cancel
Showing results for 
Search instead for 
Did you mean: 
sparkyjo
Level 7

vegclass@aol.com.xtbl

Hi I have got a virus on my server and it is deleting and replicating all over the place but my mcafee endpoint security is not picking it up at all.

Has anyone seen this?

When I was running a scan it was talking 5 minutes and saying it was finished but when I went to processes and closed spoolsv.exe the scan is running like normal but it still is not finding any virus

any help in greatly appreciated

0 Kudos
1 Reply
Hayton
Level 18

Re: vegclass@aol.com.xtbl

Moved from Community Support to Business/Endpoint Security for attention

By the way, that's ransomware. See the following for the current status regarding the possibility of decryption (not yet possible as far as I know)

!. BleepingComputer - Ransomware virus name Vegclass@aol.com.xtbl - Ransomware Help & Tech Support

2. Malwaretips - Remove .vegclass@aol.com.xtbl ransomware (Files Encrypted Malware)

If your pictures, videos and documents are encrypted with a .vegclass@aol.com.xtbl extension, then your computer has been infected with a new variant of the Troldesh/Shade ransomware.

Troldesh/Shade is a file-encrypting ransomware, which will encrypt the personal documents found on victim’s computer using RSA-2048 key (AES CBC 256-bit encryption algorithm), appending the .vegclass@aol.com.xtbl extension to encrypted files. vegclass@aol.com.xtbl then displays a message which offers to decrypt the data if a payment in Bitcoins is made.
0 Kudos