PDA

View Full Version : Need tech help

Gabriel Wells
02-17-2009, 11:27 AM
Ok I believe I got some type of ransomware on my computer because all of my files are encrypted and the person left a note saying this.

"Some files on your machine are encrypted and your private informations were collected and sent to us.
To decrypt files so you could use them again, you have to buy our decryptor.
After you buy decryptor, your files will be decrypted, and we will destroy your private informations from our system, and help you remove malicious software from your system.
To buy decryptor, contact us at: thankyoumuchos@gmail.com or meloveyoug@yahoo.com
If you dont contact us, your private informations will be shared and you will loose all your data."


Anyone know how to get rid of this?
Raffi Manoian
02-17-2009, 11:37 AM
hi Gabriel,

see if this works for ya,

"f your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Modify the system registry key value by adding any symbol to the end of the name of the malicious module: Example:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe, %System%\ntos.exe_"
Reboot the computer.
Manually delete the files listed below from the Windows system directory:
ntos.exe
If the malicious program has encrypted files on your machine, you can use Kaspersky Lab's free utility to decrypt them. Instructions and the utility itself can be found on the KL technical support site. Make sure you read the instructions carefully. Entering the wrong key could cause files to be irrevocably damaged.
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus)."

Taken from
http://www.viruslist.com/en/viruses/encyclopedia?virusid=164339

good luck, let me know if you need anything else.
Dan Eberhardt
02-17-2009, 11:42 AM
Got a virus scanner? No? Get one. I like this one: http://www.trendmicro.com
Any one should do the job though.
Your files haven't been sent away, although they may be encrypted.
See this link for more info, its a similar thing but doesn't use the exact text yours used. Its got some instructions on manually removing it, but again there could be variances in it.
http://www.viruslist.com/en/viruses/encyclopedia?virusid=164339

Oh, and stop looking at porn... ahaha :)


edit: pretty much what Raffi said.