Jump to content
Phil92

Ransomware detected on Windows 10 1803

Recommended Posts

Hello,

I was forced to shutdown my Computer after I found out that parts my Harddrive have been encrypted. The were renaimed with a contact Email but I do not remember.

Since Bitlocker is used on my Computer and on all three Devices, how do I proceed from here?

Thanks for any advice in advance.

Phil

Share this post


Link to post
Share on other sites

Since I cant find an option to edit my first posts, here an Update:

Encryption happend yesterday morning, I was hacked due to a weak password on one of the RDP-Accounts. This User had very limited access-rights and therefore the damage is not too hard.

ID of the ransomware:

image.png.ab4122ef549f8852814c4d3ec8b4ca50.png

 

How can I remove this?

 

Thanks

Phil

Share this post


Link to post
Share on other sites

Hi Phil :)

Sadly as stated by ID-Ransomware, the Ransomware variant you were hit with cannot be decrypted for free. The best thing you can do is to back up the encrypted files and hope that a free decryption solution will be released in the future.

Do you think that the Ransomware is still active on the system, and that's why you're seeking assistance here?

Share this post


Link to post
Share on other sites

Hi,

 

Yes I think, there is still Software active since I'm getting these messeges via Windows Defender:

image.thumb.png.f4749632e35f24c04ca4d825af6860c5.png

Is basically says that "This Program is dangerous, it can execute commands from an attacker.

 

Thanks,

Phil

Share this post


Link to post
Share on other sites

Is this a business/corporate workstation? Are you able to upload that tvsptl.exe file to VirusTotal and provide me the report URL?

Share this post


Link to post
Share on other sites

No, its my private computer. I don't know where to find this file. It says: "file: \\tsclient\B\54321\tvsptl.exe"

Share this post


Link to post
Share on other sites

If you copy/paste this in Windows Explorer and try to access it, can you?

\\tsclient\B\54321

 

Share this post


Link to post
Share on other sites

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Share this post


Link to post
Share on other sites

Hi Phil,

Are you still with me?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.