Jump to content

Ruxpin

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ya thats what I figured. luckily we have a backup of the more important files in the cloud. When I right click desktop and go to personalize the ransom image is there to select, but I can't find it on the C: drive per your instructions.
  2. I just checked window/web and couldn't find the ransom image but the other default images are there. weird any other idea where it could be? I have a backup of all the C Drive files with carbonite.com and when I spoke with them they said to not call them to restore the backup unti the cryptovirus has been removed from the PC I also have a backup internal harddrive attached that is all encrypted so we probably cant decrypt those until a future fix comes out. Its from an old computer drive of files over 5 years old.
  3. before I restore my main files I just want to make sure its been removed
  4. Yes it does. Thank You. So does this mean the zepto has been removed or how do I know for sure?
  5. This is the version I think I have so maybe the tools out there cannot pick it up yet? http://www.idigitaltimes.com/ransomware-update-zepto-bart-cryptxxx-cerber-hitting-users-hard-month-542946
  6. When I boot up it goes to the black screen with red letters first, but Im able to scroll the mouse to the bottom and get to the win 10 menu fine. Then open applications, outlook, Chrome, etc over it. It just stays on the background. I checked my screen saver settings and it shows NONE as I thought maybe it saved a image there automatically
  7. It just sits on the desktop and allows me to still open any apps on windows 10 menu. Its really just a background image file but everything else works, email, internet, etc.
  8. Also, I have copies of the files on carbonite in the cloud, so just need to get the virus off so we can restore them. Was thinking of just doing a fresh install but thought I would try this first to avoid the headache of reinstalling everything. Thoughts?
  9. Not sure but probably before then. This is my Dads computer and he said he has had the black screen show up a few days before 6/30/16 around 6/27/16 he thinks.
  10. Hello Kevin, thanks so much for the info. Please find attached below what you asked for. I followed the instructions to a tee. When I ran Sophos, it took off two threats but could not take off the third. so I had to rerun it and it still won't remove it. Its called "Mal/OddZip-A" I attached a screen shot with additional log in the attached word document. Please let me know anything else I should do. I still see the black screen with red font which I also screenshot in the word doc for you. It could just be a saved image on bootup screensaver that I need to delete or does it mean the malware virus is still on my computer? Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/7/2016 Scan Time: 4:20 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.07.02 Rootkit Database: v2016.05.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: George McCune Scan Type: Threat Scan Result: Completed Objects Scanned: 314025 Time Elapsed: 59 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Zemana AntiMalware 2.21.2.139 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/7/7 Operating System : Windows 10 64-bit Processor : 8X Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz BIOS Mode : Legacy CUID : 12B6FC2D6EC42E4EA0172F Scan Type : Deep Scan Duration : 59m 45s Scanned Objects : 439951 Detected Objects : 3 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- systemtweaker.exe Status : Scanned Object : %userprofile%\documents\downloads\systemtweaker.exe MD5 : 73B18E4621E55C64FAEFBE8ACE2B051E Publisher : Uniblue Systems Size : 4974192 Version : 2.0.1.7 Detection : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\documents\downloads\systemtweaker.exe systemtweaker(2).exe Status : Scanned Object : %userprofile%\documents\downloads\systemtweaker(2).exe MD5 : 73B18E4621E55C64FAEFBE8ACE2B051E Publisher : Uniblue Systems Size : 4974192 Version : 2.0.1.7 Detection : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\documents\downloads\systemtweaker(2).exe SWDUMon.sys Status : Scanned Object : %localappdata%\slimware utilities inc\driverupdate\swdumon.sys MD5 : 04CF20310145DEC63D5387BEAFF77D9A Publisher : SlimWare Utilities Inc. Size : 13920 Version : - Detection : Scareware:Win32/FakeOptimizer!Ep Cleaning Action : Quarantine Related Objects : File - %localappdata%\slimware utilities inc\driverupdate\swdumon.sys Cleaning Result ------------------------------------------------------- Cleaned : 3 Reported as safe : 0 Failed : 0 2016-07-07 12:30:00.664 Sophos Virus Removal Tool version 2.5.5 2016-07-07 12:30:00.664 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-07-07 12:30:00.664 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-07-07 12:30:00.664 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64 2016-07-07 12:30:00.664 Checking for updates... 