Malwarebytes anti ransomware grabbed a ransomware file

[smirk24]

Malwarebytes anti ransomware grabbed a ransomware file that was trying to attack my explorer.exe but when i looked in the quarantine there was nothing there so what should i do?



  Capture.PNG (Size: 13.35 KB / Downloads: 105)

[Compton]

it probably delete file and did not quarantine it

[smirk24]

Oh okay, it keeps popping up with the same as the picture in my first post and it also turned malwarebytes anti ransomware off also




  Rkill.txt (Size: 5.74 KB / Downloads: 5)

[Compton]

I would run same scans just to make sure you did not get infected



Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.
  

Save the file to your desktop and include its content in your next reply.




Fix with Junkware Removal Tool

Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and let this process run uninterrupted.
• This scan can take a while, depending on your System specs.
• Upon completion, a log (JRT.txt) will open on your desktop.
  

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



HitmanPro[/color][/font][/size][/color][/b]

• Please download HitmanPro.
• Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
• Click on the next button. You must agree with the terms of EULA.
• Check the box beside "No, I only want to perform a one-time scan to check this computer".
• Click on the next button.
• The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
• When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
• Click on the next button.
• Click on the "Export scan results to XML file".
• Save that file to your desktop and post in your next reply.
  
  
  Fix with AdwCleaner
  
  Please download AdwCleaner by Xplode and save the file to your desktop.
  
  
  • Right-click on icon and select Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
    
• Please include the contents of that file in your reply.
  

[smirk24]

Malwarebytes antimalware,adw cleaner,jrt and hitman pro came up clean besides some adware that it found

[Compton]

ok  Malwarebytes anti ransomware is in beta so I would not be surprise

if Malwarebytes anti ransomware did not block it

when something is in beta you should only test it in a virtual system

how did you end downloading it in the first place



Please Run Norton Power Eraser, once complete, let me know if it finds and removes anything...


[*]Download Norton Power Eraser from here: https://security.sym.../nbrt/npe.aspx? and save direct to your Desktop.

[*]Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.

• Accept EULA.
  

[*]

• Norton Power Eraser will check for the latest updates.
  

[*]

• Now select "Scan for Risks" button.
  
  

[*]

• To perform a Rootkit scan, select "Restart"
  
  

[*]

• Rootkit scan preparations, it will then Reboot the system.
  
  

[*]

• Norton Power Eraser will now restart and check for update, do nothing and be patient.
  
  

[*]

• System scan will now start, do nothing and be patient.
  
  

[*]

• If infections are found a list will be produced, make sure to check-mark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.
  
  

[*]

• To "Remove infections from computer" the system will need to restart, select Restart Now
  
  

[*]

• Select "Locate Log" attach to next reply. Select "Done" all done.
  
  
  
  
  
  
  Scan with Panda Cloud Cleaner
  
  Please download Panda Cloud Cleaner and save the file to your desktop.
  Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  
  
  • Install the scanner by right-click on icon and select Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
    
• Please include the contents of that file in your next reply.
  Don't forget to re-enable your switched-off protection software!
  After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
  
  
  
  
  Please perform a scan with ESET Online Scan
  
  §  open new browser tab
  
  
  
  §  Click the  button.
  
  §  Click on   button to download the ESET Smart Installer.
  Save it to your Desktop.
  
  o    Double click on  to start ESET Smart Installer.
  
  §  Check "YES", and Tick "I accept the Terms of Use"
  
  §  Click the  button.
  
  §  Yes to User Account Control warning.
  
  §  Enable detection of potentially unwanted applications.
  
  §  Click Advanced settings and select the following:
  
  o    Remove found threats
  
  o    Scan Archives
  
  o    Scan for potentially unsafe applications
  
  o    Enable Anti-Stealth technology
  
  §  ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
  §  When the scan completes, click List of Found Threats
  
  §  Click Export toText File, and save the file to your desktop and name it EsetLog. Include the contents of this report in your next reply.
  
  §  Put tick in Uninstall Application on close
  
  §  Put tick in Delete Quarantined files
  
  §  Click the Finish button.
  
  
  
  
  
  
  
  
   Please Download Emsisoft Emergency Kit to your desktop.
  
  ·         Please double click EmsisoftEmergencyKit.exe this will install Emsisoft Emergency Kit
  ·         Next  choose Extract it will put program in C:\EEK
  ·         Navigate to C:\EEK then click "Start Emergency Kit Scanner .exe"
  ·         Click Yes to User Account Control (UAC)
  ·         Click Yes to Update Signature Definitions  
  ·         Now click " Smart Scan "and select Yes" to "Detect Potently Unwanted Programs (PuPs) "
  ·         Click Delete Selected  then click View Report and save as EEK.log.  
  ·         Click Finish and post EEK.log on next post.
  
  
  
  
  
  
  
  

---

Scan with HerdProtect

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to install the scanner.
• It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
• Agree to the terms, select Launch herdProtect and click Finish.
• Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
• When it finishes click on Save Results.
• A Notepad with a report should open.
  

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool



Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please copy and paste their content into your next reply.

[smirk24]

I heard of it through one of brians videos on you tube

[Compton]

ok let me just say this I am very sorry

I am not saying that you did something wrong

one thing you have to remember brain/britec is testing it in a virtual system


this is my take beta software should only be use by beta taster in a virtual system

again I am not saying that you that anything  wrong


 

[smirk24]

Oh okay, so when it comes to beta software its best to run it in a virtual box just incase the software effects the os.

[Compton]

Yes that would be the best just to be on the safe side