PDA

View Full Version : think its a ransome



notanotherone
07-12-2015, 10:55 PM
ok i was loking for igo8 maps and i downloaded what i thot was a new setup ,ive had to turn my computer off cause i dont know how to cure it ,ive run malwarebytes and a few 9thers but cant seem to get rid of it ,i keep getting this file in my pictures and other things ,it starts hell your files have been decryted ,to encrypt them send an email to .......... and so on and on ,it ends if your not prepared to pay dont send an email ,i assume its a ransomeware hack ? i tried a removal tool but didnt change anything

berley
07-12-2015, 11:25 PM
Just admit it, you've been on the dodgy pron sites again pmsl

fergalsworld
07-12-2015, 11:27 PM
Did you boot into safe mode before running a threat scan in malwarebytes?

Also try a system restore

and have a read of this



To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts. ge=0

alanjg007
08-12-2015, 12:24 AM
...if its a scam it'll be cleaned but if its true....do you really have much on pc that you will miss? I mean we have external enclosure and cloud software for mostly everything. Wipe the drive and start again!

notanotherone
08-12-2015, 01:02 AM
yep i tried a system restore , also tried running malware bytes in safe mode it found nothing ,its mostly my pictures i cant see every time i open my photo files it has a document in there with what i said ,yes i coukd wipe it but its my photos i want ,its affected 2 external hard drives

Reddevil
08-12-2015, 11:09 AM
its a virus you been hacked hear about this before, best cure factory reset

another tip is dont download from dodgy sites, this is where they get into your pc

Gazer
08-12-2015, 11:25 AM
Take the hard drive out and run it as a slave on another pc if you can, then do a virus check on it, you should find it then .....this is what I did on my dads a couple of years ago when it happened to him, been ok since then for him.....did a post on here about it some where.

dx100-uk
08-12-2015, 02:02 PM
on another PC go download and then run combofix [from the bleepingcomputersite from the penstick
in safe mode

notanotherone
08-12-2015, 11:41 PM
ok im not 100 % certain but seems to have removed it thanks dx100-uk ,the only problem is that the dam thing changed or corrupted my photos on my extrnal hard drives also all my music wont play ,on my photos side it says the file cant be opened it may be corrupted or changed and photo programe needs to be updated ,but its all up to date ,iit mite stil,be around ,i also tried trend micro wnd malware bytes , but they both found nothing after i ran combofix ,but i cant seem to run it on my external hard drives as its seems to be a command programme im so pissed off with this dam thing

billy149uk
09-12-2015, 12:31 AM
Try recovering all your files.Install attached program on another pc and use Gazer method to scan for your files.I had a 3TB hard drive with lots of old movies on it and I was locked out of it I scanned drive using my laptop and a drive caddy.I recovered every movie on it which was aprox 2.5TB.
13257

dx100-uk
09-12-2015, 12:43 AM
the usual dodge is it renames the files to all .exe.jpg or .exe.mp3

turn on show known extensions in windows explorer.

or just check the extension ,jpg etc is correct for the file type.

dx

notanotherone
10-12-2015, 04:39 PM
ok found this, its changed my pictures and all my music with this extention 73I87A File (.73i87A) ive run trend micro trend anit threat software and nothing has been found now ,done it on all my stuff ,just the extention files have been changed

alanjg007
10-12-2015, 06:03 PM
try this m8

http://www.pandasecurity.com/uk/support/card?Id=1677

notanotherone
11-12-2015, 01:51 PM
nope this didnt do anything ,it said there was files found that were changed lol

alanjg007
11-12-2015, 07:30 PM
nope this didnt do anything ,it said there was files found that were changed lol


did you try looking in the c: drive as it did mention that the changed files would be put on the c: It does not delete the originals. just renames them on the c;drive. i think, that my undertanding of it.

notanotherone
11-12-2015, 07:43 PM
yea i looked every where as i said it ran np but it didnt fint find anything wrong it says it can take several hours,but was finished in minutes,i could see it checking my c drive and my other 2 external drices which are k and b but nothing wrong on anything ,as i said ive managed to get rid of ransome and everthing is clear of it ,i had put some pictures on from a pen drivevand there still ok ,i checked the properties of them and as i said they are just jpg files as i said every thing has been chaged to73I87A and i cant change that

alanjg007
12-12-2015, 01:03 AM
could you not batch change them to jpg? It could be a lame attempt to pretend to be an encryption virus. Just renames them to something obscure. try one file and rename it to .jpg. i do this quickly by opening winrar. and naviagting to the file and hit rename. JUst rename the bit after the file name. Sure there are better programs, but for our test winrar will do.

notanotherone
12-12-2015, 02:17 PM
ok tried that it didnt work ,dont get me wrong it changed it to jpg file but didnt show , im just wondering ,you posted a file recovery tool before to me would that work???

alanjg007
12-12-2015, 02:52 PM
ok tried that it didnt work ,dont get me wrong it changed it to jpg file but didnt show , im just wondering ,you posted a file recovery tool before to me would that work???


if its encrypted, no a file recovery thing wont work but at this moment in time you have nothing to lose? I'd give it a go and I hope i'm wrong when i say that my understanding of the the ransomware issue is that they encrypt the data, probably 128/256 bit and no normal way to unencrypt without the original key!

My suggestion above was if the virus was a cheats ransomware where they pretended to encrypt the data.

If you've taken photos with your phone you might find that they have been backed up online somewhere. This might not get them all back but some?

digdug
12-12-2015, 08:15 PM
You could try to view one of the files with a hex editor and see if its still an image or if its been encrypted. Viewing the files header should give you a better clue on how to fix

notanotherone
13-12-2015, 04:11 PM
ok found about 95% of my pictures on an old iphone plus an ipod theres about 5% of important pictures i can find the music i can get back np but im going to have to live with that ,im thinking of doing a fresh install of both hdd and computer , question is there a way i can save my book marks from fire fox?

berley
13-12-2015, 04:26 PM
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Spinifex
14-12-2015, 03:19 PM
sorry to hear you got ransomed nao....

only thing i can ever tell people is never run any exe file unless you know its from a trusted site.
for example do not think that just because say nod32 says its nod32 from a torrent site is actrually untampered with because 9 times out of ten it has been modded with allsorts.
stick with the proper sites and run nothing exe wise!

music you can live with losing but pics not really but ive lost valuable photos myself and that person is deceased but its a learning curve!

only option without paying is to bite the bullet and lose the lot mate, besides we dont pay and even if you did they could just keep your money and do nothing at all why should they? they are scammers anyway lol