I am here because all my files has been encrypted. Unfortunatey I have no idea which type of Ransonware i got because I realised something was wrong before the end of the full process (I guess), and I managed to stop the batch file that was opening the program during the startup of Windows 10, so no screens or files dropped on my desktop found.
The batchfile is in a folder called: 39aaa1b inside the Local folder of user/davide/appdata where davide is my name.
I ran Malawarebytes who has (hopefully) removed the menace, but I have now many if not all files locked.
I tryed both Cryptosheriff and ID Ransomware but they both couldn't identify the crypting method, so I am stucked.
Please let me know how can I proceed.
edit: there is a file called syspoz in the startup files (now disabled). If it helps..
esteduca (Davide, from Italy).
Edited by esteduca, 06 January 2017 - 11:49 AM.