Jump to content

CodeFiler.Phobus / Makop Got me

Recommended Posts

Hello TheRealRaj and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Link to post
Share on other sites

Thank you for your response Kevin

It seems to shutdown after a few seconds


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020
Ran by Rita (administrator) on RITA-PC (Gigabyte Technology Co., Ltd. B85M-D3H) (04-08-2020 09:29:28)
Running from C:\FRST
Loaded Profiles: Rita
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


It seems to get as far as the user's folder and dies


C:\Users\Default User


Don't spend a lot of time on it. We are going to start seeing if we can negotiate a settlement.




Link to post
Share on other sites

Hiya TheRealRaj

Unfortunately I cannot remove the file, dont have the authority.... I`ll PM an admin guy see if they will do it...

How do you have encrypted file and genuine file, do you have backup or image back up of your full system..?

Unfortunately at this time there is no way to decrypt files that have .makop encryption, you may want to open a thread at Bleeping Computers Ransomware Forum. Although no decyption is available, there will be more help and advice....


Thank you,


Link to post
Share on other sites

Hello TheRealRaj,

If you have backups can you reimage your PC and reload the backed up data. As FRST is being stopped from running it would seem your system is still infected. Ransomware is known to delete its tracks after encrypting all data and posting for a Ransom, no real reason to do any more damage...

@AdvancedSetup removed the zip file, I just deleted the copy I had after checking to see if decyption was possible, not much more we can do...



Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.