cancel
Showing results for 
Search instead for 
Did you mean: 

Assistance with Trojan.Graftor (promorad2)

Jump to solution

I need assistance with the following issue:

First of all I would like to highlight that I have the paid McAfee version installed in my Computer [Mcafee Live Safe Version: 16.0 R18 and McAfee Security Center Version: 17.8.131].

When I switched on my computer a couple of windows messages were displayed: Windows is not able to find the following archives: 

streamer.exe & ugduirvr.exe

To remove that pop-up I entered on the Register Editor from Windows and I deleted the references to them (I was able to do it for streamer.exe but I could not find ugduirvr.exe). 

Afterwards I realised that all my pdfs and Microsoft files had an strange file type: PROMORAD2 archive, and when I tried to open them I could not, the following message was displayed: Error while opening the document. The file is damaged and could not be opened.

I was looking on Internet for some information and it turned out that the promorad2 is a consequence of a Trojan which encrypts all the files and asks for a payment to decrypt them. So then right after I performed a detailed analisys with McAfee but it could not find any Malaware, so I downloaded SpyHunter5 and it found Trojan.Graftor located under AppData. 

Now I am completely blocked, I cannot open anything and do not know how to continue. I still cannot understand how McAfee cannot finf this malaware or why It could not remove the threat before it caused all that mess.

Could somebody help me with this?

Thank you very much.

Paula

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Assistance with Trojan.Graftor (promorad2)

Jump to solution

Hello,

Currently there is not any official tools available to decrypt your files but you can at least clean it, following this guide:

https://malwaretips.com/blogs/remove-promorad2-ransomware/

You can also give a try below instructions:

http://www.myantispyware.com/2019/03/10/promorad2-file-extension-ransomware-decrypt-restore-promorad...

 

Not sure how you got infected but there are plenty attack vectors possible some of them could possibly bypass AV software. Unfortunately best defense against ransomware is regular backup of important data.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
1 Reply
Highlighted
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Assistance with Trojan.Graftor (promorad2)

Jump to solution

Hello,

Currently there is not any official tools available to decrypt your files but you can at least clean it, following this guide:

https://malwaretips.com/blogs/remove-promorad2-ransomware/

You can also give a try below instructions:

http://www.myantispyware.com/2019/03/10/promorad2-file-extension-ransomware-decrypt-restore-promorad...

 

Not sure how you got infected but there are plenty attack vectors possible some of them could possibly bypass AV software. Unfortunately best defense against ransomware is regular backup of important data.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino