Jump to content

Recommended Posts

Hi,

Yesterday I attracted the Spora ransomware (described here https://malwaretips.com/blogs/remove-spora-ransomware/)  through a "Hoefler text font wasn't found" scam (described here https://malwaretips.com/blogs/remove-the-hoeflertext-font-wasnt-found-virus/). I managed to stop the corruption of my files, through a combination of closing down internet when I realized what was happening, deleting the exe file I had downloaded and possibly by running my anti-virus (Panda Endpoint Protection). Therefor windows back up compies of most of my files are still uncorrupt for most of my files which is of course very good. My problem then. The Panda Endpoint Protection only removed a a .txt file identified as a cookie. This can hardly be the Spora ransomware. I myself permanently deleted the exe-file I had downloaded but I would guess that the program had put itself in more places after being installed. Malwarebytes, Windows defender or Panda Endpoint protection cannot find any malware/virus on my computer, but since nothing has been found I think that I am still infected and am worried about going online once again. Do you have any tips? I have been running all my virus-searches offline and got Malwarebytes by downloading the exe on another computer and then installing it through a usb. Do I have to go online in order to fetch updates? I would guess that since I downloaded malwarebytes today it would have all the updates needed to find Spora.

Maybe the reason Spora stopped corrupting my files is that I went offline and if I go online it will continue?

I know for a fact that I was indeed infected by the Spora ransomware through a ransom-note saved in my C: drive.

Thank you very much for all possible insight.

Best,

August

Link to post
Share on other sites

I also made the mistake to run what looked to be a fonts add-on to Chrome?  I caught myself after a minute and shut down chrome, deleted the .exe and restarted to run Malware-bytes.  I believe that MB caught the virus and removed it, however... every-time I restart my (windows 07 x 64) machine the ransom note pops up??  I close it and that seems to be all there is to it?

I am very anal about my/our workstations, this one in particular is pretty new at 15k and I would very much like to know that all traces of this "ransom-ware/virus" are gone!?  Starting with the removal of this login pop-up note?  How do I remove it?  > step by step would be much appreciated... thanks

Link to post
Share on other sites

Exactly the Spora was packaged in the fonts add-on for Chrome.

For me the link for the auto-start pop up about Spora was saved directly under C: so you could probably just remove it from there.

Did Malware-bytes find anything for you then? I am worried about turning on internet again since neither anti-virus actually removed anything from my computer and I don't wanna give the malware another chance to infect my files again.

 

/ A

Link to post
Share on other sites

I actually do not believe my files to be infected/effected?  Perhaps I caught it early enough but I dont think so since the ransom note continues upon reboot.  I continue to use the workstation as usual and have not noticed any problems...  Everything seems normal... except that annoying pop-up?  I did find some file(s) within the C drive that I removed hoping that it would eliminate the pop-up, as I read it would.  It did not :(

Link to post
Share on other sites

  • 3 months later...
  • 2 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.