Jump to content

I think I got hit with a CBT Locker


Recommended Posts

Hello,

I just got hit with multiple adware and trojans and other viruses. Lots of weird stuff happened like the task manager got deleted/ hidden, popups everywhere, unwanted software downloads...

Was able to stop all that by installing ADWcleaner and Malwarebytes while the virus was having its effect and scan+quarantine. The virus tried to stop me from finishing the scan by spamming a fake "Malwarebytes" windows saying that you need to reboot system for changes to take effect(something of that sort) and I knew that they were fake because Malwarebytes still didn't finish scanning, but I kept pressing no until the scan got complete and I quarantined about 600 threats (getting me back task manager and stopping the weird stuff). Also gonna mention that I tried to stop some processes from powershell since task manager was gone and deleting stuff from the registry while that was happening.

The worst thing was most of my files got this added extension ".todarius". Tried renaming a video file to see if it was just a rename but the video didn't work after the rename so I am guessing the files got encrypted.

Is this a CBT Locker or is it some other thing that could be fixed.

If it is a CBT Locker can I know what I can salvage from my PC and if it isn't a fix would be great.

todarius.PNG.b453d83630f307d65e1c5e7eb030d3c7.PNG

 

 

Link to post
Share on other sites

These are the logs I'm getting from STOPDecrypter v2.1.0.1

Unidentified ID: mAzBFRI8IGs6xnwQj1FKkd99z4BKDPtTYc31Ua7P (.todarius )
MAC: 00:FF:8C:7E:53:1B
MAC: 50:B7:C3:45:A4:47
MAC: E8:03:9A:F5:8B:BB
MAC: 50:B7:C3:45:A4:46

Here are some files that got encrypted with a working version of them that I re-downloaded (don't know if that will help you find the encryption key by comparing the binaries of the files).

https://drive.google.com/file/d/1eUYlP5MhNyCZrsblOyrVL02qI0gECzjk/view?usp=sharing
https://drive.google.com/file/d/1Ggevluk_WwOUX2UbFM5g-36GIVfjZMaG/view?usp=sharing

 

Edited by AdvancedSetup
Removed live hyperlink
Link to post
Share on other sites

  • Root Admin

I'm sorry, but at this time there is no decryption available for the files that I'm aware of. As with many others, your best bet is to remove the hard drive and store it away in case someone does find or make available a key to decrypt the data. Get a new hard drive and reinstall Windows. Then going forward ensure the computer is better protected and that you have backups for all of your data.

 

If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. 


If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though)

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock for Internet Explorer
How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018

This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

Thank you for choosing Malwarebytes and tell your friends and family too. We're here to help.


Ron

 

 

Link to post
Share on other sites

Guessed So.

I already use Firefox and uBlock Origin. Its just that I was downloading a cracked software from a torrent that had 6000 seeder (Guess its my fault not having my antivirus on while downloading anything cracked) Then while installing I pressed on customize installation and saw that multiple other software was checked so I unchecked them and thought these were the malware. But after I pressed Install things BAM.

Oh and on a side note I just remembered that 1 of the tabs that were popping out was something like “IMG.. IP logger” in the title of the tab. Should I worry about that?

Link to post
Share on other sites

  • Root Admin

I'm sorry but admitting you're stealing software means I cannot assist you.

Scary stuff though as you don't know if they have inserted a backdoor and may encrypt the data again or using some other method. If it were my computer I would fdisk, format, and reinstall Windows clean. Then use VT to scan my own personal data. Then think about what you're doing. Is it really worth it? You got your data back this time, you might not be so lucky next time. Typically no one goes to jail for this type of theft but is it really worth risking potentially being the scapegoat and going to jail over a piece of software? Don't mean to preach, but risk vs. reward just doesn't make much sense to me.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.