Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Ransomware  (Read 101650 times)

0 Members and 1 Guest are viewing this topic.

abteen

    Topic Starter


    Greenhorn

    • Experience: Experienced
    • OS: Windows 2000
    Ransomware
    « on: January 14, 2021, 01:38:46 PM »
    Hi… A few days ago, the extension .omfl was added to exactly half of my hard drive data. None of my files have been added and none of them can be used.I did a little search on the internet and found that my computer was infected with stop / djvu ransomware.What should I do to remove it… Thanks.

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Ransomware
    « Reply #1 on: January 14, 2021, 04:17:56 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
    Unfortunately, there is no way to recover your files once they are encrypted and you should not pay any ransom. If you haven't received any warning that you will need to pay a ransom we can try removeing it.

    Download and install: Please download Malwarebytes' scanner to your desktop.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)

    *********************************************

    Please download AdwareCleaner onto your Desktop. AdwCleaner

    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.

    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.

    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    Windows 8 and Windows 10 dual boot with two SSD's

    abteen

      Topic Starter


      Greenhorn

      • Experience: Experienced
      • OS: Windows 2000
      Re: Ransomware
      « Reply #2 on: January 15, 2021, 05:02:25 AM »
      Thanks for your reply .... I scanned with malwarebytes a few days ago ... I will send the log file at that time

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Ransomware
      « Reply #3 on: January 16, 2021, 04:04:09 PM »
      Please run MBAM again to see if anything turns up. Are you still seeing those file extensions?
      Windows 8 and Windows 10 dual boot with two SSD's

      abteen

        Topic Starter


        Greenhorn

        • Experience: Experienced
        • OS: Windows 2000
        Re: Ransomware
        « Reply #4 on: January 17, 2021, 05:27:38 AM »
        Yes, they are.....

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Ransomware
        « Reply #5 on: January 17, 2021, 03:42:04 PM »
        Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

        Please run MBAM again and, this time, clean the infections.
        Windows 8 and Windows 10 dual boot with two SSD's

        abteen

          Topic Starter


          Greenhorn

          • Experience: Experienced
          • OS: Windows 2000
          Re: Ransomware
          « Reply #6 on: January 18, 2021, 06:30:59 AM »
          Malwarebytes
          www.malwarebytes.com

          -Log Details-
          Scan Date: 1/18/21
          Scan Time: 4:22 PM
          Log File: fdc84324-598b-11eb-8e42-00ffbbbfe8b0.json

          -Software Information-
          Version: 4.3.0.98
          Components Version: 1.0.1130
          Update Package Version: 1.0.35781
          License: Free

          -System Information-
          OS: Windows 7 Service Pack 1
          CPU: x86
          File System: NTFS
          User: saeed-PC\saeedp

          -Scan Summary-
          Scan Type: Threat Scan
          Scan Initiated By: Manual
          Result: Completed
          Objects Scanned: 261237
          Threats Detected: 3
          Threats Quarantined: 3
          Time Elapsed: 29 min, 5 sec

          -Scan Options-
          Memory: Enabled
          Startup: Enabled
          Filesystem: Enabled
          Archives: Enabled
          Rootkits: Disabled
          Heuristics: Enabled
          PUP: Detect
          PUM: Detect

          -Scan Details-
          Process: 1
          Malware.AI.838468044, C:\USERS\SAEED\DESKTOP\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER.EXE, Quarantined, 1000000, 0, , , , , BBF5D286E762F2E4F7266EFC5DD49BEF, CD9B7A95A08294DFF29FC69F6DAB6DE88085A49 6EC1FDE5B4DE0038934CEA271

          Module: 1
          Malware.AI.838468044, C:\USERS\SAEED\DESKTOP\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER.EXE, Quarantined, 1000000, 0, , , , , BBF5D286E762F2E4F7266EFC5DD49BEF, CD9B7A95A08294DFF29FC69F6DAB6DE88085A49 6EC1FDE5B4DE0038934CEA271

          Registry Key: 0
          (No malicious items detected)

          Registry Value: 0
          (No malicious items detected)

          Registry Data: 0
          (No malicious items detected)

          Data Stream: 0
          (No malicious items detected)

          Folder: 0
          (No malicious items detected)

          File: 1
          Malware.AI.838468044, C:\USERS\SAEED\DESKTOP\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER\GTA-SA CRAZY TRAINER.EXE, Delete-on-Reboot, 1000000, 0, 1.0.35781, 9ED069BFE2634E1E31FA01CC, dds, 01073385, BBF5D286E762F2E4F7266EFC5DD49BEF, CD9B7A95A08294DFF29FC69F6DAB6DE88085A49 6EC1FDE5B4DE0038934CEA271

          Physical Sector: 0
          (No malicious items detected)

          WMI: 0
          (No malicious items detected)


          (end)

          abteen

            Topic Starter


            Greenhorn

            • Experience: Experienced
            • OS: Windows 2000
            Re: Ransomware
            « Reply #7 on: February 06, 2021, 06:18:07 AM »
            Is there no one؟؟ >:( >:(

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Ransomware
            « Reply #8 on: February 06, 2021, 04:16:17 PM »
            Sorry, I check the forums everyday but I must have missed yours. Are you still seeing the extensions?
            Windows 8 and Windows 10 dual boot with two SSD's

            abteen

              Topic Starter


              Greenhorn

              • Experience: Experienced
              • OS: Windows 2000
              Re: Ransomware
              « Reply #9 on: February 08, 2021, 01:33:21 PM »
              Yes they are...

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Ransomware
              « Reply #10 on: February 08, 2021, 04:22:17 PM »
              Please follow the directions contained in this link Take your time and ensure that you follow the directions as listed and report your results.
              Windows 8 and Windows 10 dual boot with two SSD's