Author Topic: .b277 file extenssion (Read 3002 times)

6virjay6 · « **on:** October 09, 2016, 05:22:38 PM »

My all video and audio files have been changed to .b277 extenssion.

What is this and how to correct this ?

The files have been unplayable now

Pondus · « **Reply #1 on:** October 09, 2016, 05:28:09 PM »

Only media files? ... you may have a ransomware

Follow instructions and attach requested logs > https://forum.avast.com/index.php?topic=53253.0
Malwarebytes and the two logs from FRST is the important ones

Eddy · « **Reply #2 on:** October 09, 2016, 06:20:05 PM »

9038 different file-extensions in my database and no b277.
Could be a new type/variant of ransomware.

Upload some files to https://www.nomoreransom.org/crypto-sheriff.php
and let us know what is says.

6virjay6 · « **Reply #3 on:** October 11, 2016, 06:28:06 AM »

I have run the malwarebytes and farbar as instructed. Attaching the log files as advised.
Next program i will run and send the results in next post

Thanks for the help

6virjay6 · « **Reply #4 on:** October 11, 2016, 07:26:04 AM »

The log file of ASWMBR is attached herewith.

Eddy · « **Reply #5 on:** October 11, 2016, 08:15:58 AM »

What is KMS doing on your system ?

A good start to cleanup the system is removing all illegal software and other things as likely one (perhaps several) of them have caused the infection.
After removing all that crap, run Farbar again and attach new logs to your next post here.

dbrisendine · « **Reply #6 on:** October 11, 2016, 09:21:36 AM »

Do you share programs / files with XP side on this system?

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Browser Configuration Utility
KMSnano 24
QuickTime 7
YTD Video Downloader 5.7.2

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Read Slowly and all of it.

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does).

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back.

6virjay6 · « **Reply #7 on:** October 11, 2016, 02:33:41 PM »

Done as per instructions.

Attached are 2 log files
KSMNANO 4 was not found

dbrisendine · « **Reply #8 on:** October 12, 2016, 09:10:32 AM »

What part of "cracked or illegal" software did you not understand?

2016-10-11 13:26 - 2016-10-11 13:26 - 00386607 _____ D:\Users\Virendra\Downloads\Sony Vegas Pro 11 Keygen + Patch.zip
2016-10-11 12:34 - 2016-10-11 12:36 - 28820534 _____ D:\Users\Virendra\Downloads\d89MalBytesAntiMlwrPrmmv2.2.1.1043FULL-SAMI500778.rar
(Got to ask what level of protection did you think you would get with a cracked antimalware product? Cracking IS malware.)

2016-10-04 19:06 - 2016-10-04 19:06 - 00014933 _____ D:\Users\Virendra\Downloads\CyberLink Director Suite 5.0 Multilingual Incl Patch + Extra Content [SadeemPC].zip.torrent
2016-10-11 12:52 - 2016-08-07 20:00 - 00000000 ____D D:\Users\Virendra\Desktop\Malwarebytes Anti-Malware Premium v 2.2.1.1043 + New Activator 2016

And these are where your Ransomware infection came from (or at least, was the backdoor for it) ==>>
2016-09-20 19:51 - 2016-09-20 19:51 - 00037443 _____ D:\Users\Virendra\Downloads\[only-soft.info].t22515.torrent
2016-09-20 19:40 - 2016-09-20 19:40 - 00022113 _____ D:\Users\Virendra\Downloads\CyberLink.PowerDirector.Ultimate.v15.0.20.26.0.Incl.Keymaker-CORE.torrent
2016-09-16 18:20 - 2016-09-16 18:51 - 00000000 ____D D:\Users\Virendra\Desktop\CyberLink Director Suite 5.0 Multilingual Incl Patch + Extra Content [SadeemPC]
2016-09-15 21:13 - 2016-09-15 21:13 - 00070697 _____ D:\Users\Virendra\Downloads\Not.Without.My.Daughter.1991.720p.WEB-DL.AAC2.0.H264-FGT-[rarbg.com].torrent

Eddy · « **Reply #9 on:** October 12, 2016, 09:27:59 AM »

Using malware to remove malware is not gonna work.
That is going around the same circle over and over again.

6virjay6 · « **Reply #10 on:** October 13, 2016, 09:23:51 AM »

These are the downloaded torrents which are not installed yet. But I normally use bit torrent for downloads of old classic movies.

These are the programs for audio/video encoding which is my hobby to convert into 3D and with surround sound and I use it for my personal collection.

If that is the culprit I will delete these files.

Eddy · « **Reply #11 on:** October 13, 2016, 10:58:43 AM »

Installed or not, if you use it for personal use or not...
It is malware and has to go.
Guess how your system got infected....

Author Topic: .b277 file extenssion (Read 3002 times)

6virjay6

.b277 file extenssion

Pondus

Re: .b277 file extenssion

Eddy

Re: .b277 file extenssion

6virjay6

Re: .b277 file extenssion

6virjay6

Re: .b277 file extenssion

Eddy

Re: .b277 file extenssion

dbrisendine

Re: .b277 file extenssion

6virjay6

Re: .b277 file extenssion

dbrisendine

Re: .b277 file extenssion

Eddy

Re: .b277 file extenssion

6virjay6

Re: .b277 file extenssion

Eddy

Re: .b277 file extenssion