The 'Crypto Virus' infection - infected

Status
Not open for further replies.

Franc_828

Estimable
Dec 14, 2015
3
0
4,510
Hello yall,

Right as im writing this, I am infected by a virus i know well now - because a few months ago, i was infected by the same thing.

That thing, months ago, if you give it enough time, it can encrypt your entire disk drive, so all your personal files will become unavailable to even use.


Anyways, back to the main subject:

my PC have an infection. i know it.

But I dont know where inside the drive the virus lies ! I mean i looked everywhere !!

I used malwarebytes, i scanned 2 times now.


I know the virus my pc have :

its a thing that mess around a few places, notably /AppData/Temp

at this directory, it creates multiples random files

the files you are only able to remove them if you kill their processes first.

anyways,

everytime im log on the internet , the virus seems to work. it creates more and more encrypted files.

and also to note, even if i delete anything weird, at the next reboot, the directories come back.

anyways,

i dont know what to do.

I want to know where those 'Crypto Virus' hides within our hard drive - their core - so we can delete them by the core at first.

but seems i cant find.

Googling , i cant find any site that explains where those things hide.

they only say that mainly, crypto viruses have a part in the registry, may have a part in the Startup, ... but also have a part in the temp files.

can anyone help ?

thanks
 

Franc_828

Estimable
Dec 14, 2015
3
0
4,510


thanks for helping on this, but how can you say 'its the only way' ?

if a pc get infected, then the virus has to be somewhere .

we have to know
 

Petrossa

Honorable
Jan 30, 2014
176
1
10,910
Since no anti-virus/malware scanner is able to pick it up, you are not able to be sure that you have found all instances of the nasty, hence the suggestion to re-install and be done with it.
We've had the same issue with some of our workstations being infected and thus infecting a server. There is no time to sift through thousands of files trying to find it. Format, re-install, set user up again, restore server data from backup. Easy.
 

ss202sl

Honorable
The virus changes. The Antivirus companies try to keep up, but it's impossible, and while they may catch it, once you're infected, they haven't created a 100% way to clean your PC. That leaves re-installing the OS as the best option - or you end up playing the game of trying to clean your PC for the next few weeks or months, and maybe getting nowhere.
 

Nonpossible

Estimable
Jan 3, 2015
7
0
4,510

He's right, these crypto-lockers are very sophisticated and cannot simply be deleted by you and in most cases can't even be detected by antivirus. Format and reinstall Windows, don't pay the ransom. There is no guarantee that if you pay them they won't leave the locker on to hit you up in the future (they are criminals after all).

 

Nonpossible

Estimable
Jan 3, 2015
7
0
4,510
It looks like you have already gotten the same advice here so let me leave you with this, do frequent backups of your data. If you have an external HDD somewhere, make a clone of your C: drive once a week or once a month or as frequently as you need. Make two backups, keep them in separate storage areas. Then when you get hit up for a ransom you won't have to worry about losing more than a week or a few days of data.
 
Status
Not open for further replies.