Ransomeware help

Status
Not open for further replies.
Hello,

I ran the Windows repair following your instructions, here is the scan

I deleted Chrome, using the Revo Uninstaller, which is very nice. I've been using Advanced Uninstaller Pro but Revo looks like it has more options. I reinstalled a fresh Chrome after.

I will see how it is running now and let you know. Next step?

Thank you so much

Mike


Tweaking.com - Windows Repair 2018 (v4.0.15)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.16299.125
OS Service Pack:
Computer Name: NEGROTRES
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\mikef
Current Profile SID: S-1-5-21-2844788878-880486787-4179794426-1001
Current Profile Classes: S-1-5-21-2844788878-880486787-4179794426-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\mikef\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:49

Process Count: 155
Commit Total: 3.84 GB
Commit Limit: 10.82 GB
Commit Peak: 3.92 GB
Handle Count: 56489
Kernel Total: 704.55 MB
Kernel Paged: 423.86 MB
Kernel Non Paged: 280.70 MB
System Cache: 2.29 GB
Thread Count: 2039
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 3.62 GB(45.8374%)
Memory Avail.: 4.28 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 2.86 GB(36.277%)
Memory Avail.: 5.03 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (3/31/2018 4:20:41 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 67

01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (3/31/2018 4:20:44 PM)


Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hku.7z
Done, 0.27 seconds.


Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hklm.7z
Done, 5.83 seconds.

Running Repair Under System Account
Done (3/31/2018 4:22:24 PM)

03 - Reset Service Permissions
Start (3/31/2018 4:22:24 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:23:19 PM)

04 - Register System Files
Start (3/31/2018 4:23:19 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:25:25 PM)

05 - Repair WMI
Start (3/31/2018 4:25:25 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Spybot - Search and Destroy Exported.
Emsisoft Anti-Malware Exported.
Windows Defender Exported.

Exporting AntiSpyware Info...
Spybot - Search and Destroy Exported.
Emsisoft Anti-Malware Exported.
Windows Defender Exported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (3/31/2018 4:28:02 PM)

06 - Repair Windows Firewall
Start (3/31/2018 4:28:02 PM)

Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\services.7z
Done, 0.23 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:28:34 PM)

07 - Repair Internet Explorer
Start (3/31/2018 4:28:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:29:47 PM)

10 - Remove Policies Set By Infections
Start (3/31/2018 4:29:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:03 PM)

17 - Repair CD/DVD Missing/Not Working
Start (3/31/2018 4:30:03 PM)
iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
Done (3/31/2018 4:30:04 PM)

19 - Repair Windows Sidebar/Gadgets
Start (3/31/2018 4:30:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:08 PM)

21 - Repair Windows Snipping Tool
Start (3/31/2018 4:30:08 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (3/31/2018 4:30:10 PM)

26 - Set Windows Services To Default Startup
Skipping Repair.
This repair is currently being updated to support the Windows 10 Fall Update

Cleaning up empty logs...

All Selected Repairs Done.
Done at (3/31/2018 4:30:11 PM)
Total Repair Time: 00:09:31


...YOU MUST RESTART YOUR SYSTEM...
 
a6csRll.png
Malwarebytes Anti-Rootkit Beta
  • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction)
    HTCF1SV.png
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
    UJCQPAS.png
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
    v4lJKL5.png
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
  • Copy/paste the content of that log in your next reply

Post this log when finished and give me an update on how the computer is at the moment.
 
Well I just ran the Malwarebytes scan and it came back clean. Nothing found it said!
So far it seems fine, but I've only been using it for a little bit.

Mike
 
Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SA Log.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
 
Hi,

I ran the RGSA scan. I kept waiting for it to pop up and then I though something was wrong until I noticed the SALog was done and sitting there. :laugh:

I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh. Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha. It's not problem if I get my laptop back working, I can fix settings easy. Especially with all of the help you have been giving me.
Let me know what you think the next step for me is.


Thank you

Mike
 
SALog was done and sitting there
Click to expand...
Did it show anything needed to be updated?

