Moved / reposted for @joevdaniels
Hi,
I carried out all the steps instructed by magna86
please find log files attached.
what next?
Moved / reposted for @joevdaniels
Hi,
I carried out all the steps instructed by magna86
please find log files attached.
what next?
Ransomware, Information stealers, and more.
First off, go to a friend, coworker or family member and ask to use their computer. You should change all your passwords immediately, starting with your email passwords. MBAM flagged some information stealers. As for the ransomware, there is nothing we can do to restore the files. Any of them on Sharepoint or Onedrive?
This is/was a work computer, wasn’t it?
2019-09-23 15:25 - 2016-07-12 13:04 - 000000000 ____D C:\Users\Josiah.daniels\Documents\Sharepoint
Microsoft OneDrive for Business Browser Helper
2019-09-19 09:30 - 2019-09-19 09:30 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
The dot in usernames is very common in domain environments.
I see that you caught NESA ransomware. This will not restore your files but it will remove malicious extension from Firefox.
FF Extension: (Firefox Protection) - C:\Users\Josiah.daniels\AppData\Roaming\Mozilla\Firefox\Profiles\ugj2bjog.default\Extensions\{ab10d63e-3096-4492-ab0e-5edcf4baf988} [2019-09-18] [not signed]
FF SearchPlugin: C:\Users\Josiah.daniels\AppData\Roaming\Mozilla\Firefox\Profiles\ugj2bjog.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-21]
Thanks to y’all for your suggestions. they are helpful.
but it’s looking like I have no choice but to pay the ransom.
but it's looking like I have no choice but to pay the ransom.https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/ransomware
you should use backup.
you have a live.com mail and that means you also have free OneDrive online backup https://onedrive.live.com/
also see: https://forum.avast.com/index.php?topic=156141.msg1521210#msg1521210
A reminder that just because you pay, doesn’t mean they have the ability to unlock it for you. There are no refunds here.
I highly recommend you not pay the ransom.