Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


ransomware detect

  • Please log in to reply
2 replies to this topic

#1 casillaMal


  • Members
  • 1 posts
  • Local time:07:50 AM

Posted 15 April 2018 - 01:52 AM

Hi to every one

how can i detect the ransomware source file in my system(windows)?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,744 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:20 AM

Posted 15 April 2018 - 06:31 AM

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Emsisoft Anti-Malware, Malwarebytes 3.0, Zemana AntiMalware, RogueKiller Anti-malware and HitmanPro. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan.

However, keep in mind that most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed.

Do you know what ransomware infected your system? If not, you can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files, whether it is decryptable and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. Any contact email addresses or hyperlinks provided by the criminals may also be helpful with identification.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Amigo-A


  • Members
  • 583 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:20 AM

Posted 15 April 2018 - 11:38 AM

Try find them with the following manual method. 
These are possible paths of their location in Windows. 
AppData is a hidden directory. You must first enable display of hidden files.
Only DO NOT CLICK THESE FILES to see what is it !!! 
The collected files must be submitted to specialists.
Use a special form for sending malware on the BleepingComputer.
%APPDATA% - Application Data files
➤ Windows Vista/7/8:
Disk:\Users\User_Name\AppData\Local\ =>
Disk:\Users\User_Name\AppData\Roaming\ =>
➤ Windows NT/2000/XP: 
Disk:\Documents and Settings\User_Name\Application Data\ =>
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\ =>
%TEMP% - Temporary files
%WinDir%\Temp\ =>
Disk:\Windows\Temp\ =>
Disk:\Users\User_Name\AppData\Local\Temp\ =>
Disk:\Users\User_Name\AppData\LocalLow\Temp\ =>
%WinDir% - Windows files
Disk:\Windows\ =>
Disk:\Windows\system32\ =>
Program files
Disk:\Program Files\ =>
Disk:\Program Files (x86)\ =>
Disk:\ProgramData\ =>
Disk:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ =>
Users files
Disk:\Users\User_Name\Desktop\ =>
Disk:\Users\User_Name\Documents\  =>
Disk:\Users\User_Name\Documents\Downloads\ =>
Disk:\Users\User_Name\Downloads\ =>
Recycler files
Temporary Internet Files of Internet Explorer: 
➤ Windows Vista/7/8:
Disk:\Users\User_Name\Local\Microsoft\Windows\Temporary Internet Files\
Disk:\Users\User_Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
Disk:\Users\User_Name\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\<random_name>\ (a-z, 0-9)
➤ Windows NT/2000/XP: 
Disk:\Documents and Settings\User_Name\Local Settings\Temporary Internet Files\ 
Temporary Internet Files of Google Chrome и Chromium:
➤ Windows 8, 7 или Vista
Google Chrome: 
Disk:\Users\User_Name\AppData\Local\Google\Chrome\User Data\Default\
Disk:\Users\User_Name\AppData\Local\Chromium\User Data\Default\
➤ Windows XP:
Google Chrome: 
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\Google\Chrome\User Data\Default\
Disk:\Documents and Settings\User_Name\Local Settings\Application Data\Chromium\User Data\Default\
Temporary Internet Files of Opera:
➤ Windows 8, 7:
Disk:\Users\User_Name\AppData\Local\Opera Software\Opera Stable\
Disk:\Users\User_Name\Roaming\Opera Software\Opera Stable\
Temporary Internet Files of Firefox:
➤ Windows 8, 7:
Temporary Internet Files of Microsoft Edge

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users