Jump to content

Ransom Virus Help


Recommended Posts

Hi again yokatta :)

It's weird, I see the ransom notes in the logs of that computer, but no encrypted files, or malicious payload. Can you attach one of the "README.txt" file located on your desktop in your next post so I can see it?

Link to post
Share on other sites

It looks like you've been infected with Fantom Ransomware from what I can see.

https://www.bleepingcomputer.com/forums/t/624805/fantom-ransomware-help-support-topic-fantom-extension-decrypt-your-fileshtm/

Like I said, I don't see anything malicious in your logs. If you scan your computer using Malwarebytes, does it comes up with anything?

Link to post
Share on other sites

No it says its clean.  No blocked websites here since 4/13/17.  But blocked a ransom virus yesterday, see report.  Here is an example of an encrypted file, but this may have been from the other computer as they are on the same network.  Like I said in the other post, I've been a magnet for ransom viruses.  And that's without using the internet on these computers.

DMUtil.dll.id-2CF3B315.[nicecrypt@india.com].wallet

 

ransom report.txt

Link to post
Share on other sites

The file you mention was infected with a variant of the Dharma Ransomware (the same one that infected your other computer). However the ransom note on this computer is from the Fantom Ransomware.

Both of them are dropped manually by crooks who bruteforces weak RDP passwords, force their way in the system and then run the payload. Is RDP enabled on these two computers? Or at least one computer on the network?

Link to post
Share on other sites

RDP is enabled in the first one you helped me with. That's good to know. I had problems in the past and completely replaced the computer and changed passwords. Guess I will try changing them again.  Would changing the RDP port help?  Thanks again for your help. Your awesome!

Link to post
Share on other sites

If you learn how to secure your RDP (users, strong passwords, etc.) you should be fine, as crooks are usually bruteforcing into RDPs that have weak passwords (like default ones). Though you can change the RDP port if you wish as well.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.