2016-07-07 12:30:00.695 Update progress: proxy server not available 2016-07-07 12:30:10.294 Option all = no 2016-07-07 12:30:10.294 Option recurse = yes 2016-07-07 12:30:10.294 Option archive = no 2016-07-07 12:30:10.294 Option service = yes 2016-07-07 12:30:10.294 Option confirm = yes 2016-07-07 12:30:10.294 Option sxl = yes 2016-07-07 12:30:10.294 Option max-data-age = 35 2016-07-07 12:30:10.294 Option EnableSafeClean = yes 2016-07-07 12:30:10.903 Downloading updates... 2016-07-07 12:30:10.904 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE527 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE528 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE529 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE530 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE531 LATEST 2016-07-07 12:30:10.904 Update progress: [I49502] Found supplement IDE532 LATEST 2016-07-07 12:30:10.904 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-07-07 12:30:10.904 Update progress: [I19463] Syncing product SAVIW32 70 2016-07-07 12:30:17.507 Update progress: [I19463] Syncing product IDE527 142 2016-07-07 12:30:21.856 Option vdl-logging = yes 2016-07-07 12:30:22.658 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-07 12:30:22.658 Machine ID: 65b9d5562cf54b6da53eee6442d382e3 2016-07-07 12:30:22.658 Component SVRTcli.exe version 2.5.5 2016-07-07 12:30:22.658 Component control.dll version 2.5.5 2016-07-07 12:30:22.658 Component SVRTservice.exe version 2.5.5 2016-07-07 12:30:22.658 Component engine\osdp.dll version 1.44.1.2250 2016-07-07 12:30:22.658 Component engine\veex.dll version 3.65.0.2250 2016-07-07 12:30:22.658 Component engine\savi.dll version 9.0.1.2250 2016-07-07 12:30:22.658 Component rkdisk.dll version 1.5.30.0 2016-07-07 12:30:22.658 Version info: Product version 2.5.5 2016-07-07 12:30:22.658 Version info: Detection engine 3.65.0 2016-07-07 12:30:22.658 Version info: Detection data 5.26 2016-07-07 12:30:22.658 Version info: Build date 4/5/2016 2016-07-07 12:30:22.658 Version info: Data files added 589 2016-07-07 12:30:22.658 Version info: Last successful update (not yet updated) 2016-07-07 12:30:22.689 Installing updates... 2016-07-07 12:30:23.306 Error level 1 2016-07-07 12:30:23.344 Update progress: [I19463] Syncing product IDE528 127 2016-07-07 12:30:23.344 Update progress: [I19463] Syncing product IDE529 135 2016-07-07 12:30:23.344 Update progress: [I19463] Syncing product IDE530 191 2016-07-07 12:30:23.344 Update progress: [I19463] Syncing product IDE531 1 2016-07-07 12:30:23.344 Update progress: [I19463] Syncing product IDE532 1 2016-07-07 12:30:31.696 Update successful 2016-07-07 12:30:44.732 Option all = no 2016-07-07 12:30:44.732 Option recurse = yes 2016-07-07 12:30:44.732 Option archive = no 2016-07-07 12:30:44.732 Option service = yes 2016-07-07 12:30:44.732 Option confirm = yes 2016-07-07 12:30:44.732 Option sxl = yes 2016-07-07 12:30:44.732 Option max-data-age = 35 2016-07-07 12:30:44.732 Option EnableSafeClean = yes 2016-07-07 12:30:45.302 Option vdl-logging = yes 2016-07-07 12:30:45.318 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-07-07 12:30:45.318 Machine ID: 65b9d5562cf54b6da53eee6442d382e3 2016-07-07 12:30:45.318 Component SVRTcli.exe version 2.5.5 2016-07-07 12:30:45.318 Component control.dll version 2.5.5 2016-07-07 12:30:45.318 Component SVRTservice.exe version 2.5.5 2016-07-07 12:30:45.318 Component engine\osdp.dll version 1.44.1.2250 2016-07-07 12:30:45.318 Component engine\veex.dll version 3.65.0.2250 2016-07-07 12:30:45.318 Component engine\savi.dll version 9.0.1.2250 2016-07-07 12:30:45.318 Component rkdisk.dll version 1.5.30.0 2016-07-07 12:30:45.318 Version info: Product version 2.5.5 2016-07-07 12:30:45.318 Version info: Detection engine 3.65.0 2016-07-07 12:30:45.318 Version info: Detection data 5.26 2016-07-07 12:30:45.318 Version info: Build date 4/5/2016 2016-07-07 12:30:45.318 Version info: Data files added 589 2016-07-07 12:30:45.318 Version info: Last successful update 7/7/2016 5:30:31 AM 2016-07-07 13:14:24.154 Could not open C:\hiberfil.sys 2016-07-07 13:14:26.344 Could not open C:\pagefile.sys 2016-07-07 13:22:39.362 Could not open C:\swapfile.sys 