Jump to content

Recommended Posts

Hello TheRealRaj and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

When you`ve downloaded FRST64.exe, rename it to FRST64English.exe...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin..
 
Link to post
Share on other sites

Thank you for your response Kevin

It seems to shutdown after a few seconds

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020
Ran by Rita (administrator) on RITA-PC (Gigabyte Technology Co., Ltd. B85M-D3H) (04-08-2020 09:29:28)
Running from C:\FRST
Loaded Profiles: Rita
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

It seems to get as far as the user's folder and dies

USER00

C:\ProgramData
C:\Users\Default
C:\Users\Default User
C:\Users\Public
C:\Users\Rita

 

Don't spend a lot of time on it. We are going to start seeing if we can negotiate a settlement.

Thanks

Raj

 

Link to post
Share on other sites

No I don't have the original note. The email is america@countemail.com.  They are asking for .035 or .35 bitcoin whichever is about $5700 CDN

I can post a encrypted file if you like. I do have a good original unencrypted file of that as well if it helps

R

Link to post
Share on other sites
Posted (edited)

Attached.

However if I remove my phone number and email address it becomes useless no? Yes

Please remove the file after you have it. Thanks

R

 

Edited by AdvancedSetup
attachment removed per request
Link to post
Share on other sites

Hiya TheRealRaj

Unfortunately I cannot remove the file, dont have the authority.... I`ll PM an admin guy see if they will do it...

How do you have encrypted file and genuine file, do you have backup or image back up of your full system..?

Unfortunately at this time there is no way to decrypt files that have .makop encryption, you may want to open a thread at Bleeping Computers Ransomware Forum. Although no decyption is available, there will be more help and advice....

https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/

Thank you,

Kevin

Link to post
Share on other sites

If you have the file then I can delete it. Yes I had a backup. The other files have confid info so I can't pass those along

I really don't have time to time to go to bleeping computer to do stuff. We are saturated with work and this just tripled it. Thanks for your help

R

Link to post
Share on other sites

Hello TheRealRaj,

If you have backups can you reimage your PC and reload the backed up data. As FRST is being stopped from running it would seem your system is still infected. Ransomware is known to delete its tracks after encrypting all data and posting for a Ransom, no real reason to do any more damage...

@AdvancedSetup removed the zip file, I just deleted the copy I had after checking to see if decyption was possible, not much more we can do...

Regards,

Kevin

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.