Posted 17 May 2015 - 04:05 PM
Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3 or 6-7 length extension consisting of random characters?
Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.
These are some examples.
HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, HELP_DECRYPT.URL, HELP_DECRYPT.PNG
HELP_TO_DECRYPT_YOUR_FILES.bmp, HELP_TO_DECRYPT_YOUR_FILES.txt, HELP_RESTORE_FILES.txt
HELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.bmp, RECOVERY_KEY.txt
DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.URL
These are common locations malicious executables may be found:
.Windows Insider MVP 2017-2018Microsoft MVP Reconnect 2016Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted EliminatorsIf I have been helpful & you'd like to consider a donation, click