Gandcrab v.5.0.4 _Infection removed?! What to do the next ?

Viruses and worms
1

On my PC I have:
C:Windows 7
D:Windows xp
Avast Internet Security

hello everybody, I don’t know IT, but I’m glad, I can ask friends for help!

On Dec.14.2018 around 13:10 PM, a few minutes after I turned on the PC, I got black screen and there was Gandcrab v.5.0.4 with his note… saying all my files are encrypted and so on…and only after a while I realized the DISASTER…The first since I have computer.
Unfortunately I don’t have any backup of my other partitions (except S: system, C: win.7 and D: win.xp), so I have to wait until “Angels” have success with a Decryption Tool against this version of Gandcrab.

I ran Smart Scan 2-3 times the day after, but nothing found. Although Avast firewall had alerted 3 or 4 times the day before, when I was stupidly downloading freeware’s like iShare, wondershare, iTools and such crazy things for some reason…

I started searching in internet and found out that Malwarebytes could be the right one, so installed (last version premium Trial for two weeks) and scanned the PC…it found many files and some Malware, and PuPs and recommend to remove them and restart…so I did. Scanned again…everything was fine !!

So I took Malwarebytes away and reinstalled my Avast Internet Security again and since no more black screen, nothing… Although in whole PC no file opens, except the ones in Avast File Shield.

My problems now:
1) I’m not sure if my PC is clean now?
_ because when I was going through instruction’s steps (report when infected), the adwCleaner found some 4 or 5 PuP’s that some I had not seen before, which then, it had to remove them and restart the computer!
2) if I can start Restoring my systems ?
_ Using system restore points, or restore from AOMEI backups, (unfortunately both are on the same hdd, only different partition).

These are probably very primitive questions, but an old retired person can and is allowed to be a little scary though !
I don’t really know what to do now.
Thanks for any help in advance.

PS: I have 3 more files to attach, where should I put them?

2
PS: I have 3 more files to attach, where should I put them?
Reply to your post and attach in reply ;)

Malware expert @Sass Drake is notified. It may take hours before he is online

3

Thanks a lot Pondus…
here are three rest attachments:
_aswMBR.txt and_DelFix.txt

By the way, DelFix deleted all recent restore points I had, even the ones before infection !!
I think I had to uncheck the box for deleting them. the Restore Point of the day before infection was my hope. I mean WHY did you put DelFix there
and WHAT is so important about its log, and a system which has to be restored anyway??
One could uninstall and delete all these stuff manually…
THANKS again…and waiting for your HELP, FRIENDS…

4

why did you use DelFix?

It is a program that malware expert will tell you to run after he is finish with his cleanup work.
Delfix will then remove all the tools he used including itselfe

5
  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
ShortcutWithArgument: C:\Users\Parvaneh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Parvaneh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
AlternateDataStreams: C:\ProgramData\Microsoft:a2sO1Wx35cCsrkETFL [2556]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:85E5F208 [147]
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
6

Happy New Year 2019 AVAST TEAM,
and thanks to Sass Drake to get involved. And sorry being late to answer,

here the requested log.text in attach,

PS: I could not sen my reply from win.7, many send tries ends with " error in verification typing",
so I’m trying with my XP (which I found an old AOMEI backup of it somewhere and aplied). it works somehow better.
hope this time will be POSTED!

HEY, I just found out thrt the YEAR in verification area is still 2018, so attention please submiting post !!

7

Please post new FRST.txt and Addition.txt logs.

8

Hi, Here the two FRST txt logs in attach.
Thanks for your time…

9

You don’t have active infection. As for lost files, you have to wait until someone make decryption tool.

Please rename FRST64.exe to uninstall.exe and run it. That should uninstall FRST.

10

Alright sir, thank you,
I have to be patient like many others.

11

check with Sass Drake and Pondus if this is possible:

https://www.nomoreransom.org/

https://www.nomoreransom.org/en/index.html

https://losvirus.es/ransomware-gandcrab-5-0-4/

https://translate.google.es/translate?hl=es&tab=wT&sl=es&tl=en&u=https%3A%2F%2Flosvirus.es%2Fransomware-gandcrab-5-0-4%2F