Jump to content

Malwarebytes is detecting a Ransom.Script.RTPScript.


Go to solution Solved by Porthos,

Recommended Posts

Hello,

I decided to do a scan of my computer with Malwarebytes today. It detected a file as Ransom.Script.RTPScript. By the way, this file was a batch file renamed to .txt. 

What's weird is that Malwarebytes detects it when you do a full scan, but not when you scan the file itself. I will attach a screenshot below.

Please get back to me as soon as possible. 

Thanks in advance,

JP3SpinoFan

 

Screenshot 2023-03-04 193531.png

SOMETHING.txt

Link to post
Share on other sites

Hello @JP3SpinoFan and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

While you wait, The logs show the computer needs a restart.

Quote

Pending File Rename Operations
========================================
C:\Users\JP3SPI~1\AppData\Local\Temp\DELB21B.tmp                                     
C:\Config.Msi\3ae8f.rbf                                                              
C:\Config.Msi\3ae90.rbf                                                              
C:\Users\JP3SPI~1\AppData\Local\Temp\DELE001.tmp                                     
C:\Users\JP3SPI~1\AppData\Local\Temp\_iu14D2N.tmp                                    
C:\Windows\Temp\a376cd9d-4173-46d9-b089-275c2742f669.tmp                             
C:\Program Files (x86)\Microsoft\Edge\Temp\scoped_dir3212_82365968\old_msedge.exe    
C:\Program Files (x86)\Microsoft\Edge\Temp\scoped_dir3212_82365968                   
C:\Program Files (x86)\Microsoft\Edge\Temp                                           

Pending Windows Update Reboot
========================================
A reboot is pending
Windows Update: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
Windows Update: C:\Windows\WinSxS\pending.xml

 

Link to post
Share on other sites

  • Solution
1 hour ago, JP3SpinoFan said:

What's weird is that Malwarebytes detects it when you do a full scan, but not when you scan the file itself. I will attach a screenshot below.

Are you looking for assistance cleaning your computer or are you just pointing out the difference with detection?

Link to post
Share on other sites

Hello @JP3SpinoFan My name is Maurice. I will guide you. 

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes sca

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.