hello,
yesterday morning I got hit with the latest ransomware - MOLE00
it encrypted almost all the files on my personal PC, Avast did not catch it , it did not even see it!
Luckily I was able to stop the ransomware from encrypting all of my files and my backup partition. because I was using the computer at the time and noticed files appearing on my desktop I immediately disconnected from the network and opend the task manager and try to stop the ransomware process.
All I was doing at the time of the infection was reading the news on a local online news website
I have been a PAID subscriber to Avast Internet Security for the last 8 years and I am very disappointed-I did not get the INTERNET SECURITY that I needed when I needed it !. its like buying condoms with holes !why bother.
I spent the last 8 hours looking for the virus, removing it, cleaning the hard-drive and recovering as many files as possible.
I sure hope Avast is planing to improve their product maybe this info can help them:
during the manual clean -up and removal of this ransomware I found that the virus was located in \AppData\Local\mbzx.exe
it also had another executable, I think it was in the Roaming file: BCDA9163F2.exe
The name of the process that I stopped was: oren music
What is "nice" about this Ransomware is that it changes all the file names so you have to recover everything and you cant pick and choose.
does anyone know if there is a descriptor for this ransomware?
The file recovery with Shadow explorer was limited so any help will be appreciated, in recover and decryption !