Jump to content
NasFar

My Windows has the .DALLE ransomware

Recommended Posts

Hello everyone,

 

I am here to inform you that I have not been able to open malwarebytes on my windows computer nor was I able to open any other app. All files, videos and pictures look white and have .DALLE extension and cannot be opened.

 

I tried to boot into safe mode, use malwarebytes chameleon, but nothing worked and the app doesn't run.

 

Can anyone please help me solves this issue. It's 4:30 AM, haven't slept and I am typing from my phone because I am unable to use my PC.

 

Please help!! :(

Share this post


Link to post
Share on other sites
Posted (edited)

Hello Nasfar,

I am very sorry to read all this.  It would seem this pc does have an encrypting ransomware infection.   And one that uses some new type not heard of before.

Could you see if you can do some preliminary report type tasks.   IF your Windows pc cannot run / start Windows and work, then you will not be able to run these basic reports.

[ 1 ]

Can you upload a ransom note or encrypted file to ID-Ransomware, and copy/paste the results of the report here?

https://id-ransomware.malwarehunterteam.com/

 

[ 2 ]

There is a report tool named Farbar.  It does not make changes to the system.  It is used to make a report that provides some details & will help us to help you.

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

P.S.  Please be very sure you tell us

the version of Windows on thic machine +

IF you have offline backups of this machine from before the infection,

IF you have a Windows operating system DVD or rescue disc from before this ransomware infection

 

Sincerely,

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hello Maurice,

Thank you so much for your prompt response.

The machine I run has windows 10 Hime. I am actually able to turn it on, login and use it, but it randomly opens up chrome with ad sites and it does it every 30 seconds or so, one tab after another. Cannot install any anti-virus program, play any video or song, nor can I run windows defender offline.

I wasn't able to use the first program you referred to (randomware) because you did not provide me with precise instructions. Fortunately, I was able to run Farbar recovery tool and I attached the files you indicated.

I really appreciate your support. My machine has many valuable files that I need for work and now they are unusable because of the .DALLE extension that appears on all my past regular files (pictures, videos, documents, etc.) I tried to connect my USB driver and got infected with .DALLE extension too :(

Thanks.

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Btw, I was able to upload a sample of one of the .DALLE files on my pc to Ransomware and these are the results:

 

1 Result

STOP (Djvu)

 This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

  • sample_extension: .dalle
  • sample_bytes: [0x3E4B5 - 0x3E4CF] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D

 

Click here for more information about STOP (Djvu)

Share this post


Link to post
Share on other sites

My instinct was just that.   That the ransomware is a new variant of the STOP -Djvu family of ransomware.

I would point you to study the Topic on that ransomware at Bleepingcomputer so that you get a fuller picture of the ransomware.

Matter of fact the link is the one listed above in red from the result from Id-ransomware.

Also, See  https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/


Thanks for the FRST reports.  The infection ( it seems) in addition to the ransomware, appears to also have set the system to not allow most all security programs from running.

I am urging you to run our special anti-rootkit tool to get that out of the way.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from here this link
Click the "Download button "
and save it to your desktop.   Disregard the other text in the middle of that page.   Just download & save the MBAR.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

This task is just to get the system to normally allow security applications to run.

Please do not play any videos or songs or games nor do anything else online that you can delay for later.

.

I regret to see anyone with a encrypting ransomware situation like this.

And again, remind you we have no decryptor to recover the encrypted files.

.

I will likely have you run one or two additional tasks after this, so that we get the other boogers now on the machine.

I would like to inquire as to what possibly was downloaded or installed on this machine a day or so before this Dalle ransomware appeared.

Any sort of app, program, goodie, or video download ??

.

I would suggest that you first COPY and save all of the files that have the extra extension .DALLE to some offline storage media, so that you have saved

copies of all, before you do anything  as far as the DALLE files.

 

Study all the articles at Bleepingcomputer about what potential decryptor you may want to try out  later.

We here have no decryptor  for the files that are encrypted by this Dalle ransomware.

