The Forum is currently experiencing technical issues which the team are working to resolve. Thank you for your patience.

Nasty Virus

siamese0109
siamese0109 Posts: 355 Forumite
in Techie Stuff
Hi I've picked up a nasty virus and would be grateful for some help with it please. I started following the removal instructions in the stickies but when I started to use Panda I suddenly got another pop-up on my screen - Crytolocker - asking for money to unencrypt my files. Windows Defender has been switched off and although MBAM detects a trojan and removes it it obviously hasn't gone completely! I have all the software mentioned downloaded and ready to go but would appreciate someone walking me through it if anyone has time
«13

Comments

  • closed
    closed Posts: 10,886 Forumite
    edited 6 October 2013 at 6:38PM
    try booting from kaspersky rescue cd

    https://support.kaspersky.com/4162

    you can burn the iso to cd with imgbrn, write image file to disc option

    in future, backup http://www.macrium.com/reflectfree.aspx, then you can undo the damage easily
    !!
    > . !!!! ----> .
  • siamese0109
    siamese0109 Posts: 355 Forumite
    Thankyou..... It's actually still scanning in safe mode...... Over 4 hours later!
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    The malware itself is relatively straightforward to remove using usual methods. The problem is in the encryption of your data. Decryption is nigh on impossible. Do you have backups?
    Unfortunately, once the encryption of the data is complete, decryption is not feasible. To obtain the file specific AES key to decrypt a file, you need the private RSA key corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to restore encrypted files from a backup.
    http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/

    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FCrilock.A

    http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
  • siamese0109
    siamese0109 Posts: 355 Forumite
    To a fashion yes...... Photos and music are all on a hard drive and the important documents are in Drive but there's a lot of other stuff on there that it's annoying to lose! I was really hoping that I would be able to get everything back but having tried to open a couple of documents I can see that's not going to happen! Don't think the virus is cleared either so I'll move on to the next stage tonight but think I'm heading down the road of formatting the whole thing:mad:
  • siamese0109
    siamese0109 Posts: 355 Forumite
    All scans are running as clear but I'm not convinced - the programme is running very slowly and then to cap it all I just tried to post up hijackthis log and my post was blocked :(
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Post me a DDS log - should take 2-3 minutes.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • Click Start
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

    If you cant post it due to the forum bug, let me know and I'll PM you my email address to send me it.
  • siamese0109
    siamese0109 Posts: 355 Forumite
    Thanks - I'll run it now
  • siamese0109
    siamese0109 Posts: 355 Forumite
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 19/06/2010 22:54:17
    System Uptime: 08/10/2013 06:40:44 (2 hours ago)
    .
    Motherboard: LENOVO | | IEL10
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1333/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 143 GiB total, 40.513 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Access Help
    Ad-Aware Antivirus
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.04)
    Agere Systems HDA Modem
    AllShare Framework DMS
    Amazon Kindle
    Amazon Send to Kindle
    Any Video Converter 5.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    Auslogics BoostSpeed
    Auslogics Duplicate File Finder
    Belarc Advisor 8.2
    Belvedere 0.5
    BlackBerry Desktop Software 6.1
    Bonjour
    Broadcom Gigabit Integrated Controller
    calibre
    Camera Center
    CCleaner
    Client Security Solution
    ConvertXtoDVD 4.0.12.327
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DirectDownloader
    Diskeeper Home
    DivX Setup
    Dropbox
    DupeRAZOR 3.2
    Duplicate Cleaner 2.1b
    Emsisoft Anti-Malware
    Evernote v. 4.4.2
    Free YouTube to MP3 Converter version 3.11.37.1212
    Globe Visibility Connection Manager
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    Help Center
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HP USB Disk Storage Format Tool
    ImgBurn
    inSSIDer 2.0
    Integrated Camera
    Intel(R) Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 7 Update 5
    Junk Mail filter update
    K-Lite Codec Pack 6.0.4 (Full)
    Keeper Password & Data Vault
    Kindle DRM Removal
    LastPass (uninstall only)
    Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
    Lenovo Care
    Lenovo Care Supplement
    Lenovo Fingerprint Software
    Lenovo Multimedia Center
    Lenovo News-Shop
    Lenovo PM Driver
    Lenovo Registration
    Lenovo System Interface Driver
    MagicDisc 2.7.106
    Maintenance Manager
    Malwarebytes Anti-Malware version 1.75.0.1300
    Message Center
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.8 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    MusicBrainz Picard
    MyFreeCodec
    MyTomTom 3.2.0.1116
    Network Magic
    NVIDIA Drivers
    On Screen Display
    Paint.NET v3.5.10
    Panda Cloud Cleaner
    PC-Doctor 5 for Windows
    PC Suite
    PeerBlock 1.1 (r518)
    Picasa 2
    PM Driver
    Power Ux Customization
    Presentation Director
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Recuva
    Registry patch for Windows Vista USB S3 PM Enablement
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
    Rosetta Stone Version 3
    Samsung Kies
    Samsung Link 1.7.0.1309031728
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
    Segoe UI
    Simple Port Forwarding
    Skype Click to Call
    Skype™ 6.0
    Spotify
    Spybot - Search & Destroy
    SpywareBlaster 5.0
    Stickies 7.1e
    SugarSync Manager
    SumatraPDF
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    System Update
    ThinkVantage Access Connections
    ThinkVantage Technologies Welcome Message
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    TweetDeck
    Tyre
    Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    v2010.build.42
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio C++ 10.0 Runtime
    Wallpapers
    WinDirStat 1.1.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    Your Uninstaller! 2010
    .
    ==== End Of File ===========================
  • siamese0109
    siamese0109 Posts: 355 Forumite
    Thanks again for helping out! Forgot to say there's no rush - I have to go to work now so won't be able to do anything until tonight :)
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Can you post the other log - dds.txt? That one's attach.txt
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 242.9K Work, Benefits & Business
  • 619.8K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture