1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help: Ransonware: All files are encrypted

Discussion in 'General PC Chat' started by charlie123, May 28, 2018.

  1. charlie123

    charlie123 Registered

    45
    5
    8
    hi there

    My mate was completing some work online (he’s a dentist) then was alerted to an on-screen message saying get all his files have been encrypted and have pay by bitcoin.

    His IT guy advised to do a system restore via the disk on the PC, which is running fine now but he has an external hard disk with patient files that shows this ransonware message when he’s tries to access them - this has patient records as a backup

    Is there any free software that can be run on the external hard disk to remove the ransonware ?
    I have enclosed the image of the ransonware

    He had tried malwarebytes but after scanning that showed no threats

    Thanks in Adance
    Charlie
     

    Attached Files:

  2. wooshman

    wooshman VIP Member Forum Supporter

    4,944
    2,048
    133
    {Bodge Builder
    UK
    They normally live in your registry and don't encrypt your files UNLESS you are unlucky enough to have contracted one of the ones which actually does encrypt your file.

    Start here and try and find which one you have.
    https://www.bleepingcomputer.com/virus-removal/

    Their guides are very very good and should help you remove it.

    First thing to try is starting in safe mode. If the computer starts up it is a good start.
     
  3. charlie123

    charlie123 Registered

    45
    5
    8
    Thank you for the post, I will take a look as he’s a non techie

    All the files are his external hard disk are infected so seeing what can be done to Remove it

    Cheers
     
  4. stuss

    stuss TK Veteran Forum Supporter

    853
    628
    133
    Male
    {engineering
    uk
    A dentist wanting free ransomware software.. 2k for my screw in tooth
    What version of Windows is your dentist using ??
     
  5. charlie123

    charlie123 Registered

    45
    5
    8
    I know the cheeky sod - but he doesn’t charge me for treatment -lol

    He’s Running Windows 7
     
  6. charlie123

    charlie123 Registered

    45
    5
    8
    So after a lot of research it’s the:

    Badfail@qq.com is a crypto-malware closely related to Arrow ransomware

    So trying to work out what free malware tool can be used remove it....as Malwarebytes didn’t pick up any threats on the external hard drive
     
  7. 8175

    8175 Registered

    16
    11
    3
  8. charlie123

    charlie123 Registered

    45
    5
    8
    Thanks, l did see that whilst researching it and have told him to try it - cheers

    Also told him about storage of personal data :-(
     
  9. pabloescaban

    pabloescaban TK Veteran Forum Supporter

    4,414
    1,906
    133
    Male
    {builder
    the thing is, this HDD with the ransomware is only a backup of patient data?
    which means he must also have that data elsewhere?
    Create a new backup on a new disk, then verify everything is there and intact, then erase the drive with ransomware on it.
    DBAN is about best, other than nuking it from orbit
     
  10. steptoe

    steptoe TK Veteran

    2,638
    1,057
    133
    Male
    {Electrician
    NW England
    try reading the files using Linux,