I thought that the end of the "alphabet" was "X Y Z" now I have found out otherwise please help

[sheffieldyorky]

I am a retired (75) Electro-Mechanical Engineer (HND) and been with computers (man & boy) since Windows 3.1
I am ashamed to say that I have caught my first virus namely the "X Y Z " on my desktop and its infected my 2 tb HDD desktop, this blog is coming from one of my laptops.
This is the first and hopefully the last intrusion on my machine.
I desperately want to eradicate this piece of "s * * t" because it has a lot of information, letters, Excel spreadsheets and my very large music folder.
My desktop is protected or so I thought but here we are.
As an example a text file blahblah.txt or an image rose.jpg etc. etc this has now changed to blahblah.txt.xyz OR rose.jpg.xyz
While i was sat at my desk & desktop to my left I could hear a very faint clicking sound I thought one of the fans was on the way out but they all seemed O.K so I am sat there hearing this clicking sound and was puzzled, but what I did notice the icons ALL started to look the same just a blank small white square, I clicked on one and it would not open.
I then went to a folder and opened that BIG mistake I then saw and heard the clicking sound as each item within changed to ***.jpg.xyz so I quickly closed the folder knowing that I was now infected for the first time in my life.
While the 2 tb drive was connected I tried to download and run a scan BUT was prevented because various well known websites could not be found,(I was definitely online) I am not going to name them but I think we all know which sites let you do an online scan.
So to bring things up to date, I am expecting a new 1 tb HDD delivered today, I fully intend to install a new O.S and once the new O. S is up and running I was going to connect the old 2 tb and point the Malwarebytes scan towards that.
I can't post a screen grab till I get my new 1 tb HDD up and running.
Does anybody have any suggestions or comment to make.

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I'm sorry by I only have bad news for you.
You have been infected by a Ransomware family of malware


Navigate to this topic.

ID Ransomware

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

id-ransomware.malwarehunterteam.com

Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.

From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.

The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.

It's never to late to use common sense to guard against being infected.
Tips on how to prevent ransomware attacks

Ransomware protection: How to keep your data safe in 2024

What does ransomware do and how can I protect myself? Learn how to protect your computer with ransomware scanners

www.kaspersky.com

Good luck.

p.s.
If you have any other issues with this computer please run this program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

 

[sheffieldyorky]

Hi there
Many thanks for your response.
Some questions for you.

1. What makes you think that it is Ransomware, I have not had an email asking for money to retrieve my data ?a)Which i am more than happy to do up to a point, everybody has their limit.
2. In my opening statement "While the 2 tb drive was connected I tried to download and run a scan BUT was prevented because various well known websites could not be found,(I was definitely online)" so I will not be able to "Submit a sample of the compromised files for their review."
3. I do not want to copy & paste onto a memory stick "a sample of the compromised files" and probably infect this laptop, then I am back to square one.
4. What I can do is boot up the desktop, pick and individual file or open folder & take photograph with my phone and use the "upload facility" seen here.

I look forward to your response.

Kind regards

Tony

 

[nasdaq]

Hi,

Download and execute the Farbar program I suggested
This will only scan your computer and report the details in the FRST.TXT and Addition.txt logs..

Attach these logs in your next replyl

 

[sheffieldyorky]

Hi,

Download and execute the Farbar program I suggested
This will only scan your computer and report the details in the FRST.TXT and Addition.txt logs..

Attach these logs in your next replyl

Hi there nasdaq
Many thanks for your response.
Please allow me to further explain my predicament as seen in my opening statement ;
"While the 2 tb drive was connected I tried to download and run a scan BUT was prevented because various well known websites could not be found"
I'm still writing this on my laptop as previously stated.
I tried downloading it BUT it wanted to go to my "downloads folder"
I tried pointing it to Drive (E 117gb and was told "Are you sure you want to copy this file without its properties ?"
What I really need is a full version that I can download to a flash drive (I have larger capacity USB's ) or make my Desktop boot to CD via B.I.O.S.
My Desktop B.I.O.S will NOT boot from a USB drive, I'll burn the amended USB file to a blank CD, I'm hoping the program size will be smaller than my stock of blank CD's & CDRW's
I don't have a problem supplying the " FRST.TXT and Addition.txt logs.. I'm sure there must be a "workaround" with is problem I am not the first and dare say the last.

 

[nasdaq]

Hi,

I don't have a problem supplying the " FRST.TXT and Addition.txt logs.
I need to the these logs..

 

[sheffieldyorky]

Hi,

Download and execute the Farbar program I suggested
This will only scan your computer and report the details in the FRST.TXT and Addition.txt logs..

Attach these logs in your next replyl

Hi there
Many thanks for your response.
I would respectfully draw your attention to this part of my text as seen above ;

1. In my opening statement "While the 2 tb drive was connected I tried to download and run a scan BUT was prevented because various well known websites could not be found,(I was definitely online)" so I will not be able to "Submit a sample of the compromised files for their review."

The only way that I can think of is to get the BIOS to boot to my CD drive and run the "Farbar program" and THEN post the results.
If you can show / tell me how to download the full program and save it to my it to my laptop, I would really appreciate it.

 

[nasdaq]

Hi,

Please see the message I left you.

 

[sheffieldyorky]

Please supply a link on how I can download the COMPLETE "Farbar program" to a NEW desktop folder which I will then burn to a new CD.
Also please tell me the size of the complete Farbar program so that I have a new disc big enough to cope.
OR a link as seen above
This is all I would like for now.
Once I have burnt the CD and followed your instruction's I do not have a problem with sending you the "report details in the FRST.TXT and Addition.txt logs".
There is nothing I will focus on now until I get the download Farbar link as described above

 

[sheffieldyorky]

The reason for the above post of mine is plain to see in your attachment.
I now provide a "screenshot" of your reply and the open attachment.
I was wondering how a text document could help me, so please help.

 

[sheffieldyorky]

Farbar running now on my Desktop, I will update you with the two text contents.

 

[sheffieldyorky]

These are they.
It just kept on going and going

 

[nasdaq]

Hi,

Remove these programs in bold using the Control Panel > Programs > Programs and Features...
If this fails before you execute the Fixlist.txt attached leave it for now.
When the the fix has been excuted and the computer has restarted do it now.
Restart the computer after the uninstallation.

searcharchiver (HKU\S-1-5-21-902570451-1821961932-2475232831-1001\...\searcharchiver) (Version: 1.0 - searcharchiver)
searchpoweronline (HKU\S-1-5-21-902570451-1821961932-2475232831-1001\...\searchpoweronline) (Version: 1.0 - searchpoweronline)
sharksearchonline (HKU\S-1-5-21-902570451-1821961932-2475232831-1001\...\sharksearchonline) (Version: 1.0 - sharksearchonline)

<<<>>>

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
You ran the Farbar program from a \Temp folder. If you have any pending issues I suggest you Copy the Farbar program to your Desktop and scan the computer from that location.
Post fresh FRST.TXT and Addition.txt logs for my review.
Let me know what problem exists.

 

[nasdaq]

Are you still with me?