Well I don't know what the other forum suggested but the first thing to do when this sort of thing hits is touch nothing and do a hard power off. Then boot into Safe Mode and initiate System Restore to before it all started, hoping that SR was turned on in the first place.
We don't actually do malware removal here, but if you click the last link in my signature below and scroll down, there are a number of forums who specialize in that.
FYI no antivirus will catch these scams properly because of the way they work. You just have to be ultra careful these days and make sure you keep everything up to date and backed up.
Please try below steps and let me know if it works for you.. these are picked from other help forums- i would suggest you to reach out to other malware cleaning forums for any additional help.
Here's the most recent directions
Download decrypt_mblblock.exe to your desktop.
- If you only have a single hard disk with one partition, then only thing you need to do is start the tool.
- Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.
- Now it will automatically scan your complete hard disk for encrypted files, when there are encrypted files present it will automatically decrypt those without deleting the encrypted originals.
- After the decryption check that all of the decrypted files open properly.
- Once you have verified that the files were decrypted properly you can delete the encrypted HTML files.
- If you have more than one hard disk or partitions with encrypted files, things get slightly more complicated. To scan and decrypt files on those other hard disks or partitions do the following:
- While holding down the Windows key now press the R key. The Run Box will now appear.
- In the Run box Type in cmd.exe and press Enter.
- The Windows Command Line prompt should show up.
- You first need to switch into the directory where you downloaded the decryption tool to.
- This can be done using the cd command: cd /d <path>
- Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:
cd /d C:\Users\Administrator\Downloads
- If you did everything right you will see that the command prompt changed slightly and now references the download directory.
- Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:
decrypt_mblblock.exe C:\ D:\ E:\
- Please be patient and refrain from using the computer for other tasks while the tool is running
It worked! Thank you soooooo very much! I have been trying to figure this out for days!! I really appreciate your help!!
Glad it helped.. That tool was picked up from one of the support forums elsewhere.... we are not done yet though
Please follow below instructions :
Backup the Data on your machine(pictures,documents etc.. ONLY.. take care what you copy do not blindly copy paste folders)
Download the latest version of Getsusp from getsusp.mcafee.com and run on the machine ---> Zip the logs and attach in next reply
Ensure DATA is back up-
Download and run the latest version of Stinger tool from Stinger.mcafee.com.> run it allow it to delete all files it picks up(reason i asked to backup files)
After a reboot- Zip and attach the Stinger_Quarntine folder and attach as next reply..
This solution might be limited to this particular variant of infection. Request others to refrain from running this tool unless requested by a forum helper to do so.
Vinod, thanks for the wonderful help.
Moved to the 'Top Threats' section in the hope it will help others with this particular malware.
The solution must be applied only post full removal of malware file...