Ask a new question

.DOCM Ransomware

 A message is displayed in Microsoft word, which indicates "UPDATE AVAILABLE update for office are ready to be installed, but first to close some apps ", after clicking Update now, another window is displayed "the update will be downloaded in the background".  After that all my file encrypted .DOCM.  in this link you will find the encrypted, decrypted file and the readme file.  https://drive.google.com/file/d/1eFarX49ONtzXxiWrlitiLhg3-16m_zRL/view?usp=sharing

I have another PC is infected, the yellow massagebar always display despite the last update of Microsoft threat protection is installed.  the malware doesn't begin work until we click Update now. is there any update to detect this virus?

Hi fekri_saleh1

My name is Andre Da Costa; an Independent Consultant, Windows Insider MVP and Windows & Devices for IT MVP. I'm here to help you with your problem.

That yellow 'Update Now' banner is a part of Office and notifies the user of new updates to be installed. It is safe.

As for your documents, I am not sure this is Ransomware, but I certainly won't be downloading anything to my device from that link.

Press Windows key + R
Type: rstrui.exe
Hit Enter

This will start the system restore wizard. Choose a restore point before the problem started.

Check if your files are then accessible.
Best regards,
Andre Da Costa
Independent Advisor for Directly

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Fekri,
I am Sumit, an Independent Advisor and a 2-Year Windows Insider MVP here to help.

That is a version of Globeimposter 2.0 ransomware. See this thread and the linked support topic.

https://www.bleepingcomputer.com/forums/t/69965...

Disclaimer:
This is a non-Microsoft website which would provide accurate and safe information. Watch out for ads on the site which are frequently classified as a PUP (Potentially Unwanted Products). There is no need to buy paid products to fix your computers as they do more harm than good sometimes.
Sumit

Always include PC Specs, Make and Model of the device. Ensure all the latest quality updates have been installed. It may take multiple replies to reach a satisfactory answer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Although it looks like there is no decryptor available yet for this.
Sumit

Always include PC Specs, Make and Model of the device. Ensure all the latest quality updates have been installed. It may take multiple replies to reach a satisfactory answer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I think that's GlobeImposter version 2 which is up to now not decryptable for free...

> https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/page-26#entry4811897

> https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/page-26#entry4813871

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Some more helpful links....

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated September 20, 2019 Views 1,445 Applies to: