Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
A few points to cover before we start:
- Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
- Make sure to read my instructions fully before attempting a step.
- If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
- Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
- Important information in my posts will often be in bold, make sure to take note of these.
- I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
- I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
- Lets get going now
I must give you this warning:
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
- Please download TDSSKiller from here and save it to your Desktop
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
- Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
- If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
- Click Start Scan and allow the scan process to run
- If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
***Do NOT select Delete!
- Click Continue
- Click Reboot computer
- Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:
~If I am helping you and you have not had a reply from me in two days, please send me a PM~
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here
~Twitter~ | ~Malware Analyst at Emsisoft~