I got a notification of a ransomware but none of my files encrypted

[huzzz]

Detected by windows defender 

Quote

Detected : Ransom:Win32/Zudochka!MSR

Status : Removed or restored

This threat or app was removed from quarantine or restored to the device

 

Affected items: file: G:\images.exe

 

Backstory: I wanted to copy something into a usb. I had an old usb stick which i plugged it and received this notification. I didnt open anything only formatted the usb stick.

 

None of my file are encrypted does that mean im safe????

[1PW]

Hello @huzzz and welcome back:

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following:

I'm infected - What do I do now?

Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic.

Thank you.

[huzzz]

malbytes.txt Addition.txt FRST.txt

[Maurice Naggar]

Hello @Huzzz I will guide you.
The warning from MS Defender was about 1 file on the G drive  G:\images.exe

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

• Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
• Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
• We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

[huzzz]

Drive G is the drive of the usb which is gone 

[Maurice Naggar]

Alright.  Nevertheless, do as outlined by me in my prior post ( above). Also, be aware that it looks as if MS Defender had STOPPED the threat. That the naming convention used by Microsoft for that 1 threat...did not mean to imply that your whole machine was victim of a encrypting ransomware. Do finish the Microsoft Safety scanner scan of your whole machine.

NOTE: I am quite busy with several other cases that I have from before yours. I will get back to you as time permits.

[huzzz]

msert.log

[Maurice Naggar]

Quote

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sun Oct  9 22:12:39 2022

☀️👍

[  Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

[huzzz]

Results:

Quote

No current threats.

Last scan: 10/10/2022 12:22 AM (custom scan)

0 threats found.

Scan lasted 17 minutes 23 seconds 

699881 files scanned.

 

[Maurice Naggar]

That is fine. Ready to call this a wrap ?

[huzzz]

yep i think im good

thanks for the help 

[Maurice Naggar]

This system is good-to-go. This here is for tools cleanup.

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe. 

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you