2016-07-07 13:24:15.765 Could not open C:\Users\George McCune\AppData\Local\Google\Chrome\User Data\Default\Current Session 2016-07-07 13:29:19.979 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\ditcdjd.zip 2016-07-07 13:29:19.979 Disinfection not offered 2016-07-07 13:29:33.304 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\IMPORTANT-INFO.zip 2016-07-07 13:29:33.304 Disinfection not offered 2016-07-07 13:29:33.621 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\INFO.zip 2016-07-07 13:29:33.621 Disinfection not offered 2016-07-07 13:29:54.646 >>> Virus 'Mal/Phish-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\PayPal Verify_Form.zip 2016-07-07 13:29:54.646 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:29:54.646 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:07.880 >>> Virus 'Mal/Phish-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\PayPal.com_Account_Confirmation_Form.pdf.zip 2016-07-07 13:30:07.880 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:07.880 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:18.890 >>> Virus 'Mal/Phish-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\PayPal_Account_Update_Form.pdf.zip 2016-07-07 13:30:18.890 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:18.890 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:24.017 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\SECURE-INFO.zip 2016-07-07 13:30:24.017 Disinfection not offered 2016-07-07 13:30:24.092 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\Secure_Details.zip 2016-07-07 13:30:24.092 Disinfection not offered 2016-07-07 13:30:34.062 >>> Virus 'Mal/Phish-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\Verification Form _ ID 916722246.html 2016-07-07 13:30:34.062 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:34.063 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:42.361 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\{6E764237-3E14-4029-9AE8-DC634CE9E8B5}\Secure_Details.zip 2016-07-07 13:30:42.361 Disinfection not offered 2016-07-07 13:30:52.278 >>> Virus 'Mal/Phish-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\{92EFCECA-60B6-4697-9B9D-2C3AC3791E1C}\PayPal Verify_Form.zip 2016-07-07 13:30:52.278 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:52.278 >>> Virus 'Mal/Phish-A' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 13:30:57.880 >>> Virus 'Mal/OddZip-A' found in file C:\Users\George McCune\Desktop\Old Dell Desktop\Documents and Settings\George McCune\Local Settings\Application Data\IM\Identities\{E89AE8A8-ECA9-4BB6-993F-FBAECAFF6EA7}\Message Store\Attachments\{F4E9452C-E813-45BC-915E-CE941CC0A4FF}\IMPORTANT-INFO.zip 2016-07-07 13:30:57.880 Disinfection not offered 2016-07-07 14:16:36.584 >>> Virus 'Mal/Generic-S' found in file C:\Windows\assembly\NativeImages_v4.0.30319_32\SevenZipSharp\41aca269929ac546014f180cfca0593f\SevenZipSharp.ni.dll 2016-07-07 14:16:36.584 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 14:16:36.584 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3111244324-2812534583-2988401279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons 2016-07-07 14:21:01.185 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-07-07 14:21:01.201 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-07-07 14:21:04.815 Could not open C:\Windows\System32\config\BBI 2016-07-07 14:21:05.379 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-07-07 14:21:05.433 Could not open C:\Windows\System32\config\RegBack\SAM 2016-07-07 14:21:05.448 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-07-07 14:21:05.495 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-07-07 14:21:05.517 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-07-07 14:34:58.071 The following items will be cleaned up: 2016-07-07 14:34:58.071 Mal/Phish-A 2016-07-07 14:34:58.071 Mal/Generic-S 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A 2016-07-07 14:34:58.071 Mal/OddZip-A Fixlog.txt Malwarebytes.docx
  11. Hello, My windows 10 PC has been infected for a couple weeks. I have the zeptovirus version and this is what my screen looks like http://virusguides.com/zepto-virus-zepto-file-extension-removal/ I have followed the instructions and ran Malwarebytes premium, rogukiller, and hitman pro with no success. the black screen of death with red text is still there. Please help if anyone can to remove this from my computer. Hopefully shadowexplorer will help me recover some of my files also Attached are my FARBAR files commonly requested FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.