Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware detect


  • Please log in to reply
2 replies to this topic

#1 casillaMal

casillaMal

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 April 2018 - 01:52 AM

Hi to every one

how can i detect the ransomware source file in my system(windows)?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:06 PM

Posted 15 April 2018 - 06:31 AM

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Emsisoft Anti-Malware, Malwarebytes 3.0, Zemana AntiMalware, RogueKiller Anti-malware and HitmanPro. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan.

However, keep in mind that most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed.

Do you know what ransomware infected your system? If not, you can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files, whether it is decryptable and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Amigo-A

Amigo-A

  • Members
  • 507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:07:06 AM

Posted 15 April 2018 - 11:38 AM

casillaMal
 
Try find them with the following manual method. 
 
These are possible paths of their location in Windows. 
AppData is a hidden directory. You must first enable display of hidden files.
 
Only DO NOT CLICK THESE FILES to see what is it !!! 
The collected files must be submitted to specialists.
Use a special form for sending malware on the BleepingComputer.
 
%APPDATA% - Application Data files
➤ Windows Vista/7/8:
Disk:\Users\User_Name\AppData\Local\ =>
Disk:\Users\User_Name\AppData\Roaming\ =>
➤ Windows NT/2000/XP: 
Disk:\Documents and Settings\User_Name\Application Data\ =>
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\ =>
---
%TEMP% - Temporary files
%WinDir%\Temp\ =>
Disk:\Windows\Temp\ =>
%TEMP%\<random_name>\ 
%TEMP%\<random_name>.tmp\ 
%TEMP%\<random_name>.tmp\<random_name>\ 
Disk:\Users\User_Name\AppData\Local\Temp\ =>
Disk:\Users\User_Name\AppData\LocalLow\Temp\ =>
---
%WinDir% - Windows files
Disk:\Windows\ =>
Disk:\Windows\system32\ =>
---
Program files
Disk:\Program Files\ =>
Disk:\Program Files (x86)\ =>
Disk:\ProgramData\ =>
Disk:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ =>
---
Users files
Disk:\Users\User_Name\Desktop\ =>
Disk:\Users\User_Name\Documents\  =>
Disk:\Users\User_Name\Documents\Downloads\ =>
Disk:\Users\User_Name\Downloads\ =>
---
Recycler files
Disk:\Recycler\              
Disk:\$RECYCLE.BIN\   
Disk:\$RECYCLE.BIN\s-1-5-21-**********-***********-**********-1000   
---
Temporary Internet Files of Internet Explorer: 
➤ Windows Vista/7/8:
Disk:\Users\User_Name\Local\Microsoft\Windows\Temporary Internet Files\
Disk:\Users\User_Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
Disk:\Users\User_Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\<random_name>\ (a-z, 0-9)
➤ Windows NT/2000/XP: 
Disk:\Documents and Settings\User_Name\Local Settings\Temporary Internet Files\ 
---
Temporary Internet Files of Google Chrome и Chromium:
➤ Windows 8, 7 или Vista
Google Chrome: 
Disk:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\
Chromium: 
Disk:\Users\User_Name\AppData\Local\Chromium\User Data\Default\
➤ Windows XP:
Google Chrome: 
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\Google\Chrome\User Data\Default\
Chromium: 
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\Chromium\User Data\Default\
---
Temporary Internet Files of Opera:
➤ Windows 8, 7:
Disk:\Users\User_Name\AppData\Local\Opera Software\Opera Stable\
Disk:\Users\User_Name\Roaming\Opera Software\Opera Stable\
---
Temporary Internet Files of Firefox:
➤ Windows 8, 7:
Disk:\Users\User_Name\AppData\Roaming\Mozilla\Firefox\Profiles\
---
Temporary Internet Files of Microsoft Edge
Disk:\Users\User_Name\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users