Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


RansomFree keeps stopping unknown ransomware but deleted files keep reappearing.

  • Please log in to reply
1 reply to this topic

#1 halfdeaded


  • Members
  • 14 posts
  • Gender:Male
  • Location:Southern California
  • Local time:05:02 PM

Posted 20 October 2017 - 01:00 AM

Never mind. Just read that it's the way that RansomFree catches ransomware. I found the information I was looking for here:




Installed cybereason RansomFree a few months ago after roommates computer was corrupted & repaired.


Going thru my computer a couple of days ago, I found 2 unknown file folders in Documents named Bfound142 & Hlogs181. There were 6 files inside with different file types.

I checked properties and found they were created that day, a couple hours earlier when I was working out in the yard, so I deleted them.


30 Seconds later, they were back, with different names; Bimages117 & Hscans163. I tried to delete them, but nothing happened. So I used Unlocker to delete them & it did.

Just after that, RansomFree warning window opened warning that Windows Explorer might be trying to encrypt files and process was suspended. It was asking to stop or allow.

I clicked the stop button and RansomFree confirmation window opened stating it had stopped the threat.


30 Seconds later, they were back again, with different names; Bdocuments215 & Hlogs193.

Notice the 1st folder starts with "B" and the 2nd folder starts with "H" and they also end numerically. It happens every time the files are deleted.


RansomFree opens every time the files are deleted, keeping some of the files in their own directory on the desktop.

Here are some of the file names:



client begun aboard commerce.docx

doc matrix senior.pem



So I know ransomware is on my computer somewhere.


Hopefully somebody can help me out with this latest problem.


Thank You in advance for any thoughts or suggestions...ed

Edited by halfdeaded, 20 October 2017 - 01:17 AM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,889 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:02 PM

Posted 20 October 2017 - 08:10 AM

Glad you were able to find the other topic which explains what you were dealing with.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users