Jump to content

Constantly hit with Ransom viruses

yokatta

By yokatta
in Resolved Malware Removal Logs

 Share

Recommended Posts

yokatta

yokatta

Posted
Posted

I run Malwarebytes premium and windows defender together.  I have been hit with Ransomware and other viruses that are usually blocked before they destroy everything, but still makes it a huge PITA.  These are hitting a computer that is never on the internet, except its used to remote into via remote desktop.  I got frustrated and completely replace the computer and it's still happening (moved data over).  Despite not being on the internet, Malwarebytes  is constantly blocking websites according to the log.  Just looking for help in where I can look and what I can do to prevent this!  Any help would be great.  Thanks!

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Please re-run FRST, but this time, only check the "Addition.txt" option under "Optional Scan", and make sure that every options under "Whitelist" are checked. Because right now the logs are quite big and it'll be harder to go through them as I don't need a lot of information they contain.

Link to post
Share on other sites
Aura

Aura

Posted
Posted (edited)

In situations where we don't know what the issue is, yes it's true that more information is better. But in your case, we have a pretty good idea of what's happening, so there's no need for it :) According to the encrypted file names I can see in your logs, you've been hit with a variant of the Dharma Ransomware.

https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-topic/

Unfortunately, there's no way to decrypt files encrypted by the variant you have been hit with for free.

Here, let's see if the FRST fix can take care of everything in one go.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Edited by Aura
Link to post
Share on other sites
yokatta

yokatta

Posted
  • Author
Posted

I will have to wait and see.  The last website blocks were at 5:04am this morning, I will let you know tomorrow.  But hopefully ok.  REALLY appreciate your help.  I have another computer just like it that got hit the same way.  Should I start a new thread for that one?  

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.