Ask a new question

RANSOM WARE

I got this today after installing a note pad.

Any direction would be appreciated 


All your files are Encrypted!

For data recovery needs decryptor.

How to buy decryptor:


----------------------------------------------------------------------------------------


| 1. Download Tor browser - https://www.torproject.org/ and install it.


| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/

               

| 3. Follow the instructions on this page 


----------------------------------------------------------------------------------------


Note! This link is available via "Tor Browser" only.


------------------------------------------------------------

Free decryption as guarantee.

Before paying you can send us 1 file for free decryption.

------------------------------------------------------------


alternate address - http://helpinfh6vj47ift.onion/



DO NOT CHANGE DATA BELOW

###s6dlsnhtjwbhr###           65 3E 97 16 3B 10 94 27 D4 6A D0 EA 7F 4F 61 24

95 DF 15 63 DE 71 D3 AC 38 AD C3 78 36 D0 08 6B

68 8A 1F DD 09 1E 5E BB 79 C6 89 54 CD FF 1F 6D

00 81 C8 48 2A C2 31 24 05 34 8F 4D CE 02 3E 86

3F 19 E2 22 E3 14 27 13 62 CF 8A B4 41 BA 71 0A

8E FC B3 D3 3E 4D A7 48 E6 AF 22 9D C6 21 27 17

9E 3F B3 9F 71 69 90 55 B3 87 32 29 C4 77 C8 14

5B EE B1 F8 61 0B EF C5 19 C7 09 51 02 E8 00 87

EB DA 67 AA 5B 02 2D 87 17 B9 A2 5D 34 4C 36 8B

20 22 A2 26 A3 7B 96 4E 72 57 84 EE 59 91 CB 34

25 FF 45 49 87 AE 85 65 F1 24 84 C3 EB 4A 3E 28

C1 28 3F 74 74 26 7C 39 F0 8B 1A F9 69 7E FE CD

CF 64 C9 6A 8A B6 EC 5B 05 FF 23 BB 02 DA B3 09

BB 64 0B 6B A6 0F 0B EE 4A 77 D2 10 EF 0F 54 91

3D A3 74 E4 AC 66 4D 2F A9 F5 55 CF 7B AD 3B 63

6C CE 5C 43 50 EB CA 72 5A 20 50 4B 82 D1 52 97

###             

Hi Curtis

This looks very much like you have been hit with a ransomware attack . . .

Can you actually open any of your Personal files on your PC?

If not, has a new file extension been added to all your files, regardless of file type?

Open Windows File Explorer and navigate to your Documents folder

On the view Ribbon (tab) of file explorer, temporarily tick 'File Name Extensions'

Check to see if all files are appended with the same file extension, and if so, what is that file extension?
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I hope you have backups of your personal files. If you cannot open your personal files (Documents, Pictures etc) then you need to wipe your device and clean install Windows 10. Then recover your backups.

If no backups then try posting the full title of a file that has been encrypted including the full extension. To find the full name + extension then right click, select properties and look at the file name is displayed.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Curtis,
I am Sumit, an Independent Advisor and a 2-Year Windows Insider MVP here to help.

Can you share a sample file with us to check if a decryptor is available?
Sumit

Always include PC Specs, Make and Model of the device. Ensure all the latest quality updates have been installed. It may take multiple replies to reach a satisfactory answer.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I recommend registering with one of these malware removal sites to receive dedicated malware removal instructions, an expert will remain with you throughout the process until confirmation that your PC is 100% clean.
Malwarebytes virus/malware removal forum:
https://forums.malwarebytes.com/forum/7-windows...
Bleeping computer malware/virus removal forum:
https://www.bleepingcomputer.com/forums/forum22...

Disclaimer - This post contains reference to non-Microsoft websites and there may be ads on the page for products & services including products frequently classified as a PUP (Potentially Unwanted Product). Please thoroughly research any product / service advertised on the page before you decide to use them. Your discretion is very much advised.
Virginia - Time Lady.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This appears very much like a real ransomware attack. You need to be very careful.

Please note: You cannot remove a real ransomware attack with antivirus software.

In my opinion, you should let a professional handle this. Some ransomware attacks are more skillfully executed than others. A professional can examine your computer and determine if there's a decryption key or other tool to decrypt your files. Otherwise, you have no choice but to pay the ransom.

More skillfully executed attacks typically present themselves more professionally than what you are seeing. You may have been attacked by amateurs who are using pre-made software commonly available on the internet's black market. If so, the liklihood is better that a professional will be able to decrypt your files. But you will probably end up having to pay the ransom.

Unless you feel confident about your technical abilities, you shouldn't try to fix this on your own. The better ransomware will actively fight attempts to defeat it and you may end up needing to pay a higher ransom.

The attacker gets nothing from this unless you pay. You should try to negotiate a lower ransom. Attackers are sometimes flexible. And you may be surprised at how polite they are.

---------------------------------------------------------------------------
Not affiliated in any way with Directly or their Independent Advisors.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Will do when I get back on that computer. I ran Spyhunter and Hitman and RegHunter. Then a popup came on asking my to sync my Google account. Of course this is not normal and I closed that popup without syncing. 

I then went to my desktop  and all the Goggle files were fine so was Dropbox. 

I know its running a macro somewhere it changed the files to a word document but just can't remember the extension Once I do I'll post it thanks for the reply. 

Better than some saying just pay it. And the present themselves as Microsoft advisers  

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Don't pay the attackers any ransom. That will incentivize them to create more ransomware and attack other computers.

Check this site to see if there is a solution for the ransomware you got infected with:

https://www.nomoreransom.org

If there is no solution yet you may backup your infected files somewhere in case there shows up a solution at some later time.

But I repeat don't pay. Accept your loss and be more careful next time when you download stuff.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Ricardo you dang right I won't pay a dime to these punks. Sitting in mamas basement. Good idea about saving the files. Most are backed up on my cloud. 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

It add an extension DOCM 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated September 6, 2019 Views 283 Applies to: