asked on
ransomeware in flash drive
think I got ransomeware. files on flash drive showing ext.domn today when I checked it on a lab computer. I’m scared to plug it in another pc in case that pc gets infected. is there anyway to fix this ?
Anti-Virus AppsPC
Last Comment
skullnobrains
This is a hard call. it is hardly unlikely that the application itself that encrypted your files has been transferred to your memory stick. The malware would be in the computer that infected the memory stick. But that is not to say it can't happen so it is a good thing that you are cautious before sticking the memory stick into another device. If you have a test system or a computer that you dont care about the data you can insert the stick in there and do a scan for malware such as ransomware, but I would make sure the system is not connected to the network, so that it will infect other systems or download a payload that will infect your current system. If the data is valuable and you do not want to take the chance of infect your computers or you dont have a system you can sacrifice then I recommend you take the stick to a reputable repair shop that removes malware.
I checked it on a lab computer.
Additionally it wouldn't be a bad idea to scan that lab computer as well
on that test pc - try formatting the stick
boot a computer with a live cd
mount the key with at least "noexec" and "ro" options
you will be able to assess what happened while minimizing the risks. basically only a malware in the usb microcode would be potent.
mount the key with at least "noexec" and "ro" options
you will be able to assess what happened while minimizing the risks. basically only a malware in the usb microcode would be potent.
ASKER
is just my flash drive have it not the pc. if I scan it with a paid antivirus like norton would that fix my flash drive ??
- you cannot scan it with norton without risking to infect the pc running norton.
- expecting anything from norton besides allowing your brand new i7 to run like a pentium3 is quite optimistic ( personal opinion ).
- not a single antivirus has yet provided a working anti-ransomware tool except occasionally against specific brands... that they might have created themselves.
- and you are past fixing : start by using that key read only and grab whatever files are pristine before you risk allowing the ransomware to crypt everything else.
- expecting anything from norton besides allowing your brand new i7 to run like a pentium3 is quite optimistic ( personal opinion ).
- not a single antivirus has yet provided a working anti-ransomware tool except occasionally against specific brands... that they might have created themselves.
- and you are past fixing : start by using that key read only and grab whatever files are pristine before you risk allowing the ransomware to crypt everything else.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
good to know.
may you elaborate a little, please ? ... :
where the files clean or did emisoft actually manage to decrypt the files ?
if so, would you happen to know the exact cryptoware brand ?
may you elaborate a little, please ? ... :
where the files clean or did emisoft actually manage to decrypt the files ?
if so, would you happen to know the exact cryptoware brand ?
ASKER
it decrypted it for me.
this is what helped me https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/?fromsearch=1
this is what helped me https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/?fromsearch=1
thanks for sharing. apparently that's a decent progress. ... and one more reason to believe there is at least some degree of collusion between anti-virus vendors and whoever crafted this kind of s***ware.
best regards
best regards