Author Topic: Files encrypted as ransom  (Read 1734 times)

Offline jermsdawg101

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Files encrypted as ransom
« on: August 12, 2009, 06:01:25 AM »
Just today I noticed that most of my files on a particular drive had new extensions.  Many of these include my mp3s, some pics, and some other files.  The new extensions were .ENCRYPTED.  When I removed the extensions the files still were not playable.  I use Avast Home Edition and it never caught or told me anything had happened.  In each folder on the drive was a README.txt that stated I needed to pay 50 euro in order for them to email me the decrypter for my files.  When I ran a scan of viruses xwr48247.dll came up as infected.  I don't know what to do!  Any suggestions/ideas/solutions?

Offline FreewheelinFrank

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4854
  • Gender: Male
  • I'm a GNU
    • Don't Surf in the Nude!
    • Personal Message (Offline)
Re: Files encrypted as ransom
« Reply #1 on: August 12, 2009, 08:52:32 AM »
Can you submit one of the encrypted files to Virus Total and post the result here?

http://www.virustotal.com/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Offline)
Re: Files encrypted as ransom
« Reply #2 on: August 12, 2009, 11:44:41 AM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now