Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Ransomware left me with .utiloc files - help! please


Recommended Posts

I cannot find *anyone* or anywhere with an answer. has anyone heard of this? several months ago i got a ransom and i thought it was fake. it converted my .jpg and .doc files (at least) to an additional extension entitled .utiloc.

anyone have *any* suggestions?? it would mean a lot. i lost a host of travel photos from asia and all my song lyrics. (yes, i am an idiot for not backing up).

 

any help is greatly appreciated,

 

jl

Link to post
Share on other sites

Hello austin72 and welcome to Malwarebytes....

Can you zip up and attach one of each of the .jpg and .doc files that have been encrypted...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.

Thank you,

Kevin...

Link to post
Share on other sites

Thanks for those files, unfortunately there is no way of decrypting your files at this present time. I know that is not good news, the only advice available is to keep those files incase a fix is found at a later date...

Read at the following link, you may find this useful: https://www.sophos.com/en-us/support/knowledgebase/119006.aspx

Next,

There are two anti-virus progrmas active on your system, that is counterproductive and will cause issues for your system. Avira and McAfee are installed, the later is a full suite so shopuld be kept, Avira should be uninstalled asap... Read how at the following link:

https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run the following scanner:

Please download Security Analysis by Rocket Grannie from here: http://rocketgrannie.spywareinfoforum.org/RGSA.exe
 
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.



Note: The link to the most current version of the program will always be in the first post of this topic.
Note: (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run to continue.)
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

Please post the logs in your next reply....

Thank you

Kevin...

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.