CTB Locker with Anti-Ransomware Beta

[Hercule8]

Hi,

I had CTBLocker on my computer and it seems your product (Anti-Ransomware Beta version 0.9.5.304) detected the locker, but I still get the message that my files are encrypted, even aren't  (see in attachment).

[Khadijah]

Did you see your files in quarantine?

[daledoc1]

Hi, @Hercule8:
 
Welcome.
 
The behavior you describe sounds like a known bug that was reported with the first beta version (the ransomware is stopped, but the user still sees the "pop-ups" and dialog windows).
It's possible that it has not yet been fixed.
Alas, the original sticky topic about it appears to have been removed, so I cannot confirm that.
We'll need to wait for one of the staff members.
 
Having said that, if you really were infected with ransomware, you might want to get a bit of free, expert help cleaning up the system.

Such work is conducted in a separate forum area reserved for that work, or at the help desk.

If you'd like to proceed, I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue - the helper will guide you through scanning, cleanup and repair.

Thanks,

[1PW]

Hello Hercule8 and

Please create the following files for developer analysis:

Create a ZIP file of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP file of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped files to your next reply.

 

Additionally, if the system has not been updated with MBARW 0.9.12.336 (beta4), please manually download/install.

Thank you for beta testing MBARW and your feedback.

[tetonbob]

Hi Hercule8. Thanks for your report.

Please see what Nathan posted earlier about the ransomware notes.

 

I think it did quite well for beta 2 It stopped the 2 most popular ransomwares completely, and only allowed the last one to encrypt 2 files before it was found.
 
As for the ransomware notes, these will be dealt with later on, but the most important thing in this beta was protecting our users files.

[Hercule8]

Hi!

I attached the logs. Have I any chance to don't have the message of cryptolocker on my desktop? It seems I can't update your software with the latest version. 

logs.zip

Malwarebytes Anti-Ransomware.zip

[Decrypterfixer]

Hello Hercule,

 

Im not quite understanding your question. you are having troubles updating MBARW?

[Hercule8]

Hi!

Yes, I can't update the software. As you asked, I attached the logs. But the most important issue is that on my desktop I have this warning from CTB Locker, even the files are not crypted.

[tetonbob]

Hi Hercule8. As daledoc1 mentioned, you may want to follow the steps outlined here and have one of the malware removal folks take a look.
Available Assistance For Possibly Infected Computers.
 
That being said, it might just be something as simple as changing your desktop background.
Right click on your desktop, select Personalize. Change to a theme you want to keep. The CTB-Locker theme file in use can be located anywhere, but it might be in your Documents folder.
If you click on the "Desktop Background" link on the lower part of the Personalization screen, it should show you the location of the CTB-Locker theme being used.

It should have a name something like this:

Decrypt All Files xxxxxxx.bmp where xxxxxxx are random letters.

 

As far as updating the program goes, have you tried downloading the latest Beta 5 posted in this topic and installing over the top of your current install?