.pllmxshn

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,289
513
PCHF Bunker
pchelpforum.net
Hello,

You indeed have ransomware. Luckily they have a decryptor for you.

Please download the GandCrab Ransomware Decryptor from BitDefender HERE and please follow the directions on the page here.

Please do advise if this works or not. If it does, we will have to do some cleanup and preventative maintenance.
 

leemaree

PCHF Member
PCHF Member
Aug 21, 2020
4
0
41
Hello,

You indeed have ransomware. Luckily they have a decryptor for you.

Please download the GandCrab Ransomware Decryptor from BitDefender HERE and please follow the directions on the page here.

Please do advise if this works or not. If it does, we will have to do some cleanup and preventative maintenance.
When I double-click on the BDGandCrabDecryptTool, I say yes, and then nothing, won't open
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,289
513
PCHF Bunker
pchelpforum.net
What version of Windows are you running?

When you run the program, it should run it as administrator and you should see the below screens:

gand1.png
gand2.png
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,289
513
PCHF Bunker
pchelpforum.net
Your system might be more damaged than I thought. Try to do the following for me.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

leemaree

PCHF Member
PCHF Member
Aug 21, 2020
4
0
41
Your system might be more damaged than I thought. Try to do the following for me.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu.



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

Attachments

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,289
513
PCHF Bunker
pchelpforum.net
At first glance, I see you have uTorrent installed, which is most likely how it came onto your system and we can not assist you while it's on your system.

At this point, you are better off doing a fresh install of Windows as it's unknown what has been compromised. Ransomware is so volatile and unpredictable, it can encrypt system files and even if we do a cleaning, there's no 100% chance it will be removed from your PC. That's why we always advise against using Torrent applications and making sure your system is well protected. I would advise Resetting your PC which you can doing the Reset PC option. This will erase everything.

reset1.png
reset2.png
 
Status
Not open for further replies.