Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware\backdoor attack after reformatting


  • Please log in to reply
11 replies to this topic

#1 DannyBoyRP

DannyBoyRP

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 04:48 PM

Hey! I just reformatted my PC two days ago and today I got backdoor attacked, my computer is compromised, I need help to prevent it from happening on the next install, scanning my computer right now is nearly as very dangerous since most of the scans I would have to perfom would be in normal boot where the ransomeware is active.

 

So short long story,

 

Two years ago I was infected with a Bitcoin Miner that used to launch wscript executes, it was very hard to remove and I had to reformat my computer, I saved all my documents, pictures, photoshop files, adobe flash files and Sai Paint Tool files, I made sure not to leave any trace of zip\exe files (all though dll files can be infected too but I didnt have any of them to execute by another program)

The only files I could execute is my artwork and adobe files, and pictures i guess

I backed up all of these files on a spare clean HDD that i made sure to reformat, I scanned the HDD, no viruses.

I havent used the HDD for two years not until two days ago

 

My previous operating system, which was windows 10 was questionably infected so I backed up my files and formatted the PC two days ago

 

Two days ago I have installed a clean fresh new Windows 10 OS, plugged in all of my backup data, but from 2 years ago and from the previous operating system

Every program, soooome pirated files (i know i know.. but they are not all swarm with viruses..) that i made sure to scan with malwarebytes, defender and virus total since I wanted to be super careful and careful and now allow anything dangerous to get injected into my pc, even if i got a false positive on a program, I would not install it or execute it.

 

Today a hour ago my malwarebytes started popping out malicious traffic, it's domain was 3.winsrw.com 4.winsrw.com...etc

Windows Defender jumped in at the same moment, notifying me about the Clavir.d!cl virus, I couldnt get much any information about it on google

I opened my task manager and went to startup, and theres a new loggon called Qatuvdz, couldnt find any information about it either, but heres a screenshot + location 

 

tumblr_oq0k10uD8c1rbrh4ro1_1280.png

 

Windows Defender was trying to delete the virus, but it only comes back instead, I immediately disconnected from the internet, started browsing the Event Viewer and apparently for the past hour, there were new registry changes, new user creations and privilege creations, loggon edits and etc

 

Before I deleted the virus file, I uploaded it to virus total: https://www.virustotal.com/en/file/5f7556de1fd33558baa96adc953eea1c15353c7f73c60f16354efab6b288fac9/analysis/1494869968/

 

 Im in Safe mode, backing up my files, my computer is totally compromised.

I have so many questions, I dont want to trigger it again and let it consume my computer!

 

Q. what is this virus? any ideas?

Q. How do I find out what triggered the virus? how do I know what brought the virus to live, anything could bring it to live!

Q. Could my back up data, like music, sai. fla. swf. png.psd.pdf.txt. files be infected or are in risk of being encrypted and dangerous? 

Q. What other stuff should I do to prevent the virus from coming back? is there any ideas? I tried looking up articles outside the forum and inside the forum and I couldnt find anything too personal, could I get a personal opinion?  

Q. I am using chrome, creative cloud, archive programs like winrar and 7z and other programs, am I in risk of getting infected again next time from logging in? could I also get infected from logging into my microsoft account on my windows?

Q. could my boot be infected?

 

I just dont want it to happen again :((



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 May 2017 - 05:52 PM


Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes 3.0, HitmanPro and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

Note: Disinfection will not help with decryption of any files affected by the ransomware.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic. If not, at least you know doing that is an option available to you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 06:01 PM

okay I give up im gonna ask for assistance on malwarebytes, thank you



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 May 2017 - 06:05 PM

We can assist you here....just follow the instructions in the Malware Removal and Log Section Preparation Guide. Our experts will need to examine a FRST log. They do the same at Malwarebytes and other security forums.

