Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 59

Thread: remove Generic.Ransom.VxLock.E31AD1D6

  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default remove Generic.Ransom.VxLock.E31AD1D6

    How can I remove this virus?

    SS&D ran this automatically today. It shows this virus. I clicked on Fix All selected.

    I then ran SS&D again. This virus was still there.

    ...chris

  2. #2
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default

    Quote Originally Posted by Chris Haslam View Post
    How can I remove this virus?

    SS&D ran this automatically today. It shows this virus. I clicked on Fix All selected.

    I then ran SS&D again. This virus was still there.

    ...chris
    I rebooted.

    Ran SS&D again. E31AD1D6 had gone, but replaced by CB7B23BB

    -----

    My wife's PC has D995041C. She is rebooting.

    ...chris

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,062

    Default

    Hi
    If what you say has been found on your computer, then there isn't much I can do to help out.

    I've located an article about the infection you listed, the names of these infections change very often, as well as the extensions shown to indicate the infection.

    https://www.enigmasoftware.com/vxloc...mware-removal/

    also
    https://www.bleepingcomputer.com/for...-files/page-79


    From here about all I can suggest is to try and attempt to run a couple of scans to find/identify whats on the machine.

    ~~~~~~~~~~~~~~~~~

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed Look over the list of items found, if anything looks legit but has a bad file extension after it's name, uncheck for it to be removed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

    run AdwCleaner by clicking on Scan Now
    when it has finished, Look over the list of items found, if anything looks legit but has a bad file extension after it's name, uncheck for it to be removed, leave everything that was found checked, (ticked), then click on Clean and Repair
    if it asks to reboot, allow the reboot
    on reboot, click on View Log File; please attach the content of the log to your next reply.


    ============================================


    Please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default I have run Anti-malware: no threats found. Report is in this email.

    I downloaded and ran Anti-Malware.
    I told me that the SHA-2 update was missing so I chose to download and run the legacy version.
    The prompts differed from what you listed, e.g. no Dashboard, but I did do a Scan.

    The report is below:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/5/22
    Scan Time: 8:43 PM
    Log File: c751fa40-9cee-11ec-9a80-74d02b282604.json

    -Software Information-
    Version: 4.3.0.98
    Components Version: 1.0.1273
    Update Package Version: 1.0.51929
    License: Trial

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Molly\Chris

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 166852
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 2 min, 37 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    Still need to do AdwCleaner

  5. #5
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default Additional Info re MalwareBytes

    Prompts for Anti-Malware were somewhat different from those you listed.

    I found no choice but to start a 14-day trial of Premium.

    I read in the enigmasoftware.com article that VxLock sometimes masquerades as IE. I almost never ran IE.

    ...chris

  6. #6
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default AdwCleaner log

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.1.0
    # -------------------------------
    # Build: 11-18-2021
    # Database: 2022-02-03.4 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 03-05-2022
    # Duration: 00:00:14
    # OS: Windows 7 Professional
    # Scanned: 32048
    # Detected: 6


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

    I look forward to your further help.

    ...chris

  7. #7
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default

    I recognize none of the registry entries. Perhaps you do.

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,062

    Default

    Quote Originally Posted by Chris Haslam View Post
    I recognize none of the registry entries. Perhaps you do.
    I do and I'm not worried with them, those are removable.

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

    (Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Member
    Join Date
    Jul 2009
    Posts
    95

    Default

    Sorry for the delay in replying. gmail didn't forward your post to my normal email address.

    I downloaded Frabar.[LIST]
    • I downloaded Farbar to the Desktop
    • I right-clicked on FRST.exe and selected Run as administrator
    • Live Protection: SS&D complained: Gen:Variant.Graftor.896249 infection! Spybot has identified and blocked ... C:\Users\...\Desktop\FRST.exe
    • i clicked on Caancel

    What should I do?

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,062

    Default

    yes. and post the 2 logs it will create.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •