Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ransomware: ai88

  • This topic is locked This topic is locked
2 replies to this topic

#1 mb from md

mb from md

  • Members
  • 6 posts
  • Local time:04:13 PM

Posted 23 May 2015 - 09:59 AM

My Toshiba laptop running WinXP became infected with the ai88 ransomware, which locked up the machine.  I did not pay the ransom.  In the interest of time, I took the machine in to a local shop without shutting the machine down.  This ransomware was most likely imbedded in some pdf files I downloaded from a German site (www.irt.de); the specific files at this site in a subdirectory were V76.pdf and V72.pdf.
The proprietor of the local shop indicated this ransomware was particularly nasty and probably originated in Russia or China.  The ransom was to be paid in bitcoin.  Apparently, pdf files are a particular target for imbedding the ransomware.
I noticed the machine slowed down, ai88 showed in the tray, and the ransom message appeared on the screen.  I did not believe that ComboFix was a appropriate solution for removal of ransomware so I took the machine in.
For the benefit of others, does Superantispyware and/or Malwarebytes detect ransomware imbedded in pdf and other files?  Has anyone in the hack community attempted to trace down the authors or users of this ransomware and attempted to disable their machines and/or internet access?  This assumes that the government(s) in host states where the ransomware is issued are uncooperative.
Has anyone on this forum encountered the ai88 ransomware?  In the event the local shop is unable to deal with the ransomware, what fixes are recommended?

Edited by computerxpds, 23 May 2015 - 11:15 AM.
Deactivated hotlink to potentially malicious website

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,213 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 28 May 2015 - 06:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Sorry for this long delay.

There is nothing we can do to restore your files.

If you still wish us to remove any remnant items from your computer and registry follow these instructions.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How is the computer running?
Wait for further instructions.

#3 nasdaq


  • Malware Response Team
  • 40,213 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 02 June 2015 - 07:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users