Jump to content


Recommended Posts


the desktop icons of our SBS 2008 server have all been renamed with 'Vegclass@aol.com.xtbl.

This apparantly means we've been infected with a ransomware virus.

Apparently the desktop has not been altered, nor our files (on the E-drive).

I have run mbam, our ow Panda Endpoint protection, Eset rogue application remover, microsoft malicious software removal tool.

All with no results.

Can you please advise? This is our main server.

Thanks in advance!


Link to post
Share on other sites

  • 2 weeks later...

Hello Thomas.

While we can remove the infection, we can't cure or resurrect the corrupted /encrypted documents & files.
This crypto-ransomware variant looks like Trodesh ( Shade) variant. You should  checkout this thread at Bleepingcomputer forum

I always regret to see anyone be a victim to these types of malicious destructive infections.  The news is never good.
This infection is not a normal type of infection. It is very vicious and has done all the damage already before it even gives you the first clue.
By the time you see the first warning, it is all done & has damaged your personal documents.
If your computer is on a network, physically disconnect it from the network.
There is nothing we can do to restore the files you did not backup.

And since this is about a server, the best thing to have done and safest long-term was to do a restore from a recent backup image.
Backup if your best friend.

As far as recovering damaged documents......
As far as I know, there is no known decryptor.
Unfortunately, there's little that can be done to restore those in most cases, but sometimes you can use the "Previous Versions" tab on a file's properties to regain access to the encrypted file. Using a tool called Shadow Explorer can also help, but in many cases, neither of these will work.

Malwarebytes detects against variants of ransomware. However, no security application can detect and remove all threats, it's a statistical impossibility.

Security vendors across the board will miss this as new variants are created to avoid detection.

This infection relies mostly on user execution via opening an attachment from an unknown email source.

For most variants, there's no known tool to fix any corrupted documents at this time.

We can remove the infection, we can't cure or resurrect the corrupted /encrypted documents & files.

One final caution, our consumer software is not supported for use on Server operating systems.  We do offer a range of programs for business systems.  You can see the list on this next link   https://www.malwarebytes.com/business/

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.