I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh.
Click to expand...
I've had this a couple of times and it boiled down to:
Onboard protection scanning the web site I'm trying to open, I'm trying to use the computer when something is trying to update.
Have you waited to see if it finally opens without having to close it?

Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha.
Click to expand...
I've heard of this. Let me throw some items out there for you to check and see if it applies here

it's possible that you are pressing a key combination that changes the text direction, like Right Ctrl + Right Shift.

mouse. new battery?
swap out mouse?
check the keyboard settings..in the control panel.
Hardware and devices troubleshooter on the device and check fi it helps. Windows 10 has a built-in troubleshooter to check and fix issues with hardware and devices.

settings are back to the factory settings
Click to expand...
Yeah, sorry, kinda had to do that.
Especially with all of the help you have been giving me
Click to expand...
We'll git er done!
 
Hi,

Here is the SALog, I thought I put it in the last post, but I guess I forgot. Seems like everything is up to date except an Adobe program.



Result of Security Analysis by Rocket Grannie (x86) Updated: 24th March, 2018
Running from:F:\Programs (10:45:11 - 04/02/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Spybot - Search and Destroy (Enabled - up to Date)
Emsisoft Anti-Malware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Spybot - Search and Destroy (Enabled - up to Date)
Emsisoft Anti-Malware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.126) ==> is out of Date
Google Chrome (65.0.3325.181)
Malwarebytes (3.4.4.2398)
Mozilla Firefox (59.0.2)
Opera (51.0.28
Spybot - Search & Destroy (2.6.46)
SUPERAntiSpyware (6.0.1244)

***----------------Analysis Complete-------------------------***

I am trying to pay attention when I am typing to see if I am resting my hands on something, or putting pressure on something, but I don't notice anything yet. I am wondering about my mouse since you mentioned it. It is a cheapo mouse and I have a problem with the cursor jumping to someplace else while typing and maybe it is the mouse. I will look at them today and get a new one, it needs to be replaced with something better. Any thoughts on a mouse that is rood but won't make me broke?

I ran the trouble shooter before I started talking with you and it didn't seem to help. Should I try it again?

Let me know and thank you,

Mike
 
I got my last mouse (Logitech wireless) at Walmart, maybe $12.00?
You can run the troubleshooter again but no guarantee it'll work.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/
 
Hi,

I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike
 
MickD said:
Hi,

I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike
Click to expand...
As for more scans to see if anything lingers, I don't think so. I've hit it with the hardest things I know of to try to find something and it just wasn't there.

I can post info on tools you can apply to your computer that will offer help in protection. And your not asking for to much, I want to help you and your wife and especially to remain safe.
I'll post info at the end of this post.

~~
The below will remove tools used and quarantine folders
DelFix

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete    ).
*************


Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like
eF2jhaz.png
UCheck, ]SUMo and
y5YE7At.png
Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware
Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Virus

Anti-Malware
  • Malwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • HitmanPro 3 - Free 30 day trial
  • Zemana AntiMalware - Free 30 day trial

Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.png
    GlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.png
    Windows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.png
    TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Anti-Exploit/Anti-Ransomware

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:
As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

created by Aura
gRvSooB.png
The End!
 
Hi

I wanted to again thank you for all of your help. While setting up my wife's new laptop I deleted everything on my external HD on my laptop, which was everything I had for the last 15yrs. A dumb mistake on my part using the HD to install Windows 10 on her laptop and it reformated and deleted everything, so I am starting from zero now. Her setup is good to go now and I think I will eventually wipe everything from my laptop and start fresh which will hopefully end my security issues. I really learned a lot from you and I am still reading through some of the links you sent. Thank you so much you're really nice.

Mike
 
You know, the best way to ensure safety on the infected computer was to actually reformat it. This also brings to mind the urgent need to make backups to make it all a smoother transition.

If this had happened on mine I would not had hesitated.

We're glad to help.
SakDYGv.gif
 
Glad we could help.
SakDYGv.gif

Since this issue appears resolved ... this Topic is closed.
 
Status
Not open for further replies.
Back
Top