Moved / resposted for @joevdaniels

Moved / reposted for @joevdaniels

Hi,

I carried out all the steps instructed by magna86

please find log files attached.

what next?

Ransomware, Information stealers, and more.

First off, go to a friend, coworker or family member and ask to use their computer. You should change all your passwords immediately, starting with your email passwords. MBAM flagged some information stealers. As for the ransomware, there is nothing we can do to restore the files. Any of them on Sharepoint or Onedrive?

This is/was a work computer, wasn’t it?

2019-09-23 15:25 - 2016-07-12 13:04 - 000000000 ____D C:\Users\Josiah.daniels\Documents\Sharepoint
Microsoft OneDrive for Business Browser Helper
2019-09-19 09:30 - 2019-09-19 09:30 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

The dot in usernames is very common in domain environments.

I see that you caught NESA ransomware. This will not restore your files but it will remove malicious extension from Firefox.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
FF Extension: (Firefox Protection) - C:\Users\Josiah.daniels\AppData\Roaming\Mozilla\Firefox\Profiles\ugj2bjog.default\Extensions\{ab10d63e-3096-4492-ab0e-5edcf4baf988} [2019-09-18] [not signed]
FF SearchPlugin: C:\Users\Josiah.daniels\AppData\Roaming\Mozilla\Firefox\Profiles\ugj2bjog.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-06-21]

  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Thanks to y’all for your suggestions. they are helpful.

but it’s looking like I have no choice but to pay the ransom.

but it's looking like I have no choice but to pay the ransom.
https://safecomputing.umich.edu/be-aware/phishing-and-suspicious-email/ransomware

https://www.nomoreransom.org/

you should use backup.
you have a live.com mail and that means you also have free OneDrive online backup https://onedrive.live.com/

also see: https://forum.avast.com/index.php?topic=156141.msg1521210#msg1521210

A reminder that just because you pay, doesn’t mean they have the ability to unlock it for you. There are no refunds here.

I highly recommend you not pay the ransom.