Virus change my .jpeg to .jpeg.vscrypt

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sashobest, Jul 11, 2009.

  1. sashobest

    sashobest Private E-2

    Hi some kind of a virus changed all my pictures in to .vscrypt extention.
    "READ & RUN ME FIRST. Malware Removal Guide" I've made it step by step but still my picters are with this .vscrypt extention. Here are my logs.
    Can anyone help me?
     

    Attached Files:

    sashobest, Jul 11, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What are these:
    C:\Documents and Settings\Sashko\Desktop\7jba10ww.exe
    C:\Documents and Settings\Sashko\Desktop\7z465.exe
    C:\Documents and Settings\Sashko\Desktop\morenceee
    C:\Documents and Settings\Sashko\Desktop\morenceee.rar

    And this may be the cause of your problems:
    C:\Documents and Settings\Sashko\Desktop\Nero Burning Rom 6.6.0.15 + keygen"
    C:\Documents and Settings\Sashko\Desktop\Nero Burning Rom 6.6.0.15 + keygen.rar

    Download Dr.Web CureIt and save it to your desktop.

    • Doubleclick the cureit-beta.exe file and allow to run
    • If it prompts you about getting any updates, get the update and then rerun the cureit-beta.exe installation.
    • When it finishes you will have a green window with a Start and and Update selection. Click Start
    • the Express Scan of your PC window will come up. Click OK to scan main memory to detect infected process in memory.
    • If anything is found in memory, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • You may see a popup window to Buy or get a discount on the program. Just click the X at the top right to close this popup. The scan will continue.
    • Once the short scan is completed, click the Custom Scan radio button. Then Select each of your hard disk drives (that is if you have more than one). A red dot shows which drives have been chosen.
    • Click the green arrow at the right under the Dr.Web logo, and the scan will start.
    • Click 'Yes to all' if it finds any problems and asks if you want to cure or move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! This is necessary because there could be files in use that will be moved or deleted during reboot.
    • After reboot, rename the DrWeb.csv file to DrWeb.txt so that it can be uploaded here and then attach the log from Dr.Web to your next reply
     
    Last edited: Jul 13, 2009
    TimW, Jul 13, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds