Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
SPORA infection this morning on Win 7 laptop, guidance on effective removal please.
Message
<blockquote data-quote="Hannay" data-source="post: 607621" data-attributes="member: 60026"><p>Thank you ... </p><p></p><p></p><p>I ran RansomNoteCleaner on the C: drive with SPORA selected as the Ransomware to look for, and there are some clear issues and I need to check further. I haven't yet run it on the portable drive.</p><p></p><p>On completion it reported:</p><p></p><p>"Searching for Spora Notes ... none found.</p><p>Finished search, found 42 ransom notes."</p><p></p><p>I assume that by "Ransom Notes" it means the .html files that take you immediately to the Ransom page.</p><p></p><p>I checked the ransom notes that it reported, and the file paths all led to legitimate files that then opened up quite properly when clicked - the Audacity ones for example open that Program's help-pages.</p><p></p><p>I had already discovered some of the SPORA-dropped .html files (the GB06F-23XOH-FTARH-TZTRX-TAZOY.htm files mentioned already), and their filepaths are not included among the 42 ransom notes reported.</p><p></p><p>I have attached RansomNoteCleaner's report doc. if you need to take a look.</p><p></p><p><em>**<strong>Note please</strong> ... to check this I ran RansomNoteCleaner a second time but with ALL Ransomewares selected not just Spora in case it threw up anything of further relevance, but it gave exactly the same 42 findings, nothing additional.</em></p><p></p><p>However, I then ran it one more time with just SPORA selected again, and this time it reported 0 Ransom Notes found!</p><p></p><p>I have added a screenshot of that report, which seems incorrect because firstly I have not deleted any yet, and secondly because right alongside it on the desktop is one of the (42?) links/notes that needs to be cleaned out ... it has been right there from the beginning.</p><p></p><p></p><p>There's one more thing that I have noticed now: Windows Explorer has lost some functionality - the folder tree does not show/can't find my desktop, and "Local Disc C:" under "Computer" has the normal arrowhead to open/expand its tree downwards but noithing shows there at all - no system folder, program folder, users folder, all those many other folders. They are obviously present, but they aren't shown so I can't access them to operate anything if needed, which is already a problem.</p><p></p><p>For example, I can not browse folders/files in order to attach documents to this reply, so I can't use this Forum's "upload a file" process. To post this reply with atachments I have had to transfer those documents on to a thumb drive and then add this reply from a different computer instead and add the attachments off the thumbdrive.</p><p></p><p></p><p>So then ....</p><p></p><p>I have not yet taken any action beyond Running RNC to find ransom notes to clean off the system, from which it firstly reported 42.</p><p></p><p>I am nervous that those findings were/are legitimate files and would damage the system if deleted, unless they are absolutely certain to be disguises?</p><p></p><p>However, I am very puzzled why on a re-run RNC is then saying there are zero Ransom Notes, when very clearly there are still many I can find in files myself including one right on the desktop as you can see in the partial-screengrab of RNC's subsequent "0 ransom notes" response.</p><p></p><p>I don't know if you might want another system report to see if that shows you anything, but I have prepared another FRST and Addition report anyway in case you do but you can just ignore them if not.</p><p></p><p>So please can you tell me what I should do now given these findings?</p><p></p><p>Thanks for your patience, sorry the time-difference is working against us a little.</p></blockquote><p></p>
[QUOTE="Hannay, post: 607621, member: 60026"] Thank you ... I ran RansomNoteCleaner on the C: drive with SPORA selected as the Ransomware to look for, and there are some clear issues and I need to check further. I haven't yet run it on the portable drive. On completion it reported: "Searching for Spora Notes ... none found. Finished search, found 42 ransom notes." I assume that by "Ransom Notes" it means the .html files that take you immediately to the Ransom page. I checked the ransom notes that it reported, and the file paths all led to legitimate files that then opened up quite properly when clicked - the Audacity ones for example open that Program's help-pages. I had already discovered some of the SPORA-dropped .html files (the GB06F-23XOH-FTARH-TZTRX-TAZOY.htm files mentioned already), and their filepaths are not included among the 42 ransom notes reported. I have attached RansomNoteCleaner's report doc. if you need to take a look. [I]**[B]Note please[/B] ... to check this I ran RansomNoteCleaner a second time but with ALL Ransomewares selected not just Spora in case it threw up anything of further relevance, but it gave exactly the same 42 findings, nothing additional.[/I] However, I then ran it one more time with just SPORA selected again, and this time it reported 0 Ransom Notes found! I have added a screenshot of that report, which seems incorrect because firstly I have not deleted any yet, and secondly because right alongside it on the desktop is one of the (42?) links/notes that needs to be cleaned out ... it has been right there from the beginning. There's one more thing that I have noticed now: Windows Explorer has lost some functionality - the folder tree does not show/can't find my desktop, and "Local Disc C:" under "Computer" has the normal arrowhead to open/expand its tree downwards but noithing shows there at all - no system folder, program folder, users folder, all those many other folders. They are obviously present, but they aren't shown so I can't access them to operate anything if needed, which is already a problem. For example, I can not browse folders/files in order to attach documents to this reply, so I can't use this Forum's "upload a file" process. To post this reply with atachments I have had to transfer those documents on to a thumb drive and then add this reply from a different computer instead and add the attachments off the thumbdrive. So then .... I have not yet taken any action beyond Running RNC to find ransom notes to clean off the system, from which it firstly reported 42. I am nervous that those findings were/are legitimate files and would damage the system if deleted, unless they are absolutely certain to be disguises? However, I am very puzzled why on a re-run RNC is then saying there are zero Ransom Notes, when very clearly there are still many I can find in files myself including one right on the desktop as you can see in the partial-screengrab of RNC's subsequent "0 ransom notes" response. I don't know if you might want another system report to see if that shows you anything, but I have prepared another FRST and Addition report anyway in case you do but you can just ignore them if not. So please can you tell me what I should do now given these findings? Thanks for your patience, sorry the time-difference is working against us a little. [/QUOTE]
Insert quotes…
Verification
Post reply
Top