Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer was probably attacked by ransomware but I cant identify the program


  • Please log in to reply
5 replies to this topic

#1 itamarka

itamarka

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 23 July 2017 - 03:00 AM

Hi

I have a computer with windows 7 installed.

2 weeks ago I found out that I cannot find open many word,powerpoint ,txt pdf and picture files.

Some files are still readable.There was no ransomware message.
I might have stopped the process unknowingly. I remember killing a unknown process around that date. 

All files were changed on the 29/6/2017 & 30/6/2017.

No I have a bunch of files that I cannot read.

I have loaded a few examples to ID Ransomware site but I got a result "Unknown ".

I have tested the HDD with CHKDSK with no problems.

Any Idea who to fix my files and identify the source of the problem ?

Could the reason be not a malware but something else ? 

Thanks 

 

Itamar



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 23 July 2017 - 07:59 AM

Are there any obvious file extensions appended to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different?

The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, any obvious extensions appended to the encrypted files, information related to any email addresses used by the cyber-criminals to request payment and the malware file responsible for the infection.

Without the above information, our crypto malware experts most likely will need a sample of the malware file itself to analyze before anyone can ascertain if the encrypted files can even be decrypted. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:23 AM

Posted 23 July 2017 - 05:31 PM

If ID Ransomware could not identify, we need the SHA1 it provides in order to manually inspect the files. If they do not have a filemarker or extension that was identified, then it will be difficult to identify without the malware or ransom note.

 

It may help to find the malware if you find out how you got infected. Did you open any attachments around that time? Download anything from a website? Have RDP open to the world?


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 itamarka

itamarka
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 24 July 2017 - 12:33 AM

I have no obvious file extensions . All files have the regular file extensions. I am unable to open the files on the same computer or on another computer. with a different windows and Office  versions


I have also submitted a file 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 AM

Posted 24 July 2017 - 05:29 AM

There are several ransomware infections that do not append an obvious extension to the end of encrypted filenames or add a known file pattern (filemarker) which helps to identify it so more information is needed.

As Demonslay335 stated

If ID Ransomware could not identify, we need the SHA1 it provides in order to manually inspect the files.

2016-07-01_0936.png
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 itamarka

itamarka
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 25 July 2017 - 02:31 AM

The SHA1 is 8a4bb3bf8f83f8af9f077ea54427d3cd9171aa26






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users