 

But please do post back with the MBAR log after the task above is completed;  so I can map out our next steps for this machine.

Thanks.

Share this post


Link to post
Share on other sites

@Nasfar

Good afternoon.  How are you doing with the procedure with the MBAR tool run?

I am eagerly awaiting to have that from you.  Be sure to be aware, we will have at least 2 or 3 more other steps to do after that.

I am only just awaiting the MBAR result log.   Do not try to do anything ( yet) about trying a decrypt.   Those files will stay on the drive.

This Windows has a number of issues along with ( in addition to) the ransomware.  There is a pesky malvertising.   There is a Bazz search hijacker on Chrome/  Windows Defender is disabled.   All those need follow up.

Sincerely,

Share this post


Link to post
Share on other sites

Hello Maurice,

Thank you so much for your support.

I have run the tool you gave me and below I attach the file you put.

Please bear in mind that I have not opened anything after that (except for this sit on Opera and the annoying ads that open up automatically through Chrome)

Thanks

mbar-log-2019-06-25 (22-08-53).txt

Share this post


Link to post
Share on other sites
Posted (edited)

Thank you for the MBAR anti-rootkit log.   We will deal with the Chrome as part of our next task.

Actually this last MBAR run had done lots & lots of cleanups, including a pesky "Online Guardian" malwarevtising pest.

The MBAR has cleared the way for the ability to run security programs, plus also has squashed a fake "windefender" malware.

.

I am going to list a couple of things to do below.  We will do more after that ( later).  I expect this next tasking should only take less than 30 minutes of effort.
 

.

First part is easy.  I need for you to set Windows 10 to show all folders, all hidden folders too.

Dot not let the details or number of lines below spook you, please. It is all do-able and needed.
Just take your time.

•    Open File Explorer from the taskbar.

In File Explorer, click the VIEW from the menu bar.   ( ALT-key + V on keyboard while in File Explorer)
•    Select View >  look on the far right list   ( on the upper right)
•     have a check-mark on the line File name extensions

.     have a check-mark on the line Hidden items


.

NOTE:  The following custom procedure below is only for end-user Nasfar & no one else.  It is customized for his system.

If you are not Nasfar, do not try this.

This is a custom cleanup to get rid of some rogue adwares & other pests that are on this Windows system.

It has nothing to do with the encrypted user data files etc.   ( Those I will provide more tips on at the end of the case).

For now, my goal is to do a cleanup & then to recheck your system for any other remaining malware that may be active still.

 

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder 

The tool named FRST64 is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 


The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the Fixlog.txt with your reply.

and if you would, tell me if this pc has Malwarebytes Premium   ( prior to these infections)

and take just a couple of minutes, test to see if you can start Malwarebytes for Windows, see if you can open the Microsoft Windows Defender.

 

Once I have the log from this next run, we will proceed with some other scans / tasks.

Thanks for your patience.

Cheers.

Maurice

 

 

 

fixlist.txt

Edited by Maurice Naggar
edited for FRST64

Share this post


Link to post
Share on other sites

Sorry, I made some typos before.  We will use the FRST64 which you already have from before on the Downloads folder.

Share this post


Link to post
Share on other sites

Hello Maurice,

Thank you so much for your continued support. I really appreciate you sticking by.

I have done everything stated above and now there are no more random links opening up on Chrome. I was able to open windows defender and run a quick scan, but it stated that nothing was detected.

I installed Malwarebytes and it detected around 68 viruses and got them all cleaned.

The only problem that seems to persist are those .DALLE files that still have all my work documents locked up. They are literally worth a lot of effort and thus money. :(

Below I attach the fixlog files as well as my last results from the Malwarebytes scan.

Thanks,

Fixlog.txt Malwarebytes test results.txt

Share this post


Link to post
Share on other sites

Hi,

Thank you for the 2 report files.  I will review.

I will be providing some tips on possible recovery of your user files,   after we make sure there is nothing malicious around.

