I got a unusual voice mail attachment in my junk mail. it was zipped
never seen that before....but as a small business dude
it could be client sending me info
so i unzip...it briefly turns into a xxxxxxxx.scr (thinking screen saver file) and disappears
no voice file at all. ok batman what happened??
return to desk top.....no back ground
black......go to use my firefox to use check websites...passwords gone
go to open pdf on desk top....says damaged or corrupt
so i open some folders up on desk top....
there is help_decrypt txt file and a help_decrypt png
look at png file...it says some thing about pay money to decrypt files
ok i look this up on internet....while i do a deep mcafee plus deep scan.....it never caught anything....
ok....i am lead to this site associated with mcafee
seems i may have crypto 3.0??? or a ransom virus ICE thingy
do some reading
purchase spyhunter 4...install and scan deeply.....
and download macfee stinger
start to delete every help_decrypt txt file and a help_decrypt png i can find...plus another info.txt...which is gibberish in view screen
ok spyhunter finds several malware....fix
check pdfs and jpegs...some don't work....screw it delete them......ok seems everything is fine
stinger comes up clean
ok next morning.....remembering passwords to different accounts...pdfs working
find a folder with help_ decrypt stuff in it....screw it delete folder
do another mcafee scan, stinger, malwarebytes anti malware and spyhunter 4
only thing that comes up
media infections (cookie trackers) 4 infections listed files
ok fix.....scan with the whole army
pdf that are ok act dead
media infections (cookie trackers) 4 infections listed files
ok what have i missed.....trying mcafee Getsusp
says 1 suspicious file and 3 unknown
scan results uploaded to mcafee labs.
i up load file anyways to mcafee labs to be sure
also malwarebytes finds 2 potentially objects....this time...not last times and then 5???
PUP.Optional.searchProtect.A ----- temp\utt5E9C.tmp.exe
PUP.Optional.Trovi.A ------ searchplugins\trovi-search.xml
so i delete them
and scan again
how do i kill it
or do i nuke and pave
plus my external drives....do they have it......malwarebytes..... does it scan all....no way i see to check
does the more i scan the more it spreads
time for some peer support....so i'm asking...email me.....i will try anything
If I may ask, what McAfee Product are you running? Is it an Enterprise Product or Consumer? This will assist in moving to a more appropriate area for assistance. By your mentioning that you are a Small business owner leads me to ask such.
A " .scr file is an executable file that can be used by Legitimate programs/or by Malware Authors as well. By all that you have stated thus far, leads me to believe you have been infected with some type of Ransomeware, Cryptolocker/Cryptowall and other variants.
As you stated most often is the case, you became infected via opening a Malicious email.
I apologize as I do not have the time to delve deeply into this issue, as it it is in the wee hours of the morning here. I am certain that one of my Colleagues will pick up this thread, and add to the Discussion.
Having said this, especially after observing all of the (Pups) you have been infected with, along with
a possible Ransomeware infection. Your best case scenario would be to contact Specialists that deal with
these sort of issues consistently.
Of course McAfee can offer you assistance as well, through their own Virus Removal Process.
One of the first things I would do is Delete and remove "Spyhunter 4" as it has been known to be bundled with other third party apps, which in itself cause more harm than good. I must go now, as I said I am certain someone will pick up this thread and add to the discussion.
For the present time, I will move this to Malware Discussion > Home User Assistance > Discussions.
If needed to be moved to a more appropriate area, one of my Colleagues will do so.
Wishing you all the very best
McAfee Community Moderator
running consumer mcafee plus.....as a small business owner.....just me and my office is a truck
as spyhunter 4....unload.....from what little research i did.....it was recommended
but i know trees and bears.......and that why i can here
uninstalling spyhunter 4....after a day use..and going for a refund
ok getting account with bleedingcomputer...more research and posting the above ....not your comments but my stuff
also did the McAfee TechMaster and it found nothing......a great.....did that before spyhunter.....
is mcafee the best....for virus removal....got to pay.....i just paid 4-5 months back for 3 licences....thought this should be part of the kill the virus program
In regards to Spyhunter, Please read the following, especially the "Wot Rewiews" From none other than Bleeping Computer :Is SpyHunter still suspected to be a rogue? - Anti-Virus and Anti-Malware Software
Yes I would most definitely ditch Spyhunter as unreliable at best and dubious at worst. There are a number of tools that are tried and tested and linked in the last link below, also there's a hint on what to do if you think you've been invaded by malware of any description, don't touch anything, power off completely and then back on and into Safe Mode and use System Restore to go back to before it happened.
In this case, no antivirus is guaranteed to protect so you have to be very careful. Never open emails from total strangers especially if they have attachments. By opening the attachment the malware had carte blanche to do whatever it was designed to do. Now whether or not McAfee should have known about it is another question and we have emailed the powers that be on this question. Some malware works in ways that antivirus software can't deal with unfortunately.
Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers
As CD said better to talk to the malware removal experts we mods have a broad idea of what to do and encrypted files well that is a whole new ballpark
Re your external drives it is feasible that they are affected as well from what i have read and that is why I keep backups monthly on an external not connected drive. My weekly backups are on internal drives.
Did not get an answer for that thread starter but some info.
This from a lab tech I emailed
Cryptolocker uses RSA encryption. Sadly, no one is able to decrypt these files as we haven’t found any weakness in the encryption.
Any mapped drive with a drive letter will get infected as well. Removable drives, external hard disks, drop box folders and network shares.
thank you.....until i figure this out i will not use my externals
when i got hit i disconnected until to day......now only doing the several scan thing and stinger...
and it looked like it was all clear....now scanning scanning.....figure keep up the scanning
so i hooked them up (externals) and scanned....nothing....not a trace....didn't find a help_decrpyt in any of the big folders
.....pictures ...popped up in the side windows view......or appeared with the big and large icon setting
but i never open any files, pdf's pictures or docs...still haven't
stinger scanned files...now will disconnect
McAfee® Labs Stinger™ Version 220.127.116.114 built on Jan 29 2015 at 14:17:43
Copyright© 2014, McAfee, Inc. All Rights Reserved.
AV Engine version v5700.7163 for Windows.
Virus data file v1000.0 created on Jan 29, 2015
Ready to scan for 6682 viruses, trojans and variants.
Custom scan initiated on Thursday, January 29, 2015 17:04:39
Rootkit scan result : Not Scanned.
Summary Report on C:
Not Scanned:........... 1519270
Possibly Infected:..... 0
Scan completed on Friday, January 30, 2015 04:09:00
now here i thought it would do all drives????
will do again...and external only
so first pic is spyhunter finding
every scan.....now spyhunter uninstalled
second is the help_decrypt png
and i took a closer look
it states it is cryptowall 3.0
one file is firefox email browser link
the info is ---hxxp://paytoc4gtpn5czl2.monsterbbc.com/dj9tgp (link broken by Moderator for safety)
guess i have bread crumbs
adding as much info as possible.......for the next victum to be helped .....from my misfortune
See my response above. Googling this I find that it's possible to get rid of the malware, but once files are encrypted, they are lost.
There is NO guarantee that files will be restored by paying the ransom, besides who wants to aid and abet organized crime?
A lesson is to be learned from this, always back up your important files somewhere safe, on a regular basis.
I also broke the link in your post above in case anyone clicked it.