I have one PC (Windows 7) which is attacked presumably by a ransomware (in spite of having regularly updated antivirus viz Net Protector AV).
What I could see is this --
In MySQL/bin folder, all files got an extension of .[fileslocker@pm.me]
Also, backup files with .sql extension also got an extension of .fileslocker@me
These files have got encrypted.
So the database can't be read/manipulated.
I searched the web, but not sure which remedy/utility is safe.
Note:- This question seeks specifically regarding the virus of .[fileslocker@pm.me] and not in general suggestions such as system restore or reinstall or virus-scan. Hence it is not a duplicate of another question.
What should I do to get rid of this?
Asked
Active
Viewed 122 times
0
Vineet
- 101
- 2
-
The email comes back to a known Protonmail vanity alias. So that person is likely privacy minded and is either playing some sick joke on you OR you likely have a ransomware attack. Is there any way to see logs of when or where it originated or where those sanitized/deleted in the process? – linuxdev2013 Dec 27 '18 at 04:09
-
I am not aware of where a log is maintained in OS. Perhaps you can suggest where to see such log. – Vineet Dec 27 '18 at 04:12
-
My question specifically askes re this particular virus. It is not asking 'in general' remedies such as reinstall or scan. So I don't think it is a dup of other Q. – Vineet Dec 27 '18 at 05:06
-
2We aren't a virus removal service and we can't help with removing specific malware. That's what we have that canonical duplicate question. – forest Dec 27 '18 at 05:21
-
@forest I am totally aware that this is not a 'virus removal service'. As you know very well, this is open community. I am not 'asking' for a service. Just seeking suggestions/help if an expert is around. Maybe somebody had encountered the same problem and found a solution. In my experience, communities are willing to 'share' information/knowledge and users get benefited from such 'sharing'. – Vineet Dec 27 '18 at 05:29
-
@Vineet If it's ransomware, it usually won't try to hide itself or prevent its own removal, especially because it _wants_ you to notice it. So you can either remove the virus itself, or pay the ransom. It's unlikely that you'll be able to decrypt the contents without paying ransom. Anyway, searching online is returning a lot of results. – forest Dec 27 '18 at 06:58
-
For example, [this site](https://www.2-spyware.com/remove-fileslocker-ransomware.html) tells you that the best way is either to pay ransom, or re-install. – forest Dec 27 '18 at 07:01
-
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/87544/discussion-between-vineet-and-forest). – Vineet Dec 27 '18 at 07:07
-
Possible duplicate of [Dharma ransomeware files decryption](https://security.stackexchange.com/questions/174961/dharma-ransomeware-files-decryption), [How to decrypt file that was attacked by ransomware?](https://security.stackexchange.com/questions/136837/how-to-decrypt-file-that-was-attacked-by-ransomware), [Getting files back by paying Ransomware](https://security.stackexchange.com/questions/107285/getting-files-back-by-paying-ransomware). – Steffen Ullrich Dec 27 '18 at 07:19
-
@SteffenUllrich thanks for the links. I checked them. There is info given about certain ransomwares. But unfortunately there is no info/tool for .[fileslocker@pm.me] . Hence it is not a duplicate of that question. – Vineet Dec 27 '18 at 07:33
-
1@Vineet: As forest already said: this is not a malware removal site but we can provide useful links. The first answer in the first question I've linked to provides a clearly visible link to NoMoreRansom - look there for more help. – Steffen Ullrich Dec 27 '18 at 08:25
-
@Vineet Good news, you may decrypt your files for free with this decrypter I wrote: https://twitter.com/demonslay335/status/1079819984975609856 – Demonslay335 Dec 31 '18 at 19:28
-
@Demonslay335 thanks a lot for your response. I will give it a try as soon as I get back to office. – Vineet Jan 04 '19 at 08:02