Author Topic: Deleted Program Files  (Read 7963 times)

0 Members and 1 Guest are viewing this topic.

Offline damurcute

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 6
  • Karma: 0
    • View Profile
Deleted Program Files
« on: April 04, 2016, 11:45:16 pm »
I recently got attacked by ransomware when I downloaded a picture of Casper the Ghost. It also encrypted my backup usb drive. I had a 2 week old disc image which was damaged on another drive. I eventually got this to work and repaired my system but it took a week. Most of what I did by hand is done by your Windows Repair tool which I only discovered when I finished. Commercial Reg Repairs have never fixed anything so this tool is a breathe of fresh air. However I may have overdone it with the tool as used it today then got an error relating to Group Policy, it auto booted, took ages to restart and another error about users. Then I noticed all the Program Files are deleted except microsoft. I had Malwarebytes, Bitdefender and Malwarebytes Ransomware Beta running and no virus detected. I ran adwCleaner and only a file named mntemp was found. I have done something stupid with Windows Repair or is this another virus?

Offline damurcute

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Deleted Program Files
« Reply #1 on: April 05, 2016, 02:41:39 am »
I never meant for a second Windows Repair was at fault, just the user. I cannot rave about how good it is enough. I went to safe mode ran Malwarebytes and got online virus scans from ESET, Trend, Microsoft & FSecure and none found a virus. Skimmed through my Registry looking in at risk places and found current user windows search some korean words - translated mean Gaga Baby geng etc. translation was dubious but clearly a reference to Lady Gaga. Found some other Registry Keys then found the offending file. It had put itself in the trash and is called $RE67FM9.exe. It also seemed to make a copy of my user profile but with most folders empty. Spent most of my time looking for it online but cant find it anywhere. Anyway, will put files back on and monitor it offline and see what happens. Hasn't infected my laptop which is on the network so guess that is a good sign.

Offline damurcute

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Deleted Program Files
« Reply #2 on: April 05, 2016, 03:29:15 am »
BTW When i got the ransom virus there were a couple of things I found that made me think the source was asian. This confirms it for me. The 2 incidence are connected and the ransom from Korea. They also used an SSL certificate from Symantic, hijacked Avira and were ignored by Spyhunter. Malwarebytes Ransomware Beta is a must as normal virus software does not see it.