These are the next things we need to cover.
Ransomwares will turn off the Windows System Restore service.  So please make time & review this link on how to get that turned back on.
https://www.thewindowsclub.com/system-restore-disabled-turn-on-system-restore-windows

I have listed below a couple of other tasks, that will not take a lot of time.
[ 1 ]
Please delete the MBAR.exe that I had you use before.  We will be using a more recent version of this tool.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

This here all total should maybe take 10 minutes overall.

Please download Malwarebytes Anti-Rootkit (MBAR) from here this link

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Just please keep going and also do step 2 below.
 

[ 2 ]
This is a special run with the Malwarebytes for Windows.   This may take an hour or 2 or several hours,  depending on speed of your hardware & also number of files on the disc.
It is worth doing so that we have a new check on the whole drive.

Let me suggest you do a CUSTOM scan on the whole C drive !
Open Malwarebytes
Click the Settings menu followed by the Protection tab.
Scroll down to Scan Options and turn the Scan for rootkits setting on.

Next, click the icon button at left marked SCAN

Then, from the 3 panel choices, click on the middle one marked CUSTOM
( IF you see a summary white screen with a green check, click on the Close X spot on the right side so you get to that out of the way & then click Scan button on the left & then Custom scan on the middle selected .)


Then click on Configure Scan button

be sure the Scan for rootkit on left is ticked

Be sure to click on the box marked C on the right.
You want to scan the whole C drive.

Then click Scan Now button.

Then see what the result is.   This scan will be the one that takes the most time.  Let it run overnight  and then check on it tomorrow.

I believe you are some 6 hours ahead of me  & it must be nearly midnight.

Very sincerely,

 

Share this post


Link to post
Share on other sites

Thank you for the log reports.  The result from the MBAR antirootkit is excellent.

The result of the Malwarebytes for Windows scan is most excellent.   There was only 1 P U P & it was in the recycle bin already.

Very encouraging reports.

.

Since this system had had multiple infections, I am going to suggest these additional scans.  They wont take long  and it is something you can do at leisure in one day.  Don't let the size of the write up in the list spook you.

After all these are done, we can then map out what to do on the encrypted .dalle files.

[ 1 ]

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

 

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply  ( later when all done).    .

When done with Adwcleaner, click the X button to Exit out.

 

[ 2 ]

The Microsoft Safety Scanner is a free stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

[ 3 ]

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows, without having to create bootable media.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
Then look on the right hand side and click on Windows Defender.
Then, scroll all the way down on the scroll bar, down to where you see "Windows Defender Offline"
Click on the button Scan Offline to start the process and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

.Let me know how all these go.

Very sincerely,

 

 

Share this post


Link to post
Share on other sites

Hello Maurice,

I ran all three scans.

The Malwarebytes adware detected around 6 viruses. Microsoft safety scanner detected 1 and windows defender offline didn't notify me whether anything was found. It simply resarted after finishing without showing any reports.

I ran Malwarebytes adware for the second time after the three steps and nothing was detected. :) 

Attached you will find the results of the Malwarebytes adware scan I ran.

Cheers, :) 

Adware cleaner NasFar.txt Adware cleaner second test.txt

Share this post


Link to post
Share on other sites

Hello,

Thanks for the Adwcleaner reports.Those were not "viruses"  but some adwares & a few registry entries, also adware related.   Thanks.

 

As to the Microsoft Safety Scanner, take a minute to locate & then send the log that it made, named msert.log

It should be at C:\Windows\debug\msert.log

.

Your Windows is clear of malware now.  Your encrypted files with the extension .Dalle are there on your system.

As mentioned before, you want to find all of them.  Make a copy of all onto some backup media, just to be sure to have that as a safety measure & to keep those extra copies.  That is to say, make a backup copy of all Dalle files, leaving the originals where they are.

Now them, I am pointing you to the resources about ransomwares at the Bleepingcomputer security forum.

They have a whole raft of resources there, especially about the STOP (djvu) ransomware .....which is the family of the ransomware on this machine.

