My grandfather had a ransomware event on March 24, 2019 on his Windows 10 computer. I'm going through the painstaking process of cleaning the system long enough to back up some of his files before I blow everything off and start from scratch.
Avast software is being used as a part of this attack. I am not sure if it has been modified but it is IMPOSSIBLE to get off at the moment as everything is locked despite Safe Mode, changing ownership of files, and working in registry keys.
The name of the Avast software put on was Avast Business CloudCare though there seem to be some other Avast components. Other software they added was GoToAssist Customer (LogMeIn) and AnyDesk. My grandfather thought Microsoft was contacting him and he did the unthinkable and gave them money. God knows what else they put on this system. I've been able to scrub LogMeIn and AnyDesk but not the "Avast" software they used.
If ya'll need the company info or addresses and phone numbers they're registered at, I have that. I just thought Avast would want to know some really bad actors are posing with YOUR software in a horrible light.
Avast, do you have a script that I can run that would completely remove all Avast components and install files? the Windows\WinSxS folder is one of the hot spots.
