1 2 Previous Next 12 Replies Latest reply on Feb 18, 2015 10:10 AM by catdaddy

    Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders

    mrbushtroll

      Ok

      real noob

       

      I got a unusual voice mail attachment in my junk mail. it was zipped

      never seen that before....but as a small business dude

      it could be client sending me info

       

      so i unzip...it briefly turns into a xxxxxxxx.scr (thinking screen saver file) and disappears

      no voice file at all. ok batman what happened??

       

      return  to desk top.....no back ground

      black......go to use my firefox to use check websites...passwords gone

      go to open pdf on desk top....says damaged or corrupt

      so i open some folders up on desk top....

      there is help_decrypt txt file and a help_decrypt png

      look at png file...it says some thing about pay money to decrypt files

       

      ok i look this up on internet....while  i do a deep mcafee plus deep scan.....it never caught anything....

      ok....i am lead to this site associated with mcafee

       

      seems i may have crypto 3.0??? or a ransom virus ICE thingy

      do some reading

      purchase spyhunter 4...install and scan deeply.....

      and download macfee stinger

      start  to delete every help_decrypt txt file and a help_decrypt png i can find...plus another info.txt...which is gibberish in view screen

       

      ok spyhunter finds several malware....fix

      check pdfs and jpegs...some don't work....screw it delete them......ok seems  everything is fine

      stinger comes up clean

       

      ok next morning.....remembering passwords to different accounts...pdfs working

      find a folder with help_ decrypt stuff in it....screw it delete folder

      do another mcafee scan, stinger, malwarebytes anti malware and spyhunter 4

      only thing that comes up

      spyhunter 4

      media infections (cookie trackers) 4 infections listed files

      _ga.9DI6DP87.txt

      _gat.9DI6DP87.txt

      azk.JERHWVJG.txt

      azk-events.JERHWVJG.txt

       

      ok fix.....scan with the whole army

      nothing

      pdf that are ok act dead

      scan

      spyhunter 4

      media infections (cookie trackers) 4 infections listed files

      _ga.9DI6DP87.txt

      _gat.9DI6DP87.txt

      azk.JERHWVJG.txt

      azk-events.JERHWVJG.txt

       

      ok what have i missed.....trying mcafee Getsusp

      says 1 suspicious file and 3 unknown

      scan results uploaded to mcafee labs.

      i up load file anyways to mcafee labs to be sure

       

      also malwarebytes finds 2 potentially objects....this time...not last times  and then 5???

      PUP.Optional.searchProtect.A ----- temp\utt5E9C.tmp.exe

      PUP.Optional.Trovi.A ------ searchplugins\trovi-search.xml

      so i delete them

       

      and scan again

       

      how do i kill it

      or do i nuke and pave

      plus my external drives....do they have it......malwarebytes..... does it scan all....no way i see to check

      does the more i scan the more it spreads

       

      GGGGRRRRRRRRRR

      time for some peer support....so i'm asking...email me.....i will try anything

        • 1. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
          catdaddy

          mrbushtroll,

                               If I may ask, what McAfee Product are you running? Is it an Enterprise Product or Consumer? This will assist in moving to a more appropriate area for assistance. By your mentioning that you are a Small business owner leads me to ask such.

           

                               A  " .scr file is an executable file that can be used by Legitimate programs/or by Malware Authors as well. By all that you have stated thus far, leads me to believe you have been infected with some type of Ransomeware, Cryptolocker/Cryptowall and other variants.

           

                               As you stated most often is the case, you became infected via opening a Malicious email.

           

                           I apologize as I do not have the time to delve deeply into this issue, as it it is in the wee hours of the morning here. I am certain that one of my Colleagues will pick up this thread, and add to the Discussion.

           

                            Having said this, especially after observing all of the (Pups) you have been infected with, along with

                            a possible Ransomeware infection. Your best case scenario would be to contact Specialists that deal with

                             these sort of issues consistently.

           

                             You can start with by following the Instructions with-in this Link "HiJackthis" and submit to either Bleeping Computer/or Malwaretips.com. whom are most reputable and highly regarded. Anti-Spyware/Malware & Hijacker Tools

           

                             Of course McAfee can offer you assistance as well, through their own Virus Removal Process.

                              McAfee TechMaster | PC Optimization, Software support, Device setup, OS troubleshooting, Online Remote support

           

                              One of the first things I would do is Delete and remove "Spyhunter 4" as it has been known to be bundled with other third party apps, which in itself cause more harm than good. I must go now, as I said I am certain someone will pick up this thread and add to the discussion.

           

                                For the present time, I will move this to Malware Discussion > Home User Assistance > Discussions.

                                If needed to be moved to a more appropriate area, one of my Colleagues will do so.

           

          Wishing you all the very best

          Catdaddy

          McAfee Community Moderator

          Consumer Products

          1 of 1 people found this helpful
          • 2. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
            Peacekeeper

            As CD said better to talk to the malware removal experts we mods have a broad idea of what to do and encrypted files well that is a whole new ballpark

             

            Re your external drives it is feasible that they are affected as well from what i have read and that is why I keep backups monthly on an external not connected drive. My weekly backups are on internal drives.

