struppigel

Moderator
Verified
Staff member
Hello Eman shafik,

I am Karsten and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
At first some information about your ransomware. This ransomware family is called Gibberish and it is one of the secure ransomware encryptions. That means we cannot decrypt your files. Only the criminals who have the key can decrypt them. Criminals are not trustworthy and may take your money without helping you, so we advise against paying the ransom.

As I take it you want your system to be checked for malware.

Please run the following diagnostic scan so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Double-click FRST64.exe to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.
 

struppigel

Moderator
Verified
Staff member
Hello Eman shafik,
I haven't heard anything of you in the last 4 days. Please let me know if you still require help.
I will close this thread in 2 days if I don't hear back from you so I can take the time to help others.
 

struppigel

Moderator
Verified
Staff member
Hello Eman,

Thank you for the logs. I am away this weekend (driving for at least 8 hours today, it's now 9 am in the morning).
It will take some time to go through the logs.
Expect my answer at latest on Monday.

Have a nice weekend!
 

struppigel

Moderator
Verified
Staff member
Hello Eman shafik,

Your system has a lot of security software installed, most of which are still actively running in the background.

Having more than one Antivirus product on your system will weaken security and slow down your system. AVs need to deeply ingrain into the system in order to fight malware. This and the fact that they carry malware patterns with them for malware detection makes them look like malware for other AV software. Different AVs may recognize each other as malicious and using them at the same time may have unforseen consequences.

For that reason I want you to decide for one AV product that you will keep. I found these AVs on your system:
  1. Emsisoft
  2. McAfee
  3. AVG
  4. Malwarebytes
  5. and always inbuilt: Windows Defender

1. Please tell me which one of these you want to keep or enable as your AV.

Furthermore, you have programs installed that are classified as potentially unwanted software.
These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies.

2. Please tell me for each of the following programs if you want to keep them:
  • WiperSoft
  • SpyHunter
  • Smileys We Love Toolbar for IE
  • ParetoLogic Data Recovery
  • Free Opener
  • Free Zip
  • AVG Web TuneUp
  • Bing Bar
 
Hello Karsten,
Thank you for your reply, I prefer McAfee as antivirus as it is an original copy, Malware byte is also nice but i use the free version, and regarding the programs i prefer spyHunter.
NOTE: i downloaded all these antivirus and malware after i had the ransomware and scanned by each one separately but unfortunately they couldn't remove the ransomware.
 

struppigel

Moderator
Verified
Staff member
Hello Eman,

Antivirus software will remove malicious ransomware files. Ransom notes and ransomware encrypted files are not malicious in your case. People often want to keep those files in case they can decrypt them. If you want to remove ransomware encryped files and ransom notes, we can do that. But I'll need your permission.

Decryption or recovery of your encrypted files is currently not possible for this strain of ransomware. You can back up those files in the hopes it is possible later. The chances are very slim, though.

Uninstall Software
  • Press the Windows Key
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programs, right-click and click Uninstall.
    • Bing Bar
    • AVG Web TuneUp
    • Free Zip 9.20
    • Free Opener
    • Free File Viewer 2014
    • ParetoLogic Data Recovery
    • Search App by Ask
    • Smileys We Love Toolbar for IE
    • WiperSoft
    • Emsisoft Anti-Malware
    • AVG
    • PC Doctor
    • Zemana Anti-Malware
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.

Farbar Recovery Scan Tool (FRST) Scan
  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.
 
Hello Karstan,
Thank you for your reply, I want to keep the encrypted files so that later on i may find a decryption tool for it. I also made for them a backup on portable hard disk as they are very important files for me, i want to be sure that my PC now is free from any malware or ransomware. what is your opinion should i format my PC? or recover an older version of windows? and then try to recover my lost files by recovery programs
I have done the steps you told me about but 3 programs AVG, AVG web tuneup, smiley couldn't be uninstalled as they told they are unsuccessfully installed or they aren't there on my PC. I don't know how?
 

Attachments

struppigel

Moderator
Verified
Staff member
Hi Eman,

and then try to recover my lost files by recovery programs
You already tried at least two recovery programs. If these didn't work, you won't have more luck after windows reset.
Oftentimes they cannot recover files encrypted by ransomware because ransomware will make sure to delete the original copies in a way that this is not possible.

what is your opinion should i format my PC?
Either we clean your system together using FRST or you format it. Both would be fine. If you want to format, we don't need to proceed with the cleaning instructions below.
It's hard to tell which of those takes more effort since manual cleaning can be unpredictable at times. If you want to proceed, follow instructions below.

--------------------------------------------------------
AVG Remover
  • Open AVG_Remover.exe
  • User Account control - click "Yes"
  • Click "CONTINUE"
  • Select all products, and click "Remove"
  • Click "Restart" and restart PC
  • After restart Click "Run" (Open file – Security Warning dialog) and let AVG Remover remove traces
  • Restart PC again

Farbar Recovery Scan Tool (FRST) Script
  • Download the attached fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Double-click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

Farbar Recovery Scan Tool (FRST) Search
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.
    Smileys
  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
 

Attachments

Last edited:
After restart Click "Run" (Open file – Security Warning dialog) and let AVG Remover remove traces
what do you mean by this sentence?
i have done all steps of AVG remover and restarted the computer twice, but it tells me you have to restart it again to be installed.
 

struppigel

Moderator
Verified
Staff member
Looks like AVG remover worked just fine. We still have to get rid of that Smileys adware, though.

Farbar Recovery Scan Tool (FRST) Script
  • Download the attached fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Double-click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

Farbar Recovery Scan Tool (FRST) Scan
  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.

Please tell me how your system is doing.
 

Attachments

I think the system is faster now but i don't know is my PC free from any malware or what? Is it safe to use my PC and do my work on it or no? and still there is that program named smiley
 

Attachments

Top