Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found .dll of a ransomware, no sign of activity


  • Please log in to reply
No replies to this topic

#1 one80one

one80one

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 18 May 2017 - 06:29 AM

Hello,

 

I've received a laptop from friend who has some basic experience with computers. "It's slow, I think it has virus." was their reason. After checking it out, it has 5400RPM drive but I did some scans anyway. It has McAfee LiveSafe without active license.

 

MalwareBytes anti-malware found one infection:

Ransom.CryptProject, C:\USERS\[USERNAME]\APPDATA\LOCAL\TEMP\LOW\RAD3A201.TMP.DLL no action [32], [125690],1.0.1954

 

McAfee have been running during MBAM scan, and when MBAM found it, a McAfee window pop out saying that file has been pun into quarantine. Without active licence, I can't do anything in it. Not even look into logs, or quarantine.

 

Nod 32 found 2 PUPs. However even with McAfee disabled, it was causing some issues, so I uninstalled it. Not sure if I deleted them or not.

 

Other than that, it seems to be clean. No sign of ransomware, files doesn't seems to be encrypted, no files saying something about encryption. It seems to be slow because of the HDD instead of virus.

 

Should I give it back to them or do some more scans? 

(if so, can i use [USERNAME] instead of their real username?)



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users