ransomeware in flash drive

brian ramdhan
brian ramdhan used Ask the Experts™
on
think I got ransomeware. files on flash drive showing ext.domn today when I checked it on a lab computer. I’m scared to plug it in another pc in case that pc gets infected. is there anyway to fix this ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Robert RComputer Service Technician

Commented:
This is a hard call.  it is hardly unlikely that the application itself that encrypted your files has been transferred to your memory stick. The malware would be in the computer that infected the memory stick. But that is not to say it can't happen so it is a good thing that you are cautious before sticking the memory stick into another device. If you have a test system or a computer that you dont care about the data you can insert the stick in there and do a scan for malware such as ransomware, but I would make sure the system is not connected to the network, so that it will infect other systems or download a payload that will infect your current system. If the data is valuable and you do not want to take the chance of infect your computers or you dont have a system you can sacrifice then I recommend you take the stick to a reputable repair shop that removes malware.
I checked it on a lab computer.

Additionally it wouldn't be a bad idea to scan that lab computer as well
Top Expert 2013

Commented:
on that test pc - try formatting the stick
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

boot a computer with a live cd
mount the key with at least "noexec" and "ro" options

you will be able to assess what happened while minimizing the risks. basically only a malware in the usb microcode would be potent.
brian ramdhaniCT Technician

Author

Commented:
is just my flash drive have it not the pc. if I scan it with a paid antivirus like norton would that fix my flash drive ??
- you cannot scan it with norton without risking to infect the pc running norton.
- expecting anything from norton besides allowing your brand new i7 to run like a pentium3 is quite optimistic ( personal opinion ).
- not a single antivirus has yet provided a working anti-ransomware tool except occasionally against specific brands... that they might have created themselves.
- and you are past fixing : start by using that key read only and grab whatever files are pristine before you risk allowing the ransomware to crypt everything else.
iCT Technician
Commented:
I used emsisoft decryptor software and it worked.
good to know.

may you elaborate a little, please ? ... :
where the files clean or did emisoft actually manage to decrypt the files ?
if so, would you happen to know the exact cryptoware brand ?
thanks for sharing. apparently that's a decent progress. ... and one more reason to believe there is at least some degree of collusion between anti-virus vendors and whoever crafted this kind of s***ware.

best regards

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial