Jump to content

Ransom Virus Help


Recommended Posts

No it says its clean.  No blocked websites here since 4/13/17.  But blocked a ransom virus yesterday, see report.  Here is an example of an encrypted file, but this may have been from the other computer as they are on the same network.  Like I said in the other post, I've been a magnet for ransom viruses.  And that's without using the internet on these computers.

DMUtil.dll.id-2CF3B315.[nicecrypt@india.com].wallet

 

ransom report.txt

Link to post
Share on other sites

The file you mention was infected with a variant of the Dharma Ransomware (the same one that infected your other computer). However the ransom note on this computer is from the Fantom Ransomware.

Both of them are dropped manually by crooks who bruteforces weak RDP passwords, force their way in the system and then run the payload. Is RDP enabled on these two computers? Or at least one computer on the network?

Link to post
Share on other sites

RDP is enabled in the first one you helped me with. That's good to know. I had problems in the past and completely replaced the computer and changed passwords. Guess I will try changing them again.  Would changing the RDP port help?  Thanks again for your help. Your awesome!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.