Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto trojan ?


  • Please log in to reply
1 reply to this topic

#1 Overseas12

Overseas12

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 18 June 2016 - 08:41 PM

Hello,

I m turning to this forum for my desperate friend is experiencing a problem concerning a crypto trojan and, since it s nighttime in our region at the moment I am turning to this forum. Please note that English isn't my mothertongue either, but I ll be doing my best to explain what happened, hoping to be able to help him.

His PC is running windows7, and he had installed an anti ransom software , called malware byte, primarily, which detected an active crypto trojan and supposedly put it under quarantine, which was empty when he checked. He then shut down his PC and took the drives out. When connecting his system drive via USB, he couldn't detect any encryption on it.

The second drive which was used to store files did respond upon being connected, however none of the files were recognizable anymore.

Is there anyone here who has experience with this type of crypto trojan?

Is there anything he can do to get access to this drive or to view any of the encrypted files?

Is it typical for crypto trojans to first attack drives containing documents rather than the system drive or to typically encrypt other drives before doing the same to the C drive?

Or could the second drive acting like this simply be the usb shell s fault?

Is it possible to check whether or not the C drive has been infected despite everything looking normal? Could it just have been malware byte overreacting?

The software that detected the trojan is called : Malware byte anti ransom software , does anyone know if this software produces loggfiles and if so, where they can be found?

Thank you so much in advance, I m bad with technical things like this and couldn't be much help to him other than asking here.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:23 PM

Posted 19 June 2016 - 05:09 AM

More information is needed to determine what infection you are dealing with since there are many variants of crypto malware ransomware.

Are there any obvious file extensions appended to the files?

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. They typically are found in every directory where data was encrypted. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.

Once we have identified/confirmed which particular ransomware you are dealing with, we can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users