Ransomed virus

The files were Quarantined only not deleted which is Ok as with the other setting it just checked for files without a signature, but I checked the and they are alright, so Don't need to delete.

 

On with Step 4

 

step 4. (a)

 

Please read carefully and Slowly

 

You might have to export the results

 

 Please scan with ESET next 


I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and DON'T (NO) check Remove found threats (reason for this is we don't want something deleted and then Windows won't load).
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Attach the resulting log in your next reply


If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it. 

 

Quads

Quads, thanks again for your assistance.  I will post the log when it's done, but I'm going to have to let it run overnight as it's getting quite late here.

 

Dale

 

No problem

 

Quads

Quads,

 

No threats found.  Log is attached.

 

Dale

 

Now an up to date OTL from the Desktop for the cleanup

 

Download OTL http://www.bleepingcomputer.com/download/otl/   On to the Desktop

 

Start OTL,  (Right click and from the menu choose "Rin as Administrator")

Click the Scan All Users checkbox.

Change file age to 60 days

 

Press the 

 

 

An OTL.txt  and extras.txt will be created. To attach back in a post

 

Quads

Quads,

 

Scan is done, the logs are attached.

 

Thank you,

 

Dale

 

Can you open Norton and in the help menu look at the About, and tell me the version number please??

 

Quads

Looks like Norton Internet Security 19.9.0.9

Disable Norton for say 30mins

 

Start OTL,  under   Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom)  and run the script. (Red Run Fix Button)

 

The output log, should be placed in the C:\ _OTL\Moved Files folder after.

 

Quads

Quads, OK, fix has been run and log is attached Dale.

Lets try this again, the log didn't get posted last time...

Now the folder .Trash-999  was not quite what I expected, although they are old documents by the looks,  do you want it??

 

Also how is your system running now??

 

Quads

From the looks of it, I'd say that nothing in the .Trash-999 folder is anything that I can't do without.  All the \Paperport\ stuff is from the multifunction printer/scanner device we use and is empty.  The rest of it is either empty folders or a few old pdf's that can be trashed.

 

The system seems to be running fine...no signs of any unusual activity.  I checked another machine and see that the NIS running on this computer is not the current one, so I'm figuring I need to update that, but I'll wait to do that until you say it's good to go.  I'm calling it a night now as I have an early start at work in a few short hours.  Let me know where to proceed and I'll tackle it tomorrow.

 

Thank you,

 

Dale

 

Disable Norton

 

Start OTL again but this time click the Black CleanUp button, then make sure the C:\_OTL folder is deleted.

 

After that you are free to go on your merry way.  You are now fixed / Solved.

 

If you want Malwarebytes download the Free version to install and don't click the Trial button

 

If you want to, you can turn off System Restore wait for it to clear the Restore Points and then Turn it back on once you find all is happy. today, tomorrow whenever.

 

The OTLPE CD is dangerous in the hands with tools in the CD for Malware Removalists, so careful who uses it with your systems.

 

 

Quads

Quads, Thanks again for your efforts on getting this bug removed. I’ve updated NIS and scanned the computer and nothing shows up, so it looks like it’s gone. I appreciate your assistance! Dale