Look there on the possibility & the how-to-directions on Stopdecrypter

Review and study the article on Bleepingcomputer   https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/?hl= stop djvu

Also, remember, if the Dalle files cannot be decrypted, to keep the files where they are.  In future, there can be a potential future update to Stopdecrypter.

 

One more thing:  If this pc had had Malwarebytes Premium before this incident happened, Malwarebytes Premium would have stopped the Dalle ransomware.  I would encourage you to get a subscription license for Malwarebytes for each of your Windows and Android devices.

 

Also, remember to make frequent offline backups of your Windows system.  Backup is your best friend.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Safer practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Check in at http://windowsupdate.microsoft.com 
Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

One more thing about getting this Windows 10 to be updated at Microsoft Windows Update for the latest build 1903.

Getting build 1903 installed would be like getting a good new Windows 10 in which you can be more confident.

The Windows 10 May 2019 Update is  available to download and install from the Windows Update page in Settings. Choose a time that works best for you to download the update. You'll then need to restart your device and complete the installation. After that, your device will be running Windows 10, version 1903.

 

To manually check for the latest recommended updates, select the Start  button, then select Settings > Update & Security  > Windows Update .

 

This build is metered and controlled by Microsoft.  If you do not get offered 1903, do keep trying.   I'd suggest trying every day or every other day, at the top of the hour.

 

Sincerely,

Maurice

Share this post


Link to post
Share on other sites

Thank you so much Maurice for all the support you gave me. I would really love to compensate you guys by any means. I can show my support by donating a certain amount to you guys through PayPal if that's possible.

Unfortunately, I talked to a guy named Demonslay on Bleepingcomputers website and there doesn't seem to be any current solution for the .DALLE files. Which means that I lost work related data that was worth literally thousands of dollars, which will take me over a month to redo.

In any case I have a couple of questions before we finish.

First, if I transfer all the encrypted data with .DALLE extension, does it mean that my external hard disk gets infected?

Second, when I was unable to install Malwarebytes through this computer two days ago when it was infected, I downloaded it on another PC, put it on a flash drive, but as soon as I inserted the flash drive into the infected PC, all the files inside of it got the same .DALLE extension. Do you think that flash is infected if I insert it again on this PC? I didn't use that flash as soon as I saw how the files turned white and got .DALLE extension in a matter of seconds.

Third, is it OK for me to use  my computer normally without having to perform a complete system restore?

Fourth, can I use Chrome normally (I've been using Opera since the moment Chrome was hijacked with adware) or do I need to simply uninstall it and reinstall it?

Further, below I attached the file you mentioned.

Cheers, :) 

msert.log

Share this post


Link to post
Share on other sites

Hi,

Q:  First, if I transfer all the encrypted data with .DALLE extension, does it mean that my external hard disk gets infected?

A:  No, those .dalle files are just encrypted.  They do not have the means to infect.

Keep in mind, that Dalle ( just like other ransomwares) deletes itself after it has done its deeds.

Q:  is it OK for me to use  my computer normally without having to perform a complete system restore?

Yes.  Your computer at this point is free from malware.   That was why I had you run all of the different scans, by different tools.

 

Q:  can I use Chrome normally

A:  Yes.

 

Even if there is no decrypter now, one may come out in the near term or in future.

 

Note, as to System Restore, the ransomware would have turned it Off and also would have deleted all prior system restore points.

That is why I asked you to be sure to look that System Restore is now turned back On.

Reminder, Make a Backup of this system before you do something.   Backup is your best friend.

.

I would re-assert,  what this machine needs is to upgrade to the Windows 10 build 1903.  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

W10_1903_wu.thumb.jpg.5099b486106a5e8698303c1d8ef6d210.jpg

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

.

As to the Microsoft safety scanner, it found a hack tool.

Found HackTool:Win32/AutoKMS and Removed!

.

Thanks for the compliments.  Keep watch on the thread on Bleepingcomputer for the STOP ransomware.   Keep checking.

