computer #1 (Apr. 3rd), since I thought Windows 10 would be more secure. After plugging it in, there was a notification saying "There is a problem with this drive. Scan the drive now and fix it." I ran Windows Defender and the scan detected "no threats" on the USB flash drive. I also ran a full system scan and it was also clean. Since then, I have been saving documents to the flash drive and opening files on it (always while using Computer #1), but I've refrained from copying the flash drive's files to Computers #1 and #2 because of a lingering fear of infection. Every time I plug it in, I always get the same notification to scan & fix it, but every time I scan it with Windows Defender, no threats are ever found. It's been over two weeks now since I've tried inserting the flash drive and nothing bad has happened to Computer #1 (or the rest of the network for that matter). I've avoided using the flash drive on Computer #2, because I worry Windows XP will be more vulnerable or the infection will only effect XP but not 10. Questions: 1) MAIN QUESTION: Is the USB Flash Drive safe to use (free of Ransomware, Malware, Viruses, etc.)? 2) Does Ransomware usually wait a period of time before activating or take awhile to encrypt files? 3) Are Windows Defender and Avast Antivirus even capable of detecting Ransomware or am I wasting time running scans with them? 4) Have I made a big mistake by opening files on the flash drive with Computer #1, and spread malware on the network? 5) Does Ransomware even make copies of itself and spread like viruses do? EDIT: Another thing I noticed is that the Flash Drive is supposed to have a size of 16 GB, but according to Windows Explorer, its total size is only 14.9 GB. Is this just false advertisement of the product, or is something wrong with the flash drive? Notes: USB Flash Drive: SanDisk Cruzer Glide 16GB Computer #1: Windows 10 Computer #2: Windows XP (Service Pack 3) Windows Defender: Updates automatically (up to date) - for Computer #1 Avast Antivirus: Updates automatically (up to date) - for Computer #2 * The USB Flash Drive is usually plugged into a computer for 2 hours or less. I very rarely leave it in for a long duration. Thanks for your help, T-Ruth
  9. HowieIsaacks


    I sent this in as a question to Malwarebytes support three days ago, but no one has answered. I want to know if Malwarebytes for Mac guards against ransomware. Does it?
  10. I have Amazon's Appstore and Malwarebytes on both my phone (LG G5) and Tablet (Nvidia Shield K1). Both are running Android 7.0. Only difference is on my phone's Amazon Appstore was installed from Google Play Store and on my tablet I installed the APK from Amazon's website (https://www.amazon.com/gp/mas/get/android/ref=get_appstore?ie=UTF8&appName=appstore&ref_=mas_sms_dl) ^Exact URL used Any scan results do not indicate anything on either device, however after turning my tablet's screen off for several minutes and turning it back on I keep getting ransomware notifications from Malwarebytes about the Amazon Appstore (I'm assuming because it is not from the play store and has control over the apps installed from it in some fashion) Wouldn't be too big of a problem if Malwarebytes didn't add an HTML file to my tablet's home screen every time. I'd would uninstall Amazon Appstore from my tablet but, being my gaming tablet and running games smoother than my phone, I really don't want to (nice to have access to apps I bought from Amazon on my tablet too. And some of the free apps are not available in the Play Store for my tablet, but are on Appstore and install/run fine on my tablet for example) Anyway to get Malwarebytes Mobile to ignore Appstore when installed from Amazon's site or can someone from Support look into it and fix it in a future database update?
  11. Does Malwarebytes Premium detect Wannacry? I am a paying customer, and I keep seeing Wannacry being talked about, but I am not familiar with these sort of thimgs...
  12. MitchPeters


