Just today I noticed that most of my files on a particular drive had new extensions. Many of these include my mp3s, some pics, and some other files. The new extensions were .ENCRYPTED. When I removed the extensions the files still were not playable. I use Avast Home Edition and it never caught or told me anything had happened. In each folder on the drive was a README.txt that stated I needed to pay 50 euro in order for them to email me the decrypter for my files. When I ran a scan of viruses xwr48247.dll came up as infected. I don’t know what to do! Any suggestions/ideas/solutions?
Can you submit one of the encrypted files to Virus Total and post the result here?
I suggest:
- Clean your temporary files.
- Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
- Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
- Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
- Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
- Clean your Hosts file (replacing it) with HostsMan tool.
- Disable System Restore and then reenable it again.
- Immunize your system with SpywareBlaster.
- Check if you have insecure applications with Secunia Software Inspector.