Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


They want $300 to un encrypt my files, not so quick big fella I know somebody.

  • This topic is locked This topic is locked
5 replies to this topic

#1 cctexun


  • Members
  • 116 posts
  • Local time:10:52 PM

Posted 01 February 2014 - 01:09 AM

Hey Oh My,


I got a mess and I cain't get up. Okey dokey. I is gonna start the puzzle. I was watchin a movie (okay streamin) and some pop up pages, popped up and as usual I closed them. Well one was stubborn and kept askin me, Iffen I wanted to leave the page, I wanted to, but it decided I shouldn't, so I pulled out the ole ctrl alt delete bat, and hit em onna haid. Upon restart I was reintroduced to said previous page requesting the $300 bucks. So now I looked at it and lo and behold the FBI, Cyber somethin or tother had been watchin my travels and decided I should go purchase a 300 dollar card and submit it to a certain site.

Okay I got nervous and google became my friend, till I remembered, I had much better friends, that prolly knew something about this stuff. Hustlin over to Bleepin Cornpruter, I frantically started readin posts and decided I was way over my head and had no Idea which way to turn. Got out the discs and burner, and comenced draggin n droppin.  Since I was afraid it might get to my external hard drive I burned most important files and looked to see if some of them were already encrypted. Okay now I gotta tell ya I don't know what an encrypted file looks like, so a fine tizzy I find myself in.


Now I am waitin for the whole thing to implode and wonder if there is something to be done, before Armaggedon arrives. Yeah, I  supposedly have been backin up but my external is too small and wont hold but one back up atta time, I have been derelect in my duties to resolve that issue. And I don't know if it backed up cuz I don't know what a backup file should look like. Geez I hope there ain't too many like me. So now I sit shiverin anda shakin, quiverin and quakin, hoping OH MY can save my rear.


Please move this post to the appropriate spot and put me in line for a tongue lashin, I have earned it.


I got a little Emachine with windows 7,  I am sure you need other info but shucks, I am gonna post this as a start and will answer questions to the best of my ability when requested. Hot Dog the trek to Nirvana begins..

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:12:52 PM

Posted 01 February 2014 - 04:50 AM

So now I looked at it and lo and behold the FBI, Cyber somethin or tother had been watchin my travels and decided I should go purchase a 300 dollar card and submit it to a certain site

Hello -
1 This is just a Scam infection, and the FBI never saw anything

2 Do not panic.
3 There are Self Help guides, or ...............
4 Guided help in the Malware Removal forums


Please advise us of the option you wish to use, and post a link back to your new topic.

U.S.A. Cyber Security Ransomware is part of the Troj/Urausy Ransomware family <= Link - This is a typical example of the infection.
Read Entire Removal Guide <= Link - At the bottom of the article

You have the choice of attempting the above guide, or just posting directly to Malware Removal area.

Please note there will be a wait of about 3 days for the Experts to reply.

As you are badly infected, you can follow the instructions in the Preparation Guide starting at Step #6.


NOTE :If you are unable to complete any step, please post the topic and leave a full description of your problems


When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.


 Please Use Copy and Paste for all your responses, and Do Not Attach any unless your helper specifically requests this.


 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.


 After doing this, please reply back in this thread with a link to the new topic so we can close this one.

Thank You -

#3 cctexun

  • Topic Starter

  • Members
  • 116 posts
  • Local time:10:52 PM

Posted 01 February 2014 - 06:42 AM

Noknojon My new best buddy, Thanks Pods for gettin to me in a flash. Though my head is spinnin from reading the destructions for

"Mandiant U.S.A Cyber Security Ransomware Removal Guide"  I will attempt to diligently follow the deliniated steps to a successful conclusion. When I get overwhelmed I will skip to step 6 of the preparation guide and post a new topic  for assistance in the VTSMR logs forum for aid in the form of the Malware Response Team.  Heres hopin for smooth sailin. By the way you folks are way too good, to those of us mired in the mud. Thanks big Fella. Wish me luck.

#4 cctexun

  • Topic Starter

  • Members
  • 116 posts
  • Local time:10:52 PM

Posted 01 February 2014 - 07:34 AM

Alright now my first Question is... 1. Since my computer is not locked up and I can use it just fine at this point, Is it okay if I load my jump drive with HITMANPRO and proceed or should I simply save Hitmanpro to my desktop and run it from the desktop?



This is what i did........


I saved hitmanpro to my desktop from the 64 bit operating mirror below (copy paste) and followed the instructions.

  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.



Ahhhhaaa No threats found. So I closed Hitmanpro.


My guess is


1. I did something wrong with Hitmanpro.


2. I got nervous when I saw the "Pay Me Page" shut the Cornpruter down in time.


3. it was a scam page and I had recieved no infection. 


I am open to suggestions. Toodles till I hear from youl

#5 Datcoolguy


  • Members
  • 303 posts
  • Gender:Male
  • Local time:11:52 PM

Posted 01 February 2014 - 11:47 AM

I had read about this virus, wich would encypt your files and request you pay 300 bucks in bitcoin or any other untracable currency to be handed over the decription key, some versions of it had 2046 bit keys that cannot be breached by brute force without some kind of supercomputer.


And as far as i am aware, if a file is encrypted you simply can't open/use it, these virus where designed to target certain medias, Office documents and AutoCAD files.


Anyways, i wish you the best of lucks and hope our fellow forum members can help you trough this one!

"If you don't understand how your computer works, you shouldn't be messing with it!"

#6 hamluis



  • Moderator
  • 56,381 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:52 PM

Posted 01 February 2014 - 12:33 PM

Reference:  http://www.bleepingcomputer.com/forums/t/522869/i-got-skeered-when-a-page-popped-up-and-wanted-300-or-theyd-encrypt-my-files/ .


Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users