Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got sneaky virus


  • Please log in to reply
9 replies to this topic

#1 Syyskuu

Syyskuu

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 04 October 2014 - 03:11 AM

Hi, Everyone!

I'm experiencing the problem with Trojan or virus which I got from attached file to email. This tiny thing changed files' names n extensions to email address. I sent an email to the address n figure out that some sum must be transferred via bit coin system n the instructions will be given me, afterward. It's 100% fraud n they will never response after getting money. Btw, I forgot to say that antivirus cured virus but files have still encrypted:(. Unfortunately, I badly need these files (payrolls n accounting docs). Here I found some topic about the person who faced with a similar problem, but he doesn't mention any hackers' emails. Here's the link - http://www.bleepingcomputer.com/forums/t/378992/virusspyware-attack-change-extension/ .
Can anyone advise me what to do or these instructions from the link might be applied to my case?
Thank you in advance :)

Edited by Syyskuu, 04 October 2014 - 03:18 AM.


BC AdBot (Login to Remove)

 


#2 MikeHunt

MikeHunt

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 04 October 2014 - 10:17 AM

Dont open emails from which you dont know and then never click on links in emails you dont know. 



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:27 PM

Posted 04 October 2014 - 02:05 PM

Please do the following.
________________________________________________________________
 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post

________________________________________________________________

 

Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
 
tds2.jpg
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
 
2012081514h0118.png
 
3.  Click Start Scan and allow the scan process to run.
 
 
tds4-1.jpg
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
Click Continue.
 
 
tds6.jpg
 
5.  Click Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

________________________________________________________________

 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Syyskuu

Syyskuu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 05 October 2014 - 10:20 PM

I very much appreciate your help Dc3. I will follow the instructions n post programs' logs.

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:27 PM

Posted 06 October 2014 - 09:21 AM

I will be in and out of here the next two days due to a family health issue.  But I will stick with this topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Syyskuu

Syyskuu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 08 October 2014 - 01:28 PM

Dear dc3, Thank u a lot for your help. I am on business trip now and ll have a chance to apply your recommendations to my pc when I am back in 2 weeks. I will let you know. I hope your family is doing well. Best regards.

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:27 PM

Posted 08 October 2014 - 02:16 PM

Not a problem, I'll be around.

 

One of the basic premises of physics is that no two solid objects can occupy the same space.  My wife set out to disprove this, and has been wearing a cast on her left wrist for the last five weeks.  She is now feeling better and bored out of her skull, I know this because she offered to help me stack our firewood.

 

Dan


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Syyskuu

Syyskuu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 31 October 2014 - 12:49 AM

Dear Dan,
 
I hope your wife is getting well. I'm sorry for a late reply but didn't 
have a chance cause things at work were tough. Anyway, I did these tests which 
you advised me n' log files you may see below. 
 
P.s I hope it will help to figure out the problem
Vic
 


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:27 PM

Posted 31 October 2014 - 09:16 AM

Did you restart the computer after running Malwarebytes?

 

Please run the TDSSKiller again, when you reach #4. click on Cure.  Then follow the instructions to finish.

 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.
 
 
Please run the Disk Cleanup Tool.  Unfortunately you have not posted what operating system you are running, so I can't give you specific instructions for finding this.  But you should be able to find it in Administrative Tools.
 
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 Syyskuu

Syyskuu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 25 November 2014 - 06:26 PM

Dear Dan,

I very appreciate your help. As well as guys from company's It dep. who were solving the problem as for the last month several PCs were infected as well as mine.

Best regards,
Vic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users