             

            How can I decrypt files after CryptoLocker virus

            Did not get an answer for that thread starter but some info.

             

            This from a lab tech I emailed

            Cryptolocker uses RSA encryption. Sadly, no one is able to decrypt these files as we haven’t found any weakness in the encryption.

            Any mapped drive with a drive letter will get infected as well. Removable drives, external hard disks, drop box folders and network shares.

            1 of 1 people found this helpful
            • 3. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
              mrbushtroll

              running consumer mcafee plus.....as a small business owner.....just me and my office is a truck

               

              as spyhunter 4....unload.....from what little research i did.....it was recommended

               

              but i know trees and bears.......and that why i can here

              uninstalling spyhunter 4....after a day use..and going for a refund

               

              ok getting account with  bleedingcomputer...more research and posting the above ....not your comments but my stuff

               

              also did the    McAfee TechMaster and it found nothing......a great.....did that before spyhunter.....

              is mcafee the best....for virus removal....got to pay.....i just paid 4-5 months back for 3 licences....thought this should be part of the kill the virus program

              • 4. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                mrbushtroll

                thank you.....until i figure this out i will not use my externals

                when i got hit i disconnected until to day......now only doing the several scan thing and stinger...

                and it looked like it was all clear....now scanning scanning.....figure keep up the scanning

                 

                so i hooked them up (externals) and scanned....nothing....not a trace....didn't find a help_decrpyt in any of the big folders

                .....pictures ...popped up in the side windows view......or appeared with the big and large icon setting

                but i never open any files, pdf's pictures or docs...still haven't

                stinger scanned files...now will disconnect

                 

                McAfee® Labs Stinger™ Version 12.1.0.1314 built on Jan 29 2015 at 14:17:43

                Copyright© 2014, McAfee, Inc. All Rights Reserved.

                 

                AV Engine version v5700.7163 for Windows.

                Virus data file v1000.0 created on Jan 29, 2015

                Ready to scan for 6682 viruses, trojans and variants.

                Custom scan initiated on Thursday, January 29, 2015 17:04:39

                 

                Rootkit scan result : Not Scanned.

                 

                Summary Report on C:

                D:

                E:

                F:

                G:

                H:

                I:

                File(s)

                TotalFiles:............ 1858282

                Clean:................. 339012

                Not Scanned:........... 1519270

                Possibly Infected:..... 0

                Time: 11:04:21

                Scan completed on Friday, January 30, 2015 04:09:00

                 

                now here i thought it would do all drives????

                will do again...and external only

                • 5. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                  catdaddy

                  mrbushtroll,

                                      In regards to Spyhunter, Please read the following, especially the "Wot Rewiews" From none other than Bleeping Computer :Is SpyHunter still suspected to be a rogue? - Anti-Virus and Anti-Malware Software

                   

                  Regards,

                  Catdaddy

                  • 6. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                    exbrit

                    Yes I would most definitely ditch Spyhunter as unreliable at best and dubious at worst.  There are a number of tools that are tried and tested and linked in the last link below, also there's a hint on what to do if you think you've been invaded by malware of any description, don't touch anything, power off completely and then back on and into Safe Mode and use System Restore to go back to before it happened.

                    In this case, no antivirus is guaranteed to protect so you have to be very careful.   Never open emails from total strangers especially if they have attachments.  By opening the attachment the malware had carte blanche to do whatever it was designed to do.  Now whether or not McAfee should have known about it is another question and we have emailed the powers that be on this question.   Some malware works in ways that antivirus software can't deal with unfortunately.

                    Good luck.

                    Toronto ▪ Canada
                    Volunteer Moderator - Consumer Products
                    I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
                    Use Advanced Search To Find Answers

                    Anti-Spyware/Malware/Hijacker Tools

                    1 of 1 people found this helpful
                    • 7. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                      mrbushtroll

                      spyhunter findings.jpgHelp_decrypt link.jpg

                      so first pic is spyhunter finding

                      every scan.....now spyhunter uninstalled

                       

                      second is the help_decrypt png

                      and i took a closer look

                      it states it is cryptowall 3.0

                       

                      one file is firefox email browser link

                      HELP_DECRYPT

                      the info is ---hxxp://paytoc4gtpn5czl2.monsterbbc.com/dj9tgp (link broken by Moderator for safety)

                       

                      guess i have bread crumbs

                      • 8. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                        mrbushtroll

                        adding as much info as possible.......for the next victum to be helped .....from my misfortune

                        • 9. Re: Got a voice mail in my junk mail....crypto 3.0??? see help_decrypt in folders
                          exbrit

                          See my response above.   Googling this I find that it's possible to get rid of the malware, but once files are encrypted, they are lost.

                          There is NO guarantee that files will be restored by paying the ransom, besides who wants to aid and abet organized crime?

                          A lesson is to be learned from this, always back up your important files somewhere safe, on a regular basis.

                          I also broke the link in your post above in case anyone clicked it.

                          1 2 Previous Next