When opening various threads a zipped file called Your_mortgage_payments.rar attempts to download. Obviously dodgy.
Not seeing the issue here. Do you have any other windows open behind? Definitely don;t open or extract this RAR file. Dump your history and cookies and run an antivirus scan. I suggest Avast or AVG as free options if you don't have one already.
Ransomware - help!!! Hi everyone, just trying here in the hope that someone else has had exactly the same problem. I was expecting a courier delivery this week and an email from Fedex told me that they were unable to make a delivery to me, which was quite feasible. After many years of being careful before opening any attachments, it fooled me and I opened it, realising within about 5 seconds, I had made a mistake. I admit it, I am a ****ing t**t! So, despite me having several anti virus, anti malware programs, I got infected. It has encrypted nearly everything on my PC. Letters, images, spreadsheets, etc and is demanding around £262 in bitcoin within 3 days to provide me with the key, otherwise I lose everything. Some is backed up in the cloud, but not all of it (don't ask). It seems that there are many infections of this type and there are apparently some ways of getting it sorted. It is obviously best that I can find a solution for exactly the same infection that I have, rather than just keep trying many advertised solutions. So below is the initial wording of a notepad warning given to my PC. If anyone has knowledge on how to deal with this particular one, then I would appreciate knowing if they dealt with it. All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. To restore your files you have to pay 0.57516 BTC (bitcoins). Please follow this manual: 1. Create Bitcoin wallet here: *link removed* I know that there are many things I can try and do to find the solution and I am actively trying them now via google, so would just appreciate any specific advice at this time, rather than the general help often offered.
Double Whoosh?! :whoosh: Edit: When I read that it didn't read like ZZ and I assumed that it was a double bluff to make you click the link you posted.
Ouch sorry to hear this. For the love of god don't pay them. At best they'll unlock everything for you and continue on with their grubby illegal trade. At worst they'll hold you to ransom again and again and again until you stop paying. Most infections are not phycial encryption though. It might be worth investing in a decent antivirus/malware program first. If you have nothing to lose. Reformat and start again, chalk it up to experience. If you desperately need the data then pay an independent professional to sort it out for you.
This. A majority of ransom-ware infections have no magical key to unlock. What's the scammers main aim? To part you with your money. Once they've done that, why would they have incentive to give you what you want? More work for them and they're hardly the most noble of people.
ZZ - Your only hope is a backup. You do have a backup of your data, right? Which variation of the ransomware do you have? Is it Locky or Cryptolocker? If no backup, you might find some useful advice here: https://noransom.kaspersky.com/ Some of these groups have been broken up and decryption keys released. If you don't have a backup and it's an uncracked variant, then I'm afraid your only option is >Format C:\
I am slowly working through a suggested option. By the way, I have Avast, Norton and Anti malwarebytes - just not good enough.
True dat. Also Norton is pretty rubbish Once you get sorted out, try Avira free AV. That comes out top on a lot of analysis and I've found it pretty good over the years. https://www.avira.com/en/download/product/avira-free-antivirus As for Malwarebytes, whilst it's ideal for clearing up little spyware infections and such like, it is not active. You need to run a scan before it does anything at all. It will offer no protection at all against infections such as the one ZZ has described. Finally advice for all users: You notice ZZ's infection came from email. That is by far the most common way people get infected. Don't believe a sender address - they're super-easy to fake. Just because it says From: manager@barclaysbank.com doesn't mean that it's from Barclays! If you're unsure about an email, hit reply and see what address comes up in the To: box on the reply. You'll often see it's something completely different to the supposed sender. Also you can hover the mouse over a link and it'll show you the URL it's going to take you to. Finally, another great way to check out whether an email's legit is to open it, switch to the File tab and click Properties. That'll display the email header info. Copy and paste the header info into a tracer such as this one http://www.iptrackeronline.com/email-header-analysis.php and it'll give you a good idea of where it really originated from.
