Malware Ransomware

fitzybhoy

Inactive User
Joined
Aug 4, 2007
Messages
689
Reaction score
18
Been hit with ransomware over the last few days.

All files are now appended with[[email protected]].wallet

From what I can gather this is particularly nasty piece of work.

Any way it can be removed?
 
Right click on one of the affected folders, then properties, then previous version. If available try restoring prior to the infected date. Some of the malware, turn off system restore so it may not be visible when you try it.
 
Unfortunately I don't have backups. This was just a computer that although it had loads of stuff on it was very rarely used. I just used to RDC into it whenever I needed access. I think RDC has been used to spread the virus, a new user has been added and it now forbids me to disable it.

Shadow copies have also been disabled. I messed around with some files and most of my mp3 files although not all pictures have been retrieved. Just the filenames and extension were scrambled.

Will retrieve what I can and remove all hard drives in case a fix comes up in the future, although I seriously doubt it. Apparently it uses 256 bit AES asymmetric encryption, so not holding my breath on this one.

Bought a new hard drive and moving to Linux in the meantime.
 
Do you know how the bug(?) got onto your computer @fitzybhoy? And were you running any anit-virus s/w that should have protected it but didn't?
 
Last edited by a moderator:
Do you know how the bug(?) got onto your computer @fitzybhoy? And were you running any anit-virus s/w that should have protected it but didn't?

Most of the antivirus software will not protect against ransomware. Quite a few of our clients got infected via emails.

Malwarebytes 3.x claims to stop it now.
 
Last edited by a moderator:
Do you know how the bug(?) got onto your computer @fitzybhoy? And were you running any anit-virus s/w that should have protected it but didn't?

I think but cannot be sure that I was infected via a torrent site. Which one, I do not know. Torrents are something I never use, normally get everything off usenet, but this time I couldn't get what I was looking for and moved off the beaten track. Schoolboy error, live and learn etc.

Just checked my mp3s and although fine at first glance, they have the first 5 seconds and last 20 seconds chopped off every track.

For AV, I was just using the inbuilt MSE with Win 7. But that was disabled for some reason.
 
Last edited by a moderator:
I think but cannot be sure that I was infected via a torrent site. Which one, I do not know. Torrents are something I never use, normally get everything off usenet, but this time I couldn't get what I was looking for and moved off the beaten track. Schoolboy error, live and learn etc.

Just checked my mp3s and although fine at first glance, they have the first 5 seconds and last 20 seconds chopped off every track.

For AV, I was just using the inbuilt MSE with Win 7. But that was disabled for some reason.

Ouch! Not good. I guess I've been lucky as I use torrents quite a lot. Mostly for music, but if I see one that looks iffy (i.e. filesize looks wrong for given content) I avoid it.
 
I wouldn't want to leave that PC connected to the internet, if there's another user added to the thing it could be spreading it's crap to other machines.
 
The waves of ransomware started to engulf people more and more. Well, unfortunately, we all got caught off-guard by these. Due to encryption that they use, it is rather difficult to decrypt it without a master key. Luckily, up today most of the Ransomware already has decryption solutions, so if you have your backups or files, you can try looking into .wallet ransomware removal options.
As for conventional manual removal, you can try these options.
  1. Restart your PC in "Safe mode with networking"
  2. Install Malwarebytes and/or Hitman Pro and do a scan to remove all of the ransomware files.
  3. Try a system restore point. Hopefully, there is a recent one that you can use.
  4. If you have a bootable disc, you can try a recovery/restore using that.
  5. You can use Shadow Explorer to get shadow copies of your files, could potentially work.
Other than that, there aren't many options you can do. Your best bet would be to do a full wipe and reinstall windows.
As for future protection, running an active anti-malware and anti-virus will increase the protection significantly. Do regular backups of every important file. You can use either cloud service (Recommended to disconnect after syncing files) or external hard drive. And be careful when browsing, avoid shady links and well since torrents is always a risk at least try to go by votes or popularity. Usually, they carry less malware.
 
Back
Top