Jump to content

Malwarebytes not finding 'ykcol virus

Recommended Posts

I had a comprehensive locky virus attack yesterday.  I attempted to identify / disinfect the virus on  my laptop using malwarebytes but neither this programme,  nor HitmanPro was able even to find the virus.  I subsequently tried another 7 malware removal tools, and none could find the virus.  Any ideas / suggestions / assistance would be very welcome as I can't use this machine until I am confident that it is clean.

Link to post
Share on other sites

Hi Dr_Sam :)

If you've been infected with the ykcol variant of Locky, and all your files have been encrypted, then the main payload is most likely gone by now, hence why Malwarebytes, HitmanPro, etc. aren't detecting anything. Also, files encrypted by this variant cannot be decrypted for free at the moment, so you should either restore them from a recent backup, or save them somewhere else safe in case a free decryption solution gets released in the future.

Link to post
Share on other sites

Thanks for your reply.  I can reinstate the data files from Dropbox, but they insist that the infected pc is disinfected first. The encryption of my data took only seconds, so are you saying that the only time the virus is available to be found and removed by Malware bytes is between the time I foolishly unzipped a file (in my defence exactly the kind of thing I happened to be expecting) and when it has finished it's dirty work?  That's just a few moments! - makes ransomware removal tools seem kind of pointless? 

Link to post
Share on other sites

The time it takes to encrypt your files depends on how many of them it have to encrypt and your computer specs. Sometimes it can take seconds like it can take minutes or even hours.

We can take a look just in case to make sure that the payload is indeed gone.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.