Ransomeware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by edpolakoff, Dec 27, 2019.

Tags:
  1. edpolakoff

    edpolakoff Private First Class

    Hey guys, friend was using Firefox last night and it came up with a ransomeware screen. Windows has detected and error, call this number or your computer will lock up. We had to pull the battery to get past it and I ran the scans. I did goof up and forget to reboot after turning off UAC...Win7 machine, so I did run them again. Current logs included.
     

    Attached Files:

    edpolakoff, Dec 27, 2019
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Questions: Are you currently using the computer to post those logs? Have received any additional ransomware notices?

    It appears there is NO AV software installed!!

    I will also suggest an immediate download of an anti-ransomware software~

    Are any of your files encrypted yet?

    Please empty out these folders:
    C:\Windows\assembly\temp
    C:\Windows\TEMP
    C:\Users\Jeanne\AppData\Local\Temp
     
    TimW, Dec 27, 2019
    #2
  3. edpolakoff

    edpolakoff Private First Class

    Ok. First folder didn't exist. Second and third folder had things I couldn't delete, they were locked. There is no AV, I deleted AVG right before I started running scans. Instructions said to disable while running scans, I don't care for AVG, I took it out. I will reinstall Avast when I'm done. I did not send the logs from the infected machine, my laptop was already logged in and I keep the software for doing this on an external drive...I run into too many friends I need to help over the years... I am on it now. When I go on certain sites I'm still getting pop up ads from Kohl's and a few others.

    I haven't found any files encrypted, but she doesn't keep a lot of files on here. It's used for transcribing court cases and she pretty much uses it for little else.

    What do you recommend for free ransomware protection? I know Avast has one in their paid version, this gal is tight on funds. Someone asked me the other day if I make money doing this...nope. For me, it's fun. What good are talents if you don't share them. I appreciate you guys more than you know.

    What's next? Try and clear out those files in safe mode?
     
    edpolakoff, Dec 27, 2019
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Avg and avast are now the same thing. Since you said there was a ransomware message, I thought it might be wise to INSTALL some FREE anti-ransomware software. Just go to the main page and search in the search box for anti ransomware. Kaspersky, Bitdefender....etc.

    You may wish to reset Foxfire to defaults.

    Reset Mozilla Firefox to defaults

    Let me know how things are running.
     
    TimW, Dec 27, 2019
    #4
  5. edpolakoff

    edpolakoff Private First Class

    Ok Tim,

    BD anti ransom is on. Avast is on. Updated some outdated software like flash player and firefox. Reset firefox. Reset UAC and removed everything but MWB. I think that puts it back to normal operating mode...of course it's been rebooted.

    I haven't seen anymore ransom pop ups while I've been doing all of this. I think for now we're ok. I'm staying here for the next few days before I head back to warm country in Phoenix (in MD right now). If something pops up again, I'll get back to you. As always I appreciate your help. Hope you have a wonderful New Year!
     
    edpolakoff, Dec 27, 2019
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    3. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. After doing the above, you should work thru the below link:
     
    TimW, Dec 27, 2019
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds