Status
Not open for further replies.

Acex

New Member
Hello I am using HP Laptop Windows. I have a program named "Search powered by Yahoo" that I wanted to remove so I downloaded a crack version of a program remover(I forgot the name and the link sorry). Instead of removing the program, my laptop got infected by a virus I didn't know, I know that it got infected because every file in my laptop has a name added after them ". mado" so I think the virus' name is MADO so I've researched about it and how to remove it and I got into your website I've done all the steps you told but it didn't work so I joined your forum anyways you said it is a virus RANSOMWARE but I didn't get any RANSOMWARE note so I can't report it so please help me all files in my laptop is important, it has almost all my photos which is special it has my memories with my classmate and family so please help me!
 

nasdaq

Moderator
Verified
Staff member
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I do not know if I'm dreaming by I seemed to have seen your message in this Forum or else were.

Mado is malicious program, belonging to the Stop/Djvu ransomware family

Submit a sample of a compromised file to this site.

ID Ransomware

The will confirm what I have found.
If a solution is available they wlll inform you.

As far as we know today a cure is not available.

I suggest you save your files on a Flash Driver.
If later a solution is found you will be in luck.
 

nasdaq

Moderator
Verified
Staff member
There is nothing we can do.

Google storage can be used to only for 15gb
 

nasdaq

Moderator
Verified
Staff member
I really have no clue.

Google .mado Ransomeware you may find something.
 

Acex

New Member
Will formatting my Laptop remove the virus?I'm planning to completely format it to remove all the malware.
 

nasdaq

Moderator
Verified
Staff member
Hi,
The bad guys leave no trace.
All you need to remove if you do not want is to delete the compromed file if you do not want to keep them.

I can check your computer to see if anything else needs attention.
 

nasdaq

Moderator
Verified
Staff member
Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
===

p.s.
If I see some compromised files do you wish me to delete them?
 

Acex

New Member
I will format it now completely. I will do a clean format which will remove all files and install again. Will it remove the virus completely?
 

Acex

New Member
I will just backup my photos in case you find a decryptor that can decrypt files that has online key. Thanks!
 

nasdaq

Moderator
Verified
Staff member
Good luck with the clean formatting of the computer.
When Windows is installed make sure you get all the latest Windows Security up dates.
 
Status
Not open for further replies.
Top