Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Odd Ransomware note

  • Please log in to reply
3 replies to this topic

#1 rgm0737


  • Members
  • 2 posts
  • Local time:01:20 PM

Posted 22 January 2017 - 09:14 PM

I have a laptop that says it is infected and I have to go to see a tor website to download a program to tell me what I am encrypted with  and how to decrypt. I can and have run several spyware removal programs and antivirus but they didn't find anything serious. Not sure if this computer is really infected or they expect me to go to their website and download the virus? I uploaded the jpeg of the ransom note to RansomID but it said it wasn't identifiable. Ideas?

BC AdBot (Login to Remove)


#2 cybercynic


  • Members
  • 560 posts
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:02:20 PM

Posted 22 January 2017 - 11:02 PM

Do you have any encrypted files? If so, you need to upload an encrypted file along with the ransom note to ID Ransomware. Follow the instructions that the site gives you. If you can't find any encrypted files, run Malwarebytes / Hitman Pro / Emsisoft to remove whatever is causing your "infections".

We are drowning in information - and starving for wisdom.

#3 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,561 posts
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 23 January 2017 - 12:37 AM

ID Ransomware is not made to identify a picture of something, I don't have the machine learning technology of Google... You have to upload an actual encrypted file and the actual ransom note in order to get an identification. If it still cannot identify, you need to share the Case SHA1 it gives you in order for me to inspect the files manually.

The majority of "real" ransomware require you to go to a Tor site, so that isn't "odd" at all. It's how the criminals stay anonymous and make it harder to track them down.

Edited by Demonslay335, 23 January 2017 - 12:38 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,750 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 26 January 2017 - 06:40 AM

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users