Eking malware removal HELP

Status
Not open for further replies.

andrease

New Member
Mar 8, 2021
1
1
Hi!
My server have been infected by the eking malware and all of my files have been locked. Now, I am reading lots of different guides to how remove it. And they all start with "Download and run xxx program". Now, HOW DO I DO THAT? As soon as i put in the usb (I cannot download on the infected computer since I unplugged it from the network and no browser is working..) the file on the usb gets infected. So first of all - how do I install a Anti Malware program on a infected computer?? HELP!!
/Andreas
Sweden
 

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
439
3,325
I am Karsten and will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

The ransomware that infected your server is called Phobos.
We can remove the infection but not the encryption. Only the attackers have the keys for decrypting your files.

I have a few questions:
1. What Windows version does your server have?
2. We cannot decrypt your files, so the fastest way to get rid of the infection is to reformat the disk and reinstall the operating system. While it is possible to remove the infection manually via recovery environment, it may take more time. Keep in mind that your files are lost anyways, so there wouldn't be any gain in manual disinfection. How do you want to proceed?
 
Status
Not open for further replies.
Top