Avatar of brian ramos
brian ramos
 asked on

ransomeware in flash drive

think I got ransomeware. files on flash drive showing ext.domn today when I checked it on a lab computer. I’m scared to plug it in another pc in case that pc gets infected. is there anyway to fix this ?
Anti-Virus AppsPC

Avatar of undefined
Last Comment

8/22/2022 - Mon
Robert Retzer

This is a hard call.  it is hardly unlikely that the application itself that encrypted your files has been transferred to your memory stick. The malware would be in the computer that infected the memory stick. But that is not to say it can't happen so it is a good thing that you are cautious before sticking the memory stick into another device. If you have a test system or a computer that you dont care about the data you can insert the stick in there and do a scan for malware such as ransomware, but I would make sure the system is not connected to the network, so that it will infect other systems or download a payload that will infect your current system. If the data is valuable and you do not want to take the chance of infect your computers or you dont have a system you can sacrifice then I recommend you take the stick to a reputable repair shop that removes malware.

I checked it on a lab computer.

Additionally it wouldn't be a bad idea to scan that lab computer as well

on that test pc - try formatting the stick
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

boot a computer with a live cd
mount the key with at least "noexec" and "ro" options

you will be able to assess what happened while minimizing the risks. basically only a malware in the usb microcode would be potent.
brian ramos

is just my flash drive have it not the pc. if I scan it with a paid antivirus like norton would that fix my flash drive ??

- you cannot scan it with norton without risking to infect the pc running norton.
- expecting anything from norton besides allowing your brand new i7 to run like a pentium3 is quite optimistic ( personal opinion ).
- not a single antivirus has yet provided a working anti-ransomware tool except occasionally against specific brands... that they might have created themselves.
- and you are past fixing : start by using that key read only and grab whatever files are pristine before you risk allowing the ransomware to crypt everything else.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
brian ramos

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

good to know.

may you elaborate a little, please ? ... :
where the files clean or did emisoft actually manage to decrypt the files ?
if so, would you happen to know the exact cryptoware brand ?
brian ramos


thanks for sharing. apparently that's a decent progress. ... and one more reason to believe there is at least some degree of collusion between anti-virus vendors and whoever crafted this kind of s***ware.

best regards
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.