Prevention steps are generally discussed after the malware has been cleaned up.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 06:12 PM

But I do not intend removing the malware, I cant even can run FRST in Safe Mode, but only in normal bot wheres the windows is active

i dont feel like anything i ever type here ever has any attention paid to it, I dont believe it, maybe its my fault, I appreciate that all of you do your work as the admins\assitants and try to provide a response, but I dont think it works well with my issues, I think I would find better luck in the malwarebytes forum

thank you for your assistance and help

you can lock this thread or even ban me idk man 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 May 2017 - 06:21 PM

Sorry to hear that you feel you are not being paid attention to. I see that JSntgRvr previously had been assisting you for several days with malware infection and you indicated to him the issue was resolved in this topic.

JSntgRvr's last reply two days ago was for you to send him a PM if the issue was not resolved and that topic would be reopened so he could continue assisting you. I suggest you do that instead of starting a new topic as I previously suggested.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 06:40 PM

I considered that, but I have a new operating system and non of the scans or situations that happened in the post are linked with the operating system I hjave right now, so I assumed one way or another I should have make a new topic where it belongs to

No hard feelings, but I did get assistance, but I felt like a lot of the things I would mention would be questioned or not put for consideration later on, I did get attention since I did get response from the experts, but it didnt felt like it personalized to my situation, it felt like it was more about just asking me to scan my computer, review the logs and send me fix logs and no further than that, maybe I am not supposed to get any personal attention here, I dont know know if its acceptable here or in any support forums

I have had much more personnal support on Malwarebytes so I am gonna try my best there, if not, I guess I would be on my own then and gamble on my own knowledge since the times when I ask assitance on forums is when im severely lost, I know a lot about computers and I have a life experience with computers, but my only weakness is fiddling with the registry, knowing the many viruses, system files and some other sensitive deep computer stuff, which the only thing I can rely on from experts online who are more knoweldge about these kind on stuff, but i had made topics here before from other usernames, and now and the assitance I got is close to what I do before I open a topic online, I read my own logs and fix the only stuff i can trust deleting unless they are registry stuff.

Maybe I came here expecting getting very personal and technical help that is more than doing scans, beyond what the experts here are suppose to provide

If so I am gonna try my luck in other places, if not, I'll have to rely on myself

 

You can close the topic



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 May 2017 - 06:55 PM

Again I am sorry to hear that but I certainly wish you the best of luck and you are always welcome back here.

BTW...you may want to read Post #2 in this topic for the best defensive strategy to protect yourself from malware and ransomware (crypto malware) and a list of prevention tools.

Also in regards to backing up...the safest practice is not to backup any executable files (*.exe), screensavers (*.scr), (*.pdf), dynamic link library (*.dll), .ini, .bat, .com, .cmd, .msi, .pif, or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding the file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name.If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.IMPORTANT!!! When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; remove (disconnect) and isolate all backups from the network or home computer...if not, you risk ransomware infecting them when it strikes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 07:32 PM

Thank you! thats very helpful! I hope neither of my other files are dangerous, especially the FLA ones since Flash can be malicious?

I ran RansomNoteCleaner and I have found out on a lot of CryLocker entries (and another two lockers??)  

 

 

