Hello, I have read on another thread that I should attach logs of a Ransomware removal here for help in possible recovery. Is there anybody out there who can help me please, I am really losing a lot of data here that cannot be replaced so I am in trouble.
I also have to inform you that the TC’s new varinat (that creates .xxx, .ttt, .micro, and .mp3 extensions) can not be recovered or encrypted at this moment, unfortunately.
For some older TC’s varinat (ecc, ezz, exx, xyz, zzz, aaa, abc, ccc, or vvv) may have chanse for unlocking by using TeslaCrack,TeskaDecoder or simular tool. Follow this thread for future informations.
Hi…am…malware is still active. MBAM didn’t do his job right…
Deploy my fix now!, post me FixLog and then run anather Scan and post fresh FRST.txt to see is malware still active.
Bdw, logs shows .mp3 version of TC malware, thus above rules apply. You may follow this thread, so if anytime soon fix for this varinat appears, you shall read it here: BC’s thread
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
You will need to follow my guide to dot. You have been run FRST fix two times, I asked only one run. Thus, posted log tells me nothing…
Post original FixLog from the first run, located at C:\FRST\Logs folder.
Next, I didn’t tell you to re-run aswMBR, but to re-run FRST and post fresh FRST.txt reprot for re-analysist…
And finally, you will need to read my lines, as I have written everything with links that you need to know.
My appologies Magna, but the computer shut down during the first scan and I had to start again.
Attached is the very first FixLog in that folder, is that what you are looking for? I have also posted the FRST file in case you wanted that as well.
Please assist me, I am grateful for your time and effort.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. [*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
Well, elphick.mark, these posted logs shows no presence of ransomware (TC) nor any other active malware. We removed the malware from system.
Logs are clean.
Thus, the consequences of infection remains. As said before, data can’t be decrypted or unlocked with any key at this moment.
Pack your files in one place and hope some solutions in any future. Follow BC thread and BC’s articles and you will know if solutions is near.
As avast! isn’t very good at detectiong new ransomware malware, my advice is to heighten your security ecosystem. You may wanna take a peek at this software;
CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker, Tesla Crypt and simular clones. App creates powerfull GPO for security working…
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Your Welcome. I’m sorry for not being able to do more with your data.
IMO, explot for new TeslaCrypt (method for restoring crypted files) may not come so soon (time within few weaks or so…) but some people are working hard to find some kind of hole in malware itself.