Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What is being done to catch them and help with .adfc files

  • Please log in to reply
3 replies to this topic

#1 chrisdevelop


  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 23 January 2017 - 02:21 PM

With ransom being asked i might be wrong but im assuming that those infected are reporting to their own police, After all its a criminal offence in any country.


Does anyone have any update on what the police are doing about it to bring the criminals to justice and lock them away.


Also my friend has had his laptop infected with ransomware called README.HDA  which has encrypted all his files to .adfc this includes word documents etc.


Does anyone know of any software that can revert back the files to their original.  I have been through and removed all traces of the readme.hda but its now time to try to revert back the files to their original format .doc .xml etc


Can anyone help please.


Thank you

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 23 January 2017 - 02:47 PM

Law enforcement is doing what they can, but it isn't always that simple. Sometimes servers are seized, but the perps are not always caught unfortunately. There has been great strides with the NoMoreRansom and other initiatives.


I haven't heard of a ransomware with that extension or that ransom note filename, nor has there been any uploaded to ID Ransomware. Could you share a few encrypted files and a ransom note? Are you sure it isn't README.HTA? That would be Cerber, which does use a random 4-character extension per victim.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 chrisdevelop

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:59 PM

Posted 26 January 2017 - 05:56 AM

It was a readme.hta file that started this, but it has changed all file extentions to .adfc  how can i send some encrypted files i dont want anything to infect this or your pc


readme.hta was all over the place when i got rid of all these from his pc i think i was up to 2,759 readme.hta fiels in total.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,886 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 PM

Posted 26 January 2017 - 06:19 AM

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users