[[Template core/front/global/favico is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]] Jump to content

ransome ware detection failed


Recommended Posts

Hello nashville and :welcome:

A Malwarebytes' staffer/ MBARW Beta developer has been requested to weigh-in and possibly request additional data. If the files that have become encrypted are still present,  are you able to detect encrypted files whose filenames have had their filename extensions changed? If so, what is their new extension please? If you are able, please try to determine the approximate date and time of the infection and report that too in your next reply to your thread. Was/is your system backed up such that a restore will mitigate most/all damages?

Please create the following archives for staffer/developer team analysis:

Create a ZIP archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Data files were encrypted.  Fortunately, except for the workstation that got infected, we were able to get all files restored from backups.  The workstation was also connected to a dropbox account and the files there were encrypted also.  I will attempt to get the requested files to you first thing in the morning.

Link to post
Share on other sites

Hello nay4you and :welcome:

If you can leave the computer as is (except for the procedure below), a Malwarebytes staffer or member of the development team will be weighing in soon.

In the meantime, please try to create the following zipped archives for developer team analysis:

Create a zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply and then do a conventional Windows uninstall & reinstall of Beta5, MBARW 0.9.14.361 and include the status of the system's issue in your next reply.

Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

If you need help trying to cleanup, repair the computer please let us know @naj4you

Clean up or format and reinstall of Windows if needed is possible but data recovery is not. One may be able though to remove the drive and set it aside in the hopes that a future restore method is found. In some rare cases keys or methods to recover data have been found but not for most of the current infections.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.