Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, ransom-ware. LOTS of malware. Many issues


  • Please log in to reply
2 replies to this topic

#1 Joecool6969

Joecool6969

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 17 December 2017 - 07:50 PM

I'm Running Windows 8.0 on a Asus MB11 12GB RAM 2 - 1TB HD(s) partitioned into 6 drives

 

-Ransomware found on computer when I noticed weird file names and decoding instrucs (300$)

-Installed Avast, Avast but it couldn't load GUI so I used command line to schedule a boot time scan, which found 4 malicious programs. Moved to chest. Finish boot - Avast still not working. Uninstall.

-Download EEK (Emsisoft)  - Find 4 MORE viri - Quarantined

-Go to ID-Ransomware.com - which points me to and I Download: Amnesia2 decrytor - works - somewhat. ##more details below##

- Unable to go to FRST download page (CAN browse the entire rest of this site, but not the FRST DL page) - closes every window instantly on every attempt from any browser Chrome, Firefox, Safari or Opera.

- No longer have Write, Modify or Full Control access to D: drive and all subfolders with any user Including Admin or SYSTEM. (C: Drive (windows /system drive) not affected.

- An item in the start menu Startup folder (I haven't seen a program use this folder since Win95) -"lgudug.lnk" points to - "iwxuj.ligi", Every attempt to delete the link and the file it points to end up with it reappearing 2 seconds later.

-FYI .ligi is the file extension, my OS doesn't hide extensions.

-Also try "re-aiming" the link to launch another program. The edited link stays edited. But new Program I linked it to doesn't launch and the weird one does.

 

**Next day*

-Now my E: drive is "read only" for all users EXCEPT "Authenticated Users" Group which has Read, List & Write(Can I attach Pics?)

-Am able to download Farbar (FRST) and run it in Safe mode. (still can't open DL page or FRST64.exe without instant shut down in normal mode)

- Now the virus is deleting connections in (Control Panel\Network and Internet\Network Connections) I rebuild WiFi connection 4 times before giving up at "WiFi(4)" I connect to the network, then load a page, and it deletes before the page finishes loading(Most of the page downloads properly, so it is connected)

I am now staying in Safe Mode (with networking) until this issue is resolved!

 

 

## Ransomware issue continued##

-I downloaded "decrypt_Amnesia2.exe" by Fabian Wosar, Version1.0.0.54.

-The decrypter runs for a few minutes, and then stops decrypting. Everything I've tested is decrypted properly and perfectly, however, it just stops after decrypting between 5-15 files. It still shows 60%-100%  processor usage for the decrypt program, but it just stays decrypting the same file for up to 8 hrs. Once I get ^^^^^ those issues fixed, would love to figure out how to tweak this!

 

Thanks for listening guys!!

Links to pics of D: and E: properties showing no control:

https://ibb.co/fSMdH6
https://ibb.co/kC4yH6


Edited by Joecool6969, 17 December 2017 - 09:48 PM.


BC AdBot (Login to Remove)

 


#2 Joecool6969

Joecool6969
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 19 December 2017 - 03:23 PM

I may have gotten this sorted out. The infection anyway. Still need to find a way to change permissions on D: drive. I just erased E: partition to get around that one but D: is way to big for me to backup. So the conundrum is how to change permissions when admin and even system have read only access.

Also the decrypt program is really slow. There needs to be a way for it to learn as it goes? I'm averaging about 20-30 files per day and that's just pictures I can't imagine how long big files will take.



#3 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:03:15 PM

Posted 21 December 2017 - 05:49 AM

amnesia ransomware - Ransomware Help & Tech Support

 

Have a look here. This may be useful to you. It sounds like you're not entirely uninfected yet.

 

You will likely find something in the above topic.

 

Failing that I suggest you post in this Forum: 

 

 

:santa: Have a Merry Christmas and a Happy New Year! :santa:

 

 

Best,

 

 

 

Kilt​   :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users