Register Account

Britec Tech Support Forum Computer Security Security, Viruses, Trojans & Malware Removal my pc infected with New Hard Ransomware ( 98E8 file) Help Please

Thread Closed 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options  
my pc infected with New Hard Ransomware ( 98E8 file) Help Please
akhmedtaia Offline
Junior Member
**
Registered
Posts: 7
Threads: 1
Joined: Sep 2016
Reputation: 0
#1
12-23-2016, 12:07 PM (This post was last modified: 12-23-2016, 01:01 PM by Britec.)

.png   cerber.png (Size: 354.55 KB / Downloads: 818)

my pc infected with New Hard Ransomware ( 98E8 file) Help Please
files after infected become :


.jpg   15590125_326951837689257_5476093241353659813_n.jpg (Size: 32.87 KB / Downloads: 875)
Find

Compton Offline
member
*****
Registered
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation: 145
#2
12-23-2016, 12:37 PM (This post was last modified: 12-23-2016, 12:38 PM by Britec.)
akhmedtaia  I have upload the photo to the forum

its already encrypt your data I am sure you can't do much to get it back

  [Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Find

Britec Offline
Owner
********
Owner
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation: 102
#3
12-23-2016, 12:42 PM
Why type of ransomware is it? does it display a image on desktop? We need more information about the ransomware you have so we can see if there is a tool to decrypt your files.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Find

akhmedtaia Offline
Junior Member
**
Registered
Posts: 7
Threads: 1
Joined: Sep 2016
Reputation: 0
#4
12-23-2016, 12:43 PM
(12-23-2016, 12:37 PM)Compton Wrote:  akhmedtaia  I have upload the photo to the forum

its already encrypt your data I am sure you can't do much to get it back

  [Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Thanx, but ..
i uses : Malwarebytes 3.0.4.1269 Premium --- No infect
- G DATA INTERNET SECURITY--- No infect
Ransomware Defender--- No infect
GridinSoft Anti-Ransomware--- No infect
avast anti-ransome- --- No infect
-----------------------
any decrype , please ?
Find

Britec Offline
Owner
********
Owner
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation: 102
#5
12-23-2016, 12:47 PM (This post was last modified: 12-23-2016, 12:48 PM by Britec.)
[Image: FRST.png] Scan with Farbar Recovery Scan Tool


Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach .txt files into your next reply.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Find

akhmedtaia Offline
Junior Member
**
Registered
Posts: 7
Threads: 1
Joined: Sep 2016
Reputation: 0
#6
12-23-2016, 12:48 PM
(12-23-2016, 12:42 PM)Britec Wrote:  Why type of ransomware is it? does it display a image on desktop? We need more information about the ransomware you have so we can see if there is a tool to decrypt your files.

please check file on dropbox
https://www.dropbox.com/sh/cqu0k70uue81uua/AABo25PGNoVToNLfd3zOiCpoa?dl=0

files after encrypted
------------------------
edit:
i delete Ransomware source file
Find

Compton Offline
member
*****
Registered
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation: 145
#7
12-23-2016, 12:58 PM
I don't think they have a decryptor tool for cerber ransomware
Find

Britec Offline
Owner
********
Owner
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation: 102
#8
12-23-2016, 01:05 PM
Yeah Cerber 3, not good news I am afraid.

https://www.bleepingcomputer.com/news/security/check-point-releases-working-decryptor-for-the-cerber-ransomware/
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 
Find

akhmedtaia Offline
Junior Member
**
Registered
Posts: 7
Threads: 1
Joined: Sep 2016
Reputation: 0
#9
12-23-2016, 02:10 PM
(12-23-2016, 12:47 PM)Britec Wrote:  [Image: FRST.png] Scan with Farbar Recovery Scan Tool


Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach .txt files into your next reply.

ok, i check my pc when i comeback home
first , see this analyse
https://malwr.com/analysis/MjNlOWE0MWQ4NGE3NDUzZGIzN2M1ZWQyM2VlZmMxMmI/
Find

GuiltySpark Offline
Overseer
*****
VIP
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation: 46
#10
12-23-2016, 02:48 PM
That's not Cerber3 but Cerber 4.0 / 5.0 you are SOL. Best thing is to use a backup image and re-install from there.
 

Website Find

« Next Oldest
Next Newest »
Thread Closed 


Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.