Jump to content


Recommended Posts

  • I reinstalled Windows 7 on my Media Center last week.
  • As part of the setup I installed a dodgy-looking exe file (CyberLinkDVD16, I have a valid paid-for key but I couldn't find the install files and the official download link doesn't work)
  • I ran Malwarebytes straight after, everything was OK.
  • 2 days later all my files were encrypted with extension 'crypted_luedtkis@feudtory_com', I have backups for the OS etc. but not for 4TB of TV shows (annoying but not the end of the world).
  • Malwarebytes still didn't find anything!
  • id-ransomware tells me this is GlobelImposter 2.0

There is also a post about this from bcj1998


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

This is a bad infection.
Find out what you have been infected with.

Navigate to this page and let me know what you are dealing with.

Link to post
Share on other sites


Not very good news.

As suggested you can backup your compromised file.
For now the only way to restore your compromises file is if you have backups of the file in an external medium.

If you like I can remove the remnant items from your computer.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

I have reformatted the infected system disk (offline) and restored from the backup so I can't run FRST on the system disk. I still have the encrypted data disk (recorded TV programs), should I run FRST on that disk? Also, WIndows 10 gives me a 'suspicious download'-type message when I try to run the FRST install, so I'm not too keen.


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.