Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Question about [email protected]  (Read 1694 times)

0 Members and 1 Guest are viewing this topic.

Calsey

    Topic Starter


    Newbie

    • Experience: Beginner
    • OS: Windows 10
    Question about [email protected]
    « on: September 23, 2020, 02:32:52 PM »
    Hey, new here, so im sorry if Im not clear about what happened. So today I downloaded a file form a sketchy website and I noticed that my pc suddenly started to struggle, it kept freezing and unfreezing over and over, command prompt would get randomly opened and then almost immediately closed out of nowhere. I decided to run a full malwerebytes scan, and it said that it detected over 400 infected files. I quarantined them all, but I noticed that the file that I download by accident that caused all of this in the first place (I think it was called scrnsnap) still remained untuchead, so I decided to take my chance and just delete it the easy way. After I've done that, I noticed that my pc started going crazy, I couldn't open anything no apps, no photos, no files, just my browser. I've decided to do a factory reset as fast as I could to limitate the damage, but I noticed that I couldn't even go to windows settings to run a factory reset (in the end I managed to do it from the log in screen). So, everything went fine, pc was running like new, everything worked perfectly, I ran full malwarebytes scan again, detected nothing. I got all of my personal files back, installed a few necessary apps. But then, I noticed some weird .txt files ''read me'' that were scattered across my C and D disks. All of them said this:

    ATTENTION!



    Don't worry, you can return all your files!

    All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

    The only method of recovering files is to purchase decrypt tool and unique key for you.

    This software will decrypt all your encrypted files.

    What guarantees you have?

    You can send one of your encrypted file from your PC and we decrypt it for free.

    But we can decrypt only 1 file for free. File must not contain valuable information.

    You can get and look video overview decrypt tool:

    https://we.tl/t-18R6r7GGG8

    Price of private key and decrypt software is $980.

    Discount 50% available if you contact us first 72 hours, that's price for you is $490.

    Please note that you'll never restore your data without payment.

    Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.





    To get this software you need write on our e-mail:

    [email protected]



    Reserve e-mail address to contact us:

    [email protected]



    So, the question: Are those just leftovers of the virus, that was running before the reset? I can acces all of my files without problem and I've read that this is a ransomware, so in theory, most if not all of my files should be decrypted and I shouldn't be able to access them. I've ran scans on multiple AVs, they detect nothing. So, am I fine? I was sure I got rid of this thing, but now im not sure. Thanks.

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1000
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Question about [email protected]
    « Reply #1 on: September 23, 2020, 05:16:04 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    You were very lucky if you did indeed get all your files back. I would say that those text files are left over from the ransomeware.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    Calsey

      Topic Starter


      Newbie

      • Experience: Beginner
      • OS: Windows 10
      Re: Question about [email protected]
      « Reply #2 on: September 24, 2020, 04:49:37 PM »
      Alright. So how can I make sure everything is clear and I indeed got rid of this ransomware?

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1000
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Question about [email protected]
      « Reply #3 on: September 25, 2020, 04:00:36 PM »
      Usually ransomeware is impossible to cure unless you pay the ransom so if you were able to get all your files back you are indeed lucky. A person's computer and files should always be backed up so to prevent something like this.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender