Jump to content

Laptop infected with some ransomeware, all files now with ext .0x0

Recommended Posts



Please help me !


Today my Laptop got infected with some ransomware ? All files (video, mp3, photos, words, excel etc.) are now with extension .0x0. Tried renaming by removing .0x0 but no use.


There is text file kept in each folder says that if I want my files back then I should e-mail them.


If any1 knows about this, please help in getting my files back..




Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:


1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products, Windows), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.



 Please enable your system to show hidden files: http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Make sure the rootkit scan is enabled

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)


2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.


New window that comes up.



3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

You can also use this version of RogueKiller which works on both 32 and 64 bit:

RogueKiller 32 & 64 bit

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)




Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>Sometimes when clearing out an infection the winsock stack will become corrupt and you'll loose your internet connection. To resolve this....reset the stack as outlined HERE

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Thank you Mr Charlie for taking time to volunteer to help  me with this menance..


Apologies for late posting...I followed all your instructions...


First I uninstalled utorrent, also would like to declare that I am not using any illegal software...all software are  either licensed to me or is Free/Trial version.  


After the infection I uninstalled AVG free edition that came with my laptop and have installed Kaspersky 30 day free version which I would eventually buy inn couple of weeks...


Also it has infected folder under user..that is desktop,  My Pictures, My Videos etc..No infection in C: Drive all files there are safe..


Infected files (word excel videos photos have ext .0x0 renaming didn't help.. Can't do system restore no restore point available before infection...


Here is Malwarebytes results...

Malwarebytes Anti-Malware result.txt


FRST Log and Addition




Link to post
Share on other sites

Also here is rogue killer report...


RogueKiller V10.10.6.0 (x64) [sep 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pujusuju [Administrator]
Started from : C:\Users\Pujusuju\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 09/26/2015 18:06:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 +++++
--- User ---
[MBR] 64713737c037213dca130b95b334eb19
[bSP] f013ff1ae1fa18eff35f87b75b8dcc9d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15872 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 32507904 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 32712704 | Size: 460966 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



Also would like to tell you that yesterday night I started off Guest user also, Previously had only 1user.that is password protected admin account..


Scan now shows no infection but how to get back files have running many malware anti virus..since infection like panda, trendmicro Kaspersky malwarebyte...but no luck


Please help me I just want to get my photos back....

Link to post
Share on other sites

The logs show some adware/spyware but no malware that I can see.

This infection looks like something new so there's no info on it...but it looks like the typical ransomware virus.


It looks like you tried these methods to retrieve your files already:


Let me do some more research and I'll get back to you.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.