Jump to content
akmalfaiq

Lucky Ransomware - How do I get rid of it?

Recommended Posts

Hi.

My colleague's downloaded and opened an email attachment that was suspected to be a malware/virus.
Malwarebytes scan does not reveal any infection but checking the temp folder we found files eg. "Lucky10900-AIVMFile" that is suspected to be a ransomware.
It seems that only some files are affected ie. you will only find it in temp file when you open the affected files.
However, none of the files have been locked yet.

Is there any way to remove these?

Share this post


Link to post
Share on other sites

Hi Aura.

Thanks for the reply. There hasn't been any note or encrypted file yet, but you refer to the screenshot below to see what happens when I open a specific software that triggers it to create file marked "Lucky". I tried uploading the file to the link you've given but it came back saying the website has been shifted or something. Is it like a counter measure or something?

image.png.26415620d5076707fb4c3f78880df35f.png

Thanks

Share this post


Link to post
Share on other sites

Can you provide me a screenshot of what happens when you try to upload one of these files to ID-Ransomware?

Share this post


Link to post
Share on other sites

Hi.

You can refer to the posting above. Those are the files I've upload to the ID-Ransomware. As I've stated before, the files on the pc is not yet encrypted and there's no ransom note. But these files will appear each time I open a certain file.

Thank you

Share this post


Link to post
Share on other sites

Which file are you trying to open?

Share this post


Link to post
Share on other sites

Hi.

So far the "Lucky" file will be visible in the Temp folder when I open an Illustrator file with a image link. If the Illustrator file I've opened is without a link, then the "Lucky" file won't appear. I've also try uploading the Illustrator file to the ID-Ransomware, but the results shows no sign of infection. 

Thank you

Share this post


Link to post
Share on other sites

Looks like these files are generated by Illustrator from what I can find online, so I don't think that you've been hit with a Ransomware. They're all the same size too.

Share this post


Link to post
Share on other sites

Well that's good news. How do I know that a computer is infected with a ransomware? And will it be okay for me to send the Illustrator file to other computers?

Really appreciate with all your help and sorry for taking your time on helping me with this matter :) 

Share this post


Link to post
Share on other sites

If you want, you can upload the file to a cloud service (Dropbox, Google Drive, etc.) and PM me the download link for it so I can check it out.

And usually, if you're infected with a Ransomware, either all your files (not the ones in the Temp folder) will renamed, an extension will be added to them or you won't be able to open them anymore. In addition of having ransom notes all over your computer (in your folders, on your desktop, etc.).

Share this post


Link to post
Share on other sites

Hi Aura,

I tried uploading the files to you via WeTransfer, but the upload remains at 0%, at its been so for a while now. I can sent to you the Illustrator file but I'm afraid it might infect your PC as well since my colleagues and I transfer the Illustrator file to a clean PC and now the "Lucky" files can be found it the clean PC as well.

image.png.735103d1260c8e139d4a77d9d996f55a.png

Thank you

Regards,

Faiq

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.