Help Cleaning Computer

Hello MajorGeeks,

I am new to here, but came because I have some major issues going on in my laptop. I will give you the main points and if anyone can help me, I would so greatly appreciate it.

I opened my email from the University of Arkansas at Little Rock, and there was an email that said that my bank mastercard was going to be charged 775.38, and for me to see the attached description, and it gave me a password for the Word document. My stupid self clicked the download, and now I have a huge mess on my hands. All of my files have an extention of .8df1 and new name. I had to use my daughter's laptop to complete my homework because my homework was attacked as well.

I notified my school about this and they said for me to restore my computer. Yeah, no I want a 2nd opinion. But they are good about catching a lot of the viruses and scams, I will give them credit.

I have installed and ran avast free anti-virus, got a few of my files back. A friend told me about malwarebytes, I downloaded and used that, and was able to get some more of my files back. Now, I am really scared because I can't open other files that was able to be opened before the day I opened the email. I can start in safe mode with networking clicked but it goes into just safe mode.

I notified my bank about the possible charges, they are going to be watchful that they do not come through. What else can I do? I am not a rich person and I am a caregiver to my soon to be 75 year old mother. I desperately need help, please!

 

Start over here and follow the instructions for your version of Windows.
http://forums.majorgeeks.com/index....ide-incl-spyware-virus-trojan-hijacker.35407/

Then post a new thread over here.
http://forums.majorgeeks.com/index.php?forums/virus-trojan-spyware-malware-help-majorgeeks.35/

 

I have this printed out...so I can follow the directions. I will click the link and follow from there. Thank you for answering me.

 

Eldon, it has three downloads under the malware download. Which one should I use?

 

I always select Download@Authors Site.
If there's a problem, select the next download.
Also, sometimes there are downloads for 32-bit and 64-bit - select whichever applies to your Windows.

 

ok

 

It is downloaded. Now what, open it?

 

The directions says to change the name of malwarebytes to mb.exe. I tried that and it did not take. So is there another way of changing the name? I am not that techno savvy. I get my daughter to do most my stuff, but she works nights. Please be patient with me. I've had 2 strokes so it takes me a few to figure things out. But Malwarebytes is opened and has a shortcut on my desktop. What else do I need to do?

 

I'm not aware of doing this.
If Malwarebytes is open, click the scan button.

You need to revisit the first link in post #3 and follow the instructions for your version of Windows.

Unfortunately I have to leave now - I'm in South Africa and it's already almost 9:30 AM!
All the best.

Edit: If Malwarebytes installed, you're good to go.
I found this:

 

Ok, have a great day, and thank you for helping me. And yes that was what I saw and was talking about.

Is there anyone else that can help me with this? I downloaded the malwarebytes yesterday and it pulled over 300 items out of my computer, but it did not find the ransomware. What can I do to get rid of the .8df1 extentions and get my files back to their original names?

 

I am trying to follow the directions for MGtools, but where it says:

FYI to Firefox users: New versions of Firefox will falsely tell you that MGtools.exe is a virus and it will not let you download it. It also does not let you override this false accusation. Do the below to fix this issue:

• In Firefox's Menu ( if you don't see the Menu bar then right click on the top area of the Firefox window and select the Menu Bar selection to enable it. Also something that should be enabled by default in my opinion )
• Now on the Menu Bar select Tools. Then select Options
• On the Options form select the Security tab.
• Now uncheck the below check boxe
  • Block reported attack sites
• Now click OK to save the change
• Now see if you can download MGtools.exe

I do not have that listed in my security listings.



What do I do now.

 

Not sure I am doing this right, about adding things to my posts. I understand about uploading a file, but considering the fact that my computer is infected wouldn't it cause the post to be infected as well? But is copying and pasting allowed? If not, then I am in big trouble!

I know that LauraR said that it should be ok to upload some of my pictures, but because of the ransomware being on the computer that has my pictures in googledrive, wouldn't they be contaminated as well?

 

I have ran all the scans. Have saved the logs to my desktop and now do I upload them here? I still have files that have the .8df1 as an extension with some crazy off the wall name for the file. I have some repaired files, but I am scared that my logs are going to be attacked like my files.

Thanks to all those that are willing to assist me. Especially Eldon. He was great at directing me to the right areas to get some of my files back. Thanks so much.

 

Thank you

 

Is it normal for the tdsskiller not to leave a log? And in the mb.exe folder there is not a listing for a log. But of course I am not a smart enough due to lack of education of what the file names extensions stand for, so there may actually be a log and me not know it.

I had ran the hitmanpro a 2nd time not realizing it made a log until I double checked my desktop. For some reason it took a little before it actually showed up. Is it because of my computer being infected?

 

I'm not in the financial way of paying 775.38 for my files. So, if I reinstall my OS will it not reinfect my computer?

 

And how is that done?

 

Thanks so much. I found out that this stupid ransomware has attacked 6 months of genealogy research, countless pictures, and other files. It attacked my homework for my college coarse, but when I told my instructor I had made a report to our IT department of the threat so they could put it on their list mentioned that I was talking to you guys, she gave me an extension. Which, I was grateful for. I used a laptop that was not infected to get it sent to her.

Would this affect my wifi? The ransomware I mean.

 

Whewww. That just made my daughter's and my day. Thank you again for your help