This infection will also scan your computer for files that end with the .ddrw ,.pptm ,.dotm ,.xltx ,.text ,.docm ,.djvu ,.potx ,.jpeg ,.pptx ,.sldm ,.xlsm ,.sldx ,.xlsb ,.ppam ,.xlsx ,.ppsm ,.ppsx ,.docx ,.odp ,.eml ,.ods ,.dot ,.php ,.xla ,.pas ,.gif ,.mpg ,.ppt ,.bkf ,.sda ,.mdf ,.ico ,.dwg ,.mbx ,.sfx ,.mdb ,.zip ,.xlt extensions and then encrypt them.
When the ransomware encrypts a file it will rename it as a HTML file and then embed the encrypted
file inside of it. If you then attempt to launch any of these encrypted files, you will be taken to a web page, which is currently at htxp://mdlblock.in, that prompts you to pay the ransom in the form of a Money Store, Vanilla Reload, or Reload it voucher.
What you will need.
You will need to download Hitman Pro, Malwarebytes and Emsisoft Harasom decrypt tool, and in worse case scenario if you can't boot into OS you may have to download and make a rescue disk to boot up off of. You can download either Kaspersky Rescue disk or AVG Rescue disk. These links can be found on my blog under Free Software Tools.
Follow the video tutorial below:
Credits Brian : http://briteccomputers.co.uk/
Note:
The XPS viewer folder mentioned is situated in the Appdata folder. If you cannot find the Appdata folder this is probably because the application data folder is hidden by
default. You need to tell your OS so show hidden files and folders.
To do this open Windows Explorer (windows key + E) click on Tools at top then Folder Options. Then
click on the 'View' tab and check the tick box "Show hidden files and folder"
No comments :
Post a Comment