Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me identifying this ransomware


  • This topic is locked This topic is locked
4 replies to this topic

#1 eLPuSHeR

eLPuSHeR

  • Members
  • 60 posts
  • ONLINE
  •  
  • Local time:04:27 PM

Posted 25 January 2016 - 12:26 PM

Hello guys.

 

First post here.

 

A friend of mine executed a javascript file from within a zip archive and she got infected with some ransonware. I would like to know which one it is (to see if there is any guideline for recovering anything). I have the original infected zip here: http://www.filedropper.com/qe

 

Uploading it to virustotal.com I see it is detected by just a few of AV programs.

 

Virus creates some html and txt files called help_recover_instructions+vgv in every infected location.

 

All encrypted files has the .micro extension appended.

 

Best regards.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 26 January 2016 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is your ransomware infection.

http://www.bleepingcomputer.com/forums/t/602915/please-help-what-is-micro-cant-open-documents/

You may want to participate in this topic
http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/

Good luck.

#3 eLPuSHeR

eLPuSHeR
  • Topic Starter

  • Members
  • 60 posts
  • ONLINE
  •  
  • Local time:04:27 PM

Posted 27 January 2016 - 02:06 AM

Hello.

 

Thanks for your reply, but someone already answered me via pm.

 

Just because my friend has got a backup copy of her documents I have reformatted her w8.1 from scratch and installed w10. I was just curious about which virus it was.

 

Best regards.

 

PS - I have downloaded the tesladecryptor tool and saved it for future uses.



#4 eLPuSHeR

eLPuSHeR
  • Topic Starter

  • Members
  • 60 posts
  • ONLINE
  •  
  • Local time:04:27 PM

Posted 27 January 2016 - 02:21 AM

Well.

 

Is there any way to mark a topic as SOLVED?.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 AM

Posted 27 January 2016 - 09:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users