Jump to content
Posted 11 July 2018 - 12:39 PM
Posted 11 July 2018 - 05:29 PM
Posted 11 July 2018 - 07:04 PM
Posted 11 July 2018 - 07:21 PM
Posted 28 July 2018 - 08:09 AM
...welp, it got me. I'm lucky that most of the truly irreplaceable stuff appears? to be backed up as of now (won't know till I get back there), and much of the rest can be reacquired. Thing is, I'm trying to scan/remove the ransomware and nothing (MSE, Malwarebytes, Avast) is detecting it. Is there some special step I'm missing here? In the meantime, I've changed my ports, and my password to something strong.
Posted 28 July 2018 - 08:58 PM
I'm still not clear on removal tools. I don't want what files are left getting erased as per the possibility raised here:https://blog.emsisoft.com/en/26164/how-to-remove-ransomware-the-right-way-a-step-by-step-guide/
I'm also not sure what the best practices are for rebooting, in case it's still there, even though it has not been detected by various anti-malware utilities. Will booting to Safe Mode prevent it from potentially causing greater damage? Should I be scanning the data directories for the malware payload rather than merely the system drive? Trying not to panic here but it's not easy. Random Googling brings up questionable sites, and the guide above mentions nothing about which tools to use or how to use them.
Edited by bilditup1, 29 July 2018 - 05:18 PM.
Posted 30 July 2018 - 10:47 AM
Posted 30 July 2018 - 11:02 AM
Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe.
Thanks for your reply, much appreciated. Does the above mean that they can't actually act on their threats of deletion?
Edited by bilditup1, 30 July 2018 - 11:03 AM.
Posted 30 July 2018 - 11:06 AM
Posted 30 July 2018 - 11:08 AM
In most ransomware cases, any warnings in the ransom note or screen display that indicates files will be deleted after so many hours/days (deadline) are commonly just a scare tactic to get victims to quickly pay the ransom.
Oh man, brilliant.
...so is there a FAQ somewhere that says all this that I clearly missed in my panic?
Posted 30 July 2018 - 01:41 PM
0 members, 0 guests, 0 anonymous users