Now then, Is there anything else that you need?

 

Share this post


Link to post
Share on other sites

Additional notes.   Since you mentioned Chrome.

Malwarebytes has a browser extension for Chrome & a separate one for Firefox browser.   They can help keep the browser from dodgy unsafe sites.

get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

+

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

There is apparently a new update to StopDecrypter  that can handle the .Dalle  files.

Please do a fresh review at Bleeping computer topic and about how to get, use, & run the STOPdecrypter

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/?hl= stop djvu

Quote

06/27/19: STOPDecrypter updated to include support with new OFFLINE KEYS for the following variants as explained in Post #46111.
.truke, .dalle, .lotep

 

Quote

Update for STOPDecrypter v2.1.0.14 with more OFFLINE keys

OFFLINE ID: PrHLxGQfozsYqIt6y8iByGll1cv9doSVfPSfS2t1

Extensions: .dalle

 

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hello Maurice,

Thank you so much for your continued support. I will definitely try to take all necessary measure in order not to get myself in trouble again.

As for the latest version of Stoprdecrypter, unfortunately it did not work for me, which means that my files have been encrypted in an online key, which acccording to Demonslay, is pretty much gone for ever.

At this point I'm going to put in all the work to redo all the work lost and hopefully everything will get back to normal in around a month or so.

Once again, I thank you so much Maurice for all the support you gave me throughout this tragic experience.

I hope to talk to you soon. :) 

 

Cheers,

Share this post


Link to post
Share on other sites

By the way, Maurice, when I turned off Malwarebytes protection to use Stopdecrypter, I noticed that Chrome opened up again but only one ad popped up.

I also noticed that pop-up ads open up in tabs on Opera as I was writing you the previous message.

When I ran Malwarebytes scanning, it detected 44 new threats.

I don't know where they came from but it detected them and I attach the results below.

Do you think I show perform a complete system restore to get rid off this pain?

Thanks

Malwarebytes new test results.txt

Share this post


Link to post
Share on other sites

What can you use for a system restore ?

 

This last scan showed a lot of P U P, some adware related elements, and a DNSChanger trojan.

According to it , it removed all those.

,

Malwarebytes just released version 3.8.3

I would suggest to do a install-in-place.

the Malwarebytes installer is at this link

download and save the setup file . It will automatically download. Just SAVE first.

1.    Double-click mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11270 to start the Malwarebytes for Windows setup.
2.    Follow the installation instructions to complete setup.

Watch all of the process. Have lots of patience.
Let me know how it goes. When setup has completed, my suggestion is always to do a Windows Restart.

Then start Malwarebytes for Windows and do a new Scan.

Share this post


Link to post
Share on other sites

Done!

The new version detected 51 threats and removed them all.

I also noticed that after telling me to restart my computer, I did, but it froze when the restart text starts and I had to manually keep pressing the power button to manually shut it off.

In any case, below is the results of the final scan.

Cheers,

Malwarebytes test results June 30th.txt

Share this post


Link to post
Share on other sites

Thanks for the scan report log.  All the items were PUP.Optional.PCVARK

See this information and link on the Malwarebytes Blog about this

PUP.Optional.PCVARK is Malwarebytes’ detection name for a large family of installers for potentially unwanted programs targeting both Windows and Mac systems.

https://blog.malwarebytes.com/detections/pup-optional-pcvark/

.

Be very very careful with what you install on your machine, always.

Adroit System Care is classified as a P U P   ( potentially unwanted program).

.

Back to the original issue. I can suggest to you this next tool to cleanout the ransomware payment demand notes.

https://www.bleepingcomputer.com/download/ransomnotecleaner/

Get that and run it.

.

As to the Dalle files, I previously sent tips to Bleepingcomputer.

This machine does not now have malware.   You need to re-double efforts to keep it clean.

Please do not download stuff that you cannot be sure is safe.

.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Safer practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Check in at http://windowsupdate.microsoft.com 
Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

We need to wrap up this case.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.