I'm at work so strange behaviour to see in the first place. That type of crap is usually stopped very early. Problem seems to have ceased now.
I'm not technical at all but recently started using a Mac and it seems really good at filtering all spam e-mails which I then just delete. How can it do this so well as compared to an HP which was rubbish at weeding out any dodgy looking e-mail?
I've never, ever had this problem since I moved to an umbongo'ed laptop. Some people (weirdos and degenerates) prefer a minty smell to stop their dripping taps.
The spam filters come from your email provider rather than the hardware you're on, so seems unlikely.
Also, I overheard a "friend" (who I barely know) telling "another friend" (moog) to obtain your "art materials and anatomical visual study aids" from x"rodent commonly kept by children as a pet".com.
Its easy for everyone to say don't pay it but only you know the value of the data involved, if you decide you must then you have little choice. However if you do and even if it works I can guarantee you or your company will be targeted again especially if they have now got further details than your e-mail. Forget not that any recovered data will likely need to be cleaned of malware too. Good luck and thank fck I binned that same e-mail as junk. However I never open attachments without checking, even expected ones can be infected. PS. Aren't you on Windows 10? ... I thought NX bit/XD were meant to stop such attacks
Update! Almost all docs, music, images, encrypted. In desperation I approached several IT specialists, including businesses in Nottingham that repair PC's etc. I got nowhere - the majority just saying that I need to either pay up, with associated risks, etc, or just give up on the encrypted files and then reload the entire PC, to be sure. However, I was lucky that, with a bit of trial and error, I was able to identify the trojan as Nemucod. That led me to a forum called Bleeping Computer and a de-encryption tool through Emsisoft. What the software does is compare an encrypted file with the clean normal file. I works out the key, which is about 50 digits long and then it de-encrypts all the files. Amazing! I still have to take a few measures to ensure the trojan has now gone, but it should be OK. It is easier said than done, though, to find identical crypted and un-encrypted files for the software to compare. Particularly as the encryption does not let you see the exact size of the file, etc and files from the cloud do not necessarily seem to come back down "identical", for some reason. So trying to find those two identical files seems to be the biggest issue for most "victims" trying to use the software. So moral is obviously be more careful than I was with emails and attachments, even from Fedex!. Maybe copy a few files onto a USB clip that can be easily transferred for use with the software, then don't give up, there are a few incredibly cleaver people out there. Even cleverer than GF, IMO. Thanks to those that tried to help, it is appreciated.
You jest surely? .... I invented the damned internet :rolleye1: I'm happy you've found a solution and that you've shared it with us .... now please use your connections to catch these damned crooks (if the English fooled even you there'll be brits or yanks in there somewhere).
And the other moral is, if your data is valuable and you don't want to lose it, back it up! It doesn't have to be a virus or ransomware that affects you, hard drives fail regularly and the specialist companies that recover data from them charge an absolute fortune because they know they've got you over a barrel. Glad to hear you've managed to get sorted out anyway ZZ. What would you have done without all those JPGs of Maggie T photoshopped in stockings and suspenders and wielding a cane?
Another thing .... and I know if you handle lots of deliveries it's not possible. But being used to dealing with a lot of building sundries I tend to memorise the first few digits of article or delivery numbers and refer to them by that ... In the absence of a description anything different would likely arouse my suspicion - I think.
Just in case anyone on here uses MS Onedrive, which I do sometimes, as colleagues use it to access and edit documents, etc. Everything on there was also encrypted. I thought it would have been safe. Not so.
Plenty more where they come from, I'd probably start by scanning some of the posters on my bedroom wall!
Interesting and surprising. Were you just using it through webinterface or had you linked it as a drive?
It would be great if someone was able to catch up with these b'stards one day, but how would you trace them?
As the old adage says "you follow the money" Don't believe for one minute they can't ... they can but resources are thin and they are too busy chasing suspected terrorists and paedos (not that they shouldn't but it's definitely a populist policy).