    Below is an email I received yesterday. It had a Word file attached as a resume. I downloaded it and all of my files are locked now. Malwarebytes got rid of the virus but files are still locked. Now what do I do. Thanks, Mitch Monica Deal <0f8b4466083130dfa7debce430f7747e@reply.craigslist.org> Mar 15 (1 day ago) to f2hnn-65041430. Original craigslist post: https://columbus.craigslist.org/trd/6504143066.html About craigslist mail: https://craigslist.org/about/help/email-relay Please flag unwanted messages (spam, scam, other): https://craigslist.org/mf/972553ffcd59c491b6b94b629ae6216098f8ae60.1 Attachments area Click here to Reply, Reply to all, or Forward ReadMe.txt
  13. I, too, received the same type of e-mailed response to a Craigslist job posting I had listed. It appeared to be an attached CV, which had to be opened w/ a password. Ironically, when I was reading through previous posts, it was even the same password? "5558"? However, I thought that my virus software did not allow this to be opened, since I immediately received a notification? Unfortunately, a few moments later I received a 'ransom' note w/ instructions on how to purchase special decryption software to receive 'my RSA private key' if I ever wanted my files back?! There were instructions on how to open a tor browser, etc. I have not proceeded with any actions at all on my computer--not even restarting in safe mode. Just curious if any progress has been made regarding this ransom-type file encryption? I received this craigslist e-mail on Wednesday, March 7, but did not open it until Sunday, 3-11-18.
  14. Hi, First I have seen of this I have a Windows server 2012 essentials and yesterday I got a error, it will not boot up, sits on black screen advising me to email scryptmail.com and they will provide me with a password. Have I got a ransomware virus, do I have any options ? Thank you in advance.
  15. I can't remove sigma ransomware in either regular or safe mode using newest Malware Premium. What should I do?
  16. Hi, First I have seen of this I have a Windows server 2012 essentials and yesterday I got a error, it will not boot up, sits on black screen advising me to email scryptmail.com and they will provide me with a password. Have I got a ransomware virus, do I have any options ? I know I can wipe the hard disk and start again but I dont have a backup and the data is important. Anyway does anyone know the name of this new virus ? Thank you in advance.
  17. So, this may be entirely unreasonable in a productivity sense, but I have been thinking about a ransom software firewall that would essentially remove almost all ability for even unknown ransomware threats to truly be feasible in large scale attacks. The unreasonable part I will start with in that, this is an entirely different approach to security than normal. Generally, almost all IT software that must be maintained on systems approach security as well as others interests with the idea that productivity first and foremost are the most important aspect of IT. There was also a time in history when productivity was more important than employee safety, and as time went on this has mostly changed. I believe too, with IT security, there is a change coming from where instead of approaching security with productivity being the leading factor forcing an allow all ideology unless otherwise known to be malicious in nature to the opposite, where security concerns and breaches will outweigh the gains in productivity to approach security in this manner, and at this time, like productivity and worker safety, they will invert, and security will become more important than productivity which will spur a new way of thinking of security instead of an allow all unless otherwise known to be malicious, it will be the block all unless otherwise known to be good. We have already reached this point with firewalls and so on, which was not always the case before. With this thinking, it makes me wander if creating a true ransomware soft firewall would be in line with this notion. In ransomware, there is primarily one major flaw that can be exploited to be used against itself in my opinion which ties almost all ransomware together in this one flaw. Encryption requires a key, there are only two true ways of creating an encryption key, there are PSK's, pre-shared keys, which are not suggested to be used unless necessary and in large deployments they are essentially their own undoing because there are more "victim" machines to manipulate to garnish this PSK from and that is the flaw in the PSK method, rendering it a less secure way of creating encryption keys and as such, easier to "break" the encryption key or acquire it by other means such as decompilation of malware, and so on. The only other method for creating encryption keys, which all Ransomware and encryption requires, is to use the RNG(Random number generator) chips and functions to create a truly unique string to be used as a key. In this method, because each key is random and unique, and usually the formulas are not reversible, you cannot find, acquire, or break the decryption key, with a single victim machine using this key. As such, I believe creating software with signatures to block all calls to RNG's chips/functions first and foremost, and have a whitelist function to allow bypassing of this check or block, would be one way of stopping almost all credible Ransomware threats known and unknown, while PSK ransomware will be it's own undoing in the long run. Mostly, while others do for one reason or another, RNG calls are used in encryption and gaming. As such, whitelist could be pre-filled with known good software for encryption and games, etc, while blocking anything else from creating uniquely random strings. I do not have the experience to write the signatures myself, so I am not sure if this is a reasonably effective way of blocking ransomware. Does it seem this might be worth pursuing or researching from other more experienced security engineers?
  18. Thanks for your help. I've been getting about 10 "Blocked Websites" a day for the past 3 days or so. The IP is always the same, but the ports change and I haven't seen the same port used twice. Also, yesterday, I went to a normal site, Google or something, and a ransomware/hijacking page popped-up immediately warning me with loud audio to not touch my machine, etc. I had my laptop unplugged and battery out w/in 5 seconds so I can't say any more about it, except that it was an obvious browser hijacking. I'm mad paranoid about having an issue, even though aside from these two issues, there's no hard evidence of infection. I followed your instructions and have attached the log files. Thanks! Farbar Recovery Scan Tool X MB-Check X mb-check-results-AMISHCYBORG.zip
  19. lucasleolima

    Ransomware .java

    Boa tarde! Recentemente a empresa eu eu trabalho foi atacada por um ransomware e criptografou todos os arquivos de rede em .java. Está unidade não possui backup. Gostaria de saber se há alguma aplicação que possa descriptografar estes arquivos, São 6 anos de dados levantados. Obrigado!
  20. I should thank to Malwarebytes to remove the Ransomware from my PC. unfotunately, it doesn't fix my computer completely. i read a post so i run the same thing like it was told. please help me to analyze my FR i should fixST and Addition file reported by farbar recovery tool. what i should do next? Addition.txt FRST.txt
  21. Hi all, Recently my company do have this kind of file xxxxxx.png.id-7E8DD729.[newSanta@protonmail.com].java, I would this is Ransomware, but when I use Malwarebytes to scan, it doesn't detect anything.
  22. Hello, I am running the latest Malwarebytes as of 25 December 2017 (3.3.1), and the Ransomware protection is not honoring whitelists. It used to be the Website Protection layer that did that, now it's the Ransomware Protection. To wit: My cygwin installation is at D:\cygwin64 I have added D:\cygwin64 to the Exclusion list I have tested initialisation speeds, disabling one protection layer at a time. Only when Ransomware Protection is enabled does the shell take longer to execute commands.
  23. Hi my network has been infected with Troldesh Ransomware. I'm picking up lots of viruses with malwarebytes but would like to try trace source of infection or understand what else I can do to make sure Troldesh isn't still active
  24. DearWebby

    New ransomware?

    From a subscriber: Just had an internet security alert on my computer. Audible and would not let me do anything to shut it down. I ran the Malwarebytes and also Spybot. Nothing showed up. I did "shut down" and restarted. It said to call Windows Tech support. ------- That sounds like typical ransomware to me. Normally MalwareBytes takes care of those. Is this a new type not yet recognized? The user is smart enough not to call the number. What do you recommend?
  25. Got a warning while testing a legit software program SilentPrint3 which allows a user to drop a file onto a designated folder and have it print automatically. I downloaded the program from their Web Site and ran Norton security on it before using. Like Malwarebytes the program goes to its web site to document the license and I believe uses a proxy server it creates. The log from Malwarebytes says: -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr4.AnyCPU.exe, Quarantined, [0], [392685],0.0.0 Is it possible this is not true ransomware? The program doesn't work after the exe is Quarantined.

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.