Banta Ransomware

jefflbi · Jan 29, 2022

Woke up this morning to find my pc had been compromised by ransomware that encrypts every file with the extension .banta. What is best course of action?? Thanks in advance........

TimW · Jan 29, 2022

IIRC, this is a Phobo's ransomware and you may find help with Trend Micro's tool:

https://success.trendmicro.com/solu...ing-the-trend-micro-ransomware-file-decryptor

jefflbi · Jan 29, 2022

Thanks much........... I am running the steps in the pinned post to remove malware. I will try the tool in your link when that is completed.......

jefflbi · Jan 29, 2022

I am uploading the Roguekiller repost as specified in the malware removal instructions.........

jefflbi · Jan 29, 2022

jefflbi said: ↑

I am uploading the Roguekiller repost as specified in the malware removal instructions.........
Click to expand...

TimW said: ↑

IIRC, this is a Phobo's ransomware and you may find help with Trend Micro's tool:

https://success.trendmicro.com/solu...ing-the-trend-micro-ransomware-file-decryptor
Click to expand...

I think I didn't upload the RogueKiller report the right way the first time........

TimW · Jan 29, 2022

You did...but we prefer that you do all the requested scans and then attach them.

jefflbi · Jan 29, 2022

TimW said: ↑

You did...but we prefer that you do all the requested scans and then attach them.
Click to expand...

The "analyze.exe" of MGtools has been running for hours............. Hitman pro found no infections........

jefflbi · Jan 29, 2022

TimW said: ↑

You did...but we prefer that you do all the requested scans and then attach them.
Click to expand...

Uploaded log files as requested, HitmanPro did not find any infections.........

TimW · Jan 29, 2022

For MGtools, did you save MGtools.exe to C:\MGtools.exe as requested. It must be save to the root folder of your Windows boot drive. Do not save it anywhere else and do not attempt to Run or Open it from the download link. You must save it to your PC. Please try again and make sure you follow the instructions exactly. If you get any error messages, see if it is one of the ones that are explained on the download page. If the error is not on the download page, give us the exact word for word message.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

jefflbi · Jan 29, 2022

TimW said: ↑

For MGtools, did you save MGtools.exe to C:\MGtools.exe as requested. It must be save to the root folder of your Windows boot drive. Do not save it anywhere else and do not attempt to Run or Open it from the download link. You must save it to your PC. Please try again and make sure you follow the instructions exactly. If you get any error messages, see if it is one of the ones that are explained on the download page. If the error is not on the download page, give us the exact word for word message.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
Click to expand...

Yes I did install in the root of C as specified and then ran the exe. I am repeating that procedure and will reply when the program finishes.

jefflbi · Jan 29, 2022

TimW said: ↑

For MGtools, did you save MGtools.exe to C:\MGtools.exe as requested. It must be save to the root folder of your Windows boot drive. Do not save it anywhere else and do not attempt to Run or Open it from the download link. You must save it to your PC. Please try again and make sure you follow the instructions exactly. If you get any error messages, see if it is one of the ones that are explained on the download page. If the error is not on the download page, give us the exact word for word message.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
Click to expand...

I'm sorry, I didn't there was a zip file of the logs. I only attached the one txt file. Here is the complete zip file.

jefflbi · Jan 29, 2022

TimW said: ↑

IIRC, this is a Phobo's ransomware and you may find help with Trend Micro's tool:

https://success.trendmicro.com/solu...ing-the-trend-micro-ransomware-file-decryptor
Click to expand...

Just an FYI, I didn't have any success with the TrendMicro tool.....

TimW · Jan 29, 2022

Then if Trend Micro didn't give you a decryption tool, your only option is to restore from a back up or reinstall. You can post in the software forum for advice on how to do either.

jefflbi · Feb 2, 2022

TimW said: ↑

Then if Trend Micro didn't give you a decryption tool, your only option is to restore from a back up or reinstall. You can post in the software forum for advice on how to do either.
Click to expand...

Just an FYI, I think this site might be better as it includes all of the tools available on the Trend Micro site along with many others. And this site is most likely to post a tool for .banta ransomeware as soon as one is developed...……..

Home | The No More Ransom Project

jefflbi · Jun 6, 2023

There might be some hope for us yet!!!!
https://cert.pl/en/posts/2023/02/breaking-phobos/

Log in or Sign up

Banta Ransomware

jefflbi Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

RogueKiller_report.txt

jefflbi Private First Class

Attached Files:

RogueKiller_report.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

MBlogs.txt

filelog.txt

RogueKiller_report.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

MGlogs.zip

jefflbi Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Log in or Sign up

Banta Ransomware

jefflbi Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

RogueKiller_report.txt

jefflbi Private First Class

Attached Files:

RogueKiller_report.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

MBlogs.txt

filelog.txt

RogueKiller_report.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Attached Files:

MGlogs.zip

jefflbi Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jefflbi Private First Class

jefflbi Private First Class

Useful Searches