Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


My antivirus stopped a rogue encyrption program

  • Please log in to reply
1 reply to this topic

#1 Virusmunchies1


  • Members
  • 3 posts
  • Local time:11:26 AM

Posted 12 June 2014 - 04:27 AM

My antivirus Avast free and Zone Alarm free both helped stopped a rogue encryption program from encrypting and hijacking all of my files.


About a week or two ago, I registered for this site because I needed help removing a virus. I managed to do it myself, and all was good. A little while ago today, as I was managing my music I noticed something strange, there was a blank subfolder with a text document labeled "decrypt instructions. This was basically was a ransom note, "pay us to get your files back"


Looking back on the breach when the virus was downloading avast popped up and said it was checking a large file downloading from the internet. After that both zone alarm and avast started going crazy with virus and firewall alerts. In order for the virus download its payload, the encryption software it even tried keeping the internet on. I turned off router and after about a good 5 hours I managed to remove the virus.


At that the time I knew the virus more than likely changed settings on my computer, and planned on dealing with it as issues popped up. Now knowing what this virus was, I more than likely am going to take it to an expert to fix. It's a old laptop so it has physical issues as well. It overheats extremely fast on even simple things like playing videos.


I am really mad now. ><

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:04:26 AM

Posted 12 June 2014 - 07:13 AM

My antivirus Avast free and Zone Alarm free both helped stopped a rogue encryption program from encrypting and hijacking all of my files.

Hello -


Do you run Avast free and Zone Alarm free, both as Active Antivirus programs ?? or Antivirus and Firewall programs ??

Sorry, but this is just written in a slightly confusing way -


Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)


Check your programs -

Your Antivirus must have some record of the infections halted or encountered during scans ........




Malwarebytes Anti-Malware version has now been upgraded to Version 2.0.2

Please follow Removal and Update  methods.. (link is to Malwarebytes site) if required -


First -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

RKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. RKill.txt log will also be present on your desktop.



* Download Malwarebytes Anti-Malware and save it to your desktop
* Double click the desktop icon, Select language, then agree to terms, click Run,
* Click Next
* Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer, if requested
Copy and Paste the contents of MBAM.txt in your reply


Please post back with -

Speccy link

RKill.txt log

Malwarebytes Anti-Malware log

and how your cpmputer is performing -

Edited by noknojon, 12 June 2014 - 07:19 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users