Dcal2005 Posted December 13, 2020 ID:1426999 Share Posted December 13, 2020 Hi there, please help. I have a ransomware that malwarebytes identified as Neshta virus and/or Hijack.exe, maybe both? Any how, I found two txt files in my C:ProgramData folder that look like information for the keys . . . IDk.txt and pubk.txt which I am attaching picks of. .... the IDk.txt has the same number that is in the renamed file extension after an email address....all files now have .[rebkeilo@gmail.com][K52QSAVLC86FO0Y].heirloom following the regular names of the file. The other items I believe are found in a temp folder under users>owner>appdata>local>temp>3582-490 which I have attached pics of this too. In addition there is a huge file in my recycle bin and even more files in a hidden recycle bin (attached pics also). I have MB Premium and this seemed to occur after doing an upate to use a new search bar protection feature - I have 2 computers infected, this is the most important one and I have declined to add the new feature on my other computers just to be safe. Thanks in advance.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 14, 2020 Root Admin ID:1427023 Share Posted December 14, 2020 Hello @Dcal2005 This virus infects files by prepending its virus code to executable files. Most AV can probably stop the spread of the virus but cannot undo the damage. https://blog.malwarebytes.com/detections/virus-neshta/ https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Neshta.A My advice, back up your personal data documents, music, videos only, not the entire computer. Then format the drive and reinstall Windows otherwise you'll spend the next few years fighting the damage done. If your personal data has been encrypted then see if there is any decryptor available. If not remove the drive and set it aside in the hopes that maybe in the future one will be availabe. Please see the following topic for further assistance Ransomware Help & Tech Support at Bleeping Computerhttps://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/ Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 30, 2020 ID:1429891 Share Posted December 30, 2020 Hello @Dcal2005 I hope you are doing well. We have not heard back from you. How is the situation ? Are you still with us ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 12, 2021 ID:1431858 Share Posted January 12, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts