LumpiFromWales Posted February 23, 2019 ID:1300204 Share Posted February 23, 2019 I reinstalled Windows 7 on my Media Center last week. As part of the setup I installed a dodgy-looking exe file (CyberLinkDVD16, I have a valid paid-for key but I couldn't find the install files and the official download link doesn't work) I ran Malwarebytes straight after, everything was OK. 2 days later all my files were encrypted with extension 'crypted_luedtkis@feudtory_com', I have backups for the OS etc. but not for 4TB of TV shows (annoying but not the end of the world). Malwarebytes still didn't find anything! id-ransomware tells me this is GlobelImposter 2.0 There is also a post about this from bcj1998 Link to post Share on other sites More sharing options...
nasdaq Posted February 26, 2019 ID:1300815 Share Posted February 26, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === This is a bad infection. Find out what you have been infected with. Navigate to this page and let me know what you are dealing with.https://id-ransomware.malwarehunterteam.com/ Link to post Share on other sites More sharing options...
LumpiFromWales Posted February 26, 2019 Author ID:1300860 Share Posted February 26, 2019 id-ransomware tells me this is GlobelImposter 2.0:https://id-ransomware.malwarehunterteam.com/identify.php?case=4a86169d3b01d25554ca87fd462ba7500cdde36b Link to post Share on other sites More sharing options...
nasdaq Posted February 27, 2019 ID:1301002 Share Posted February 27, 2019 Hi, Not very good news. As suggested you can backup your compromised file. For now the only way to restore your compromises file is if you have backups of the file in an external medium. If you like I can remove the remnant items from your computer. Download the Farbar Recovery Scan Tool (FRST).Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions Link to post Share on other sites More sharing options...
LumpiFromWales Posted March 4, 2019 Author ID:1301907 Share Posted March 4, 2019 I have reformatted the infected system disk (offline) and restored from the backup so I can't run FRST on the system disk. I still have the encrypted data disk (recorded TV programs), should I run FRST on that disk? Also, WIndows 10 gives me a 'suspicious download'-type message when I try to run the FRST install, so I'm not too keen. Thanks Link to post Share on other sites More sharing options...
nasdaq Posted March 4, 2019 ID:1301960 Share Posted March 4, 2019 Hi, If you do the Farbar download from the link I gave you trust it. Run the program on the disk were Windows is installed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2019 Root Admin ID:1304022 Share Posted March 16, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts