Unable to remove malware

Status
Not open for further replies.
B

Brent_2020

New Member
Thread author
Jan 24, 2020
1
My wife's computer was recently infected with what appears to be a Phobos variant. The encryption renamed all the files to end with "[charlesetta.embody@aol.com].Dever"

Malwarebytes nor Emisoft Emergency Kit is finding any infection. The machine was connected to the internet when I was initally running these scans, but i have disconnected it to prevent any infection from spreading.

I'm not able to include the FRST.txt logs either (per the "Preparation Guide Before requesting Malware Removal Help") as i've tried installing both the 32bit and 64bit versions. Nothing happens. (is it not installing because the machine is still infected?)

I have not rebooted the machine yet. With all the files that were renamed, i'm doubtful Windows will startup. Should i try to restart in safe mode and rerun the scans?

Any assistance is much appreciated.

Regards,
Brent
 
Last edited by a moderator:
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is from the Crisis/Dharma ransomwaree family of malware.

I sugges you send a copy of the compromised files for review.

At: ID Ransomware

They will let you know of their findings.

I do not suspect that your files are recoverable.

You can restore them only if you have a good backup of the files.

----

Download this file again.
Your Virus protection software may be stopping it from running. If so dequaranine the file.
Trust it it's safe.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.
If unable to run it in Normal mode the tool should execute in Safe Mode with Networking.
 
Status
Not open for further replies.

Similar threads

D
  • Locked
Unable to remove NanoPicoen extension malware
Replies
1
Views
489
Windows Malware Removal Help & Support
nasdaq
nasdaq
R
  • Locked
Unable to remove 'search-great' browser hijacker; I feel like I tried everything - please help
Replies
3
Views
282
Windows Malware Removal Help & Support
Rman
R
L
  • Locked
Unable to remove malware extension in chrome
Replies
2
Views
1,446
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top