Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.filecoder.cr help! New Harddrive and same issues.


  • This topic is locked This topic is locked
11 replies to this topic

#1 Inkedup209

Inkedup209

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 08 October 2015 - 09:33 PM

So I opened a read me file that had filecoder.cr and win32.trojan
Bonded to it I'm finding out. So I noticed all of a sudden after opening it that my browser closed and then It reopened and said I couldn't connect and my cou and disk usage jumped high . I installed malware bytes and it found things and upon restarting I noticed it was installing windows updates and when I rebooted the virus scanner was replaced and found nothing . I said oh well I'll do a clean wipe I need it anyways and after installing Windows I noticed I had tons of new users and services running and it connected thru wifi and infected our family computer ,my laptop,sisters laptop and moms laptop . Makes tons of users and hidden files and tries to run a server and I noticed we've been dns hijacked as well . After that since we were using wifi on our iPhones it somehow jail broke my phone and 3 others and it says I'm logging in to Facebook from Nigeria I'm in California and my google results pop up places near San Fran and I'm about 3hoyrs away from there. We cr had credit cards used in other states and it logged onto my online store I run and manually processed stolen cards for orders to China and Malaysia . I found out its using some kinda exploit via Bluetooth to turn our phones into bots and it even connected to my new MacBook while it was in sleep mode and connected to it via netbios. Ive tried 3 brand new solid state drives and I found out it makes a ram drive and my motherboard has a bios cache that's huge and other things it can latch onto. The other pcs I wiped out and did a low level wipe and it ran fine but then I noticed there was still the services on there still like rpc running and trying to connect out getting windows updates . 10 min later there's tons of users and groups created and open shares and my admin permissions can't do much. I need help nothing has helped so far!!

ESET

32 ms

Sep 26 2015 (a day ago)

Win32/Filecoder.CR trojan 


Ikarus

78 ms

Sep 26 2015 (a day ago)

Trojan.Win32.Filecoder 


McAfee-Gateway

203 ms

Sep 27 2015

Ransom-FOO!htm 


TrendMicro

1778 ms

Sep 26 2015 (a day ago)

HTML_WALLNOTE.SM 


TrendMicroHouseCall

1762 ms

Sep 25 2015 (2 days ago)

HTML_WALLNOTE.SM

Edited by Inkedup209, 08 October 2015 - 09:45 PM.


BC AdBot (Login to Remove)

 


#2 Inkedup209

Inkedup209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 08 October 2015 - 09:48 PM

I've tried combo fix it won't work because I'm on Windows 10.

#3 Inkedup209

Inkedup209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 October 2015 - 12:12 PM

Nobody?

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 13 October 2015 - 09:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/592937 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Inkedup209

Inkedup209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 14 October 2015 - 03:28 PM

Yes I still very much need help I got 4 laptops and two desktops affected and 3 iPhones an android and now my MacBook has "iRAT" .
Please help

#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:46 AM

Posted 26 October 2015 - 05:11 AM

Hi Inkedup209,
 
Sorry for the delay, looks like your topic got missed. Please let me know if you still need help and what the current problem is.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:46 AM

Posted 02 November 2015 - 07:04 AM

Hi Inkedup209,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 Inkedup209

Inkedup209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 06 November 2015 - 02:56 PM

Yes I still need help. Crypto prevent and Norton power erase kinda worked but didn't remove anything it's still there running. Brand new dvd with Windows. I mean I had crypto prevent on max setting and it was fine but obviously I need to install programs nobody wants a pc that only goes online and can't install anything. It's basically a netbook or worse and I got a newer fast laptop so it's like a waste. Please help . I was able to find the logs of the process running itself . It was unable to run since crypto prevent stopped it but I can see it's still trying .

#9 Inkedup209

Inkedup209
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 06 November 2015 - 02:58 PM

I don't know if maybe I can get the file again that I opened to begin with and we can figure out exactly what this thing is.

#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:46 AM

Posted 06 November 2015 - 03:04 PM

Hi Inkedup209,
 
Okay, first of all let's have a look at the system with this tool so I can get a better overview :)
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:46 AM

Posted 12 November 2015 - 01:42 PM

Hi Inkedup209,
 
How are you getting on with the instructions? :)
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:46 AM

Posted 28 November 2015 - 10:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users