Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware help


  • This topic is locked This topic is locked
7 replies to this topic

#1 AmalM

AmalM

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 01 January 2017 - 05:20 AM

Hello,

 

I need help with a ransomware. A few days ago I downloaded something and my PC got infected with a ransomware. The ransomware encryped all my files and renamed them with a .gangbang file extension (for example:- Jeiu8+KLzM.gangbang).

 

Over 100,000 of my files got encrypted. I remember seeing something related to 7zip in the "Processes" tab in the task manager even though I don't have 7zip installed. I believe that's how the ransomware encrypted my files. It had also effected my regsvr32.exe file in "System 32" folder but I removed it from Windows Recovery Options and a new clean file was created instead. The infected regsvr32.exe file pointed to aa dll file "UnNetwork.dll" file during startup so I deleted that file too and removed the startup entry from Msconfig.

 

There were a lot of other files called "Read me please.exe" which I deleted (I think I can recover them if needed) near to the encrypted files. When I opened these files, it showed me a message saying that my media files had been infected and that I need to make a payment for the decrypter.

 

I'm willing to do anything, send any files, logs, anything, etc but please help me recover my files. I am a game, software and movie collector so it hurt me a lot when I lost everything. Please help.

 

Thank you.


Edited by AmalM, 01 January 2017 - 05:25 AM.


BC AdBot (Login to Remove)

 


#2 al1963

al1963

  • Members
  • 886 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 01 January 2017 - 05:25 AM

@AmalM,

ID Ransomware use to determine the type of encoder

 

 

https://id-ransomware.malwarehunterteam.com/index.php



#3 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 01 January 2017 - 05:54 AM

Hi AmalM.

This is most likely Globe ransomware. Please post into the Globe support topic here: Globe Ransomware Help and Support - Purge Extension & How to restore files.hta

Best regards
Karsten

#4 AmalM

AmalM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 01 January 2017 - 06:06 AM

@Struppigel,

 

I've posted it there. Thanks.

 

 

@al1963,

 

The website didn't give me anything.



#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:46 AM

Posted 01 January 2017 - 11:00 AM

@al1963,

 

The website didn't give me anything.

 

If you uploaded the file "Jeiu8+KLzM.gangbang", ID Ransomware correctly identified it as Globe, with a link to the support topic.

 

ajAQL4B.png


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 AmalM

AmalM
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 01 January 2017 - 11:04 AM

I didn't know how to use the website. Anyway, the problem is fixed now. My files are being decrypted as we speak. This may be locked now. Thank you everyone who helped me.



#7 thyrex

thyrex

  • Members
  • 585 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:05:46 PM

Posted 01 January 2017 - 11:16 AM

You got answer here.

Please write only there


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:46 PM

Posted 01 January 2017 - 11:51 AM

Since your problem was resolved in the Globe topic, I am closing this one to avoid confusion.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users