C:\Users\ExtraDanny\Desktop\cemu_1.7.5\shaderCache\info.txt

C:\Program Files\Adobe\Adobe Animate CC 2017\en_US\First Run\filelist.txt
C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.15063.0_none_13cc520b866eaf57\localNgc.html
C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.15063.168_none_97bc5428b3fcb54e\localNgc.html
C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.15063.0_en-us_fe46b97cd5499762\dnserror.html
C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.15063.0_en-us_fe46b97cd5499762\needhvsi.html
C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.15063.0_en-us_fe46b97cd5499762\pdferror.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\dnserror.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\needhvsi.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\pdferror.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.296_none_a6192b58569657ce\dnserror.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.296_none_a6192b58569657ce\needhvsi.html
C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.296_none_a6192b58569657ce\pdferror.html
C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\localNgc.html
C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\www\undoredo.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\dnserror.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\needhvsi.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\pdferror.html
C:\Program Files\Adobe\Adobe Animate CC 2017\en_US\First Run\HTML\ImageMap.html
C:\Program Files\Adobe\Adobe Media Encoder CC 2017\CEP\extensions\com.adobe.DesignLibraries.angular.2015.1\purchase.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\CEP\extensions\com.adobe.DesignLibraries.angular.2015.1\purchase.html
C:\Program Files (x86)\Common Files\Adobe\CEP\extensions\CC_LIBRARIES_PANEL_EXTENSION_2_6_64\purchase.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\en-US\assets\ErrorPages\dnserror.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\en-US\assets\ErrorPages\needhvsi.html
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\en-US\assets\ErrorPages\pdferror.html
C:\Program Files\Adobe\Adobe Animate CC 2017\Common\Configuration\Extensions\CCLibraries\purchase.html
C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\extensions\com.adobe.DesignLibraryPanel.html\purchase.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ar_AE\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ar_SA\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\az_AZ\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\be_BY\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\bg_BG\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ca_ES\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\cs_CZ\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\da_DK\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\de_DE\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\el_GR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\en_GB\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\en_US\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\en_XC\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\en_XM\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\es_ES\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\es_LA\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\et_EE\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\fi_FI\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\fr_CA\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\fr_FR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\fr_XM\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\he_IL\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\hi_IN\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\hr_HR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\hu_HU\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\is_IS\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\it_IT\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ja_JP\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\kk_KZ\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ko_KR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\lt_LT\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\lv_LV\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\mk_MK\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\nb_NO\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\nl_NL\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\nn_NO\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\no_NO\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\pl_PL\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\pt_BR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\pt_PT\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ro_RO\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\ru_RU\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sh_YU\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sk_SK\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sl_SI\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sq_AL\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sr_YU\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\sv_SE\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\th_TH\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\tr_TR\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\uk_UA\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\vi_VN\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\zh_CN\install2.html
C:\Program Files\Adobe\Adobe Premiere Pro CC 2017\resource\adobe_epic\eula\zh_TW\install2.html
C:\Program Files\Adobe\Adobe Animate CC 2017\en_US\First Run\Publish\WebGL\template\template.html
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\Resources\panels\CC_LIBRARIES_PANEL_EXTENSION_2_6_64\Contents\purchase.html
C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\extensions\com.adobe.photoshop.crema\PSPanel\templates\helpText.html
C:\Program Files\Common Files\Adobe\Plug-Ins\CC\Generator\previewHD.generate\node_modules\later\coverage.html
C:\Users\ExtraDanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.12.1_0\settings.html
C:\Users\ExtraDanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6017.515.0.0_0\feedback.html
 

 

 

I better make a new creative cloud account so neither of my stuff would sync, I have no purchases on my account right now so I would lose nothing from never ever using it again, haha!

 

Thank you! I have made sure to clear my backup drive files from any suspicious extensions!

I should try and be cautios from syncing other accounts, woof



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 May 2017 - 07:55 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 DannyBoyRP

DannyBoyRP
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 May 2017 - 10:36 PM

I reinstalled windows again 

I made an offline account 

Visited only reddit, Facebook, tumblr, Twitter, Google, YouTube, bleeping computers, deviantart, amd site, virus total, Microsoft website, deluge, obs

 

Programs I had installed :

Clip studio, chrome (unsynced), winrar, vlc, Wacom drivers, malwareytes, steam, amd grqphic drivers, discord, obs Studio

 

I don't have my backup hdd hooked up, i didn't bring any files from the previous OS 

 

I have fired up ransomNoteCleaner and it already found 18 crylocker enteries 

 

How could this happen? 



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 16 May 2017 - 05:57 AM

You may want to check with Demonslay335, the creator of RansomNoteCleaner...you could be dealing with false positive detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users