Hercule8 Posted February 8, 2016 ID:1018085 Share Posted February 8, 2016 Hi,I had CTBLocker on my computer and it seems your product (Anti-Ransomware Beta version 0.9.5.304) detected the locker, but I still get the message that my files are encrypted, even aren't (see in attachment). Link to post Share on other sites More sharing options...
Khadijah Posted February 8, 2016 ID:1018086 Share Posted February 8, 2016 Did you see your files in quarantine? Link to post Share on other sites More sharing options...
daledoc1 Posted February 8, 2016 ID:1018087 Share Posted February 8, 2016 Hi, @Hercule8: Welcome. The behavior you describe sounds like a known bug that was reported with the first beta version (the ransomware is stopped, but the user still sees the "pop-ups" and dialog windows).It's possible that it has not yet been fixed.Alas, the original sticky topic about it appears to have been removed, so I cannot confirm that.We'll need to wait for one of the staff members. Having said that, if you really were infected with ransomware, you might want to get a bit of free, expert help cleaning up the system.Such work is conducted in a separate forum area reserved for that work, or at the help desk.If you'd like to proceed, I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.A malware analyst will assist you with looking into your issue - the helper will guide you through scanning, cleanup and repair.Thanks, Link to post Share on other sites More sharing options...
1PW Posted February 8, 2016 ID:1018088 Share Posted February 8, 2016 Hello Hercule8 and Please create the following files for developer analysis:Create a ZIP file of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\Create another ZIP file of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\Please attach the above zipped files to your next reply. Additionally, if the system has not been updated with MBARW 0.9.12.336 (beta4), please manually download/install.Thank you for beta testing MBARW and your feedback. Link to post Share on other sites More sharing options...
Staff tetonbob Posted February 8, 2016 Staff ID:1018115 Share Posted February 8, 2016 Hi Hercule8. Thanks for your report.Please see what Nathan posted earlier about the ransomware notes. I think it did quite well for beta 2 It stopped the 2 most popular ransomwares completely, and only allowed the last one to encrypt 2 files before it was found. As for the ransomware notes, these will be dealt with later on, but the most important thing in this beta was protecting our users files. Link to post Share on other sites More sharing options...
Hercule8 Posted February 10, 2016 Author ID:1018523 Share Posted February 10, 2016 Hi!I attached the logs. Have I any chance to don't have the message of cryptolocker on my desktop? It seems I can't update your software with the latest version. logs.zipMalwarebytes Anti-Ransomware.zip Link to post Share on other sites More sharing options...
Decrypterfixer Posted February 12, 2016 ID:1018985 Share Posted February 12, 2016 Hello Hercule, Im not quite understanding your question. you are having troubles updating MBARW? Link to post Share on other sites More sharing options...
Hercule8 Posted February 13, 2016 Author ID:1019272 Share Posted February 13, 2016 Hi!Yes, I can't update the software. As you asked, I attached the logs. But the most important issue is that on my desktop I have this warning from CTB Locker, even the files are not crypted. Link to post Share on other sites More sharing options...
Staff tetonbob Posted February 14, 2016 Staff ID:1019277 Share Posted February 14, 2016 Hi Hercule8. As daledoc1 mentioned, you may want to follow the steps outlined here and have one of the malware removal folks take a look.Available Assistance For Possibly Infected Computers. That being said, it might just be something as simple as changing your desktop background.Right click on your desktop, select Personalize. Change to a theme you want to keep. The CTB-Locker theme file in use can be located anywhere, but it might be in your Documents folder.If you click on the "Desktop Background" link on the lower part of the Personalization screen, it should show you the location of the CTB-Locker theme being used.It should have a name something like this:Decrypt All Files xxxxxxx.bmp where xxxxxxx are random letters. As far as updating the program goes, have you tried downloading the latest Beta 5 posted in this topic and installing over the top of your current install? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now