Page 2 of 3 FirstFirst 123 LastLast
  1.    16 Oct 2017 #11
    Join Date : Aug 2015
    Calgary, Alberta
    Posts : 18
    Win 10 Pro 64bit
    Thread Starter

    Quote Originally Posted by simrick View Post
    Can you give us a screenshot of what CyberReason says when it blocks something? Curious to know what this is. Does it happen all the time, or any time, or just when you're visiting certain websites?
    OK, here it is. I still haven't been able to delete this bug even after about 10 different AV scans! This one is from today at about 3:50 PM MST, after I deleted the two folders it put up on my C Drive..

    It came from opening an email in Gmail that said my Facebook account was about to be shut down for lack of activity if I didn't click the enclosed link. That was about a month ago.
    Attached Thumbnails Attached Thumbnails CyberReason_cr.png   Threat Stopped_cr.png  
      My ComputerSystem Spec
  2.    16 Oct 2017 #12
    Join Date : Jul 2016
    Crewe Cheshire
    Posts : 1,456
    windows 10

    We need to see results from frst scans there should be 2 files that will tell us whats running doing this
      My ComputerSystem Spec
  3.    16 Oct 2017 #13
    Join Date : Apr 2015
    Posts : 12,827
    W10Prox64

    Please run FRST.

    Farbar Recovery Scan Tool Download

    Post the 2 logs here.

    Note: You need to run the version compatible with the user's system. There are 32-bit and 64-bit versions. If you are not sure which version applies, have the user download both of them and try to run them. Only one of them will run on the system, that will be the right version.

    When FRST is opened the user is presented with a console looking like this:

    Once FRST has completed its scan it will save notepad copies of the scan in the same location that FRST was started from. On the first and subsequent scans outside the Recovery Environment a FRST.txt log and an Addition.txt log will be produced.

    Copies of logs are saved at %SystemDrive%\FRST\Logs (in most cases this will be C:\FRST\Logs).
    Note that this will only give us information - it does not clean at this point.
      My ComputerSystem Spec
  4.    16 Oct 2017 #14
    Join Date : Apr 2015
    Posts : 12,827
    W10Prox64

    Navigate to your
    C:\Windows\explorer.exe
    and upload it to Virustotal.com and scan it. Let's see what that says.
      My ComputerSystem Spec
  5.    16 Oct 2017 #15
    Join Date : Apr 2015
    Posts : 12,827
    W10Prox64

    It may also help us to see this:

    Click image for larger version. 

Name:	image.png 
Views:	31 
Size:	33.7 KB 
ID:	158430
      My ComputerSystem Spec
  6.    16 Oct 2017 #16
    Join Date : Aug 2015
    Calgary, Alberta
    Posts : 18
    Win 10 Pro 64bit
    Thread Starter

    Quote Originally Posted by simrick View Post
    It may also help us to see this:

    Click image for larger version. 

Name:	image.png 
Views:	31 
Size:	33.7 KB 
ID:	158430
    Hi Simrick,

    That file always turns out to be "explorer.exe"--our good old Windows Explorer.

    So something is masquerading as explorer or adding itself to explorer for the purpose of trying to start the encryption. Thankfully CyberReason catches it every time but it doesn't seem to be able to clean the virus itself. I've run at least ten different AV scanners and no luck catching it. It is VERY good at hiding itself ...
      My ComputerSystem Spec
  7.    16 Oct 2017 #17
    Join Date : Aug 2015
    Calgary, Alberta
    Posts : 18
    Win 10 Pro 64bit
    Thread Starter

    Quote Originally Posted by simrick View Post
    Please run FRST.

    Farbar Recovery Scan Tool Download

    Post the 2 logs here.



    Note that this will only give us information - it does not clean at this point.
    OK, here are the two text files it produced. Hopefully you folks can see what's going on here!
    Malware Trying to Encrypt my Hard Drives Attached Files
      My ComputerSystem Spec
  8.    16 Oct 2017 #18
    Join Date : Aug 2015
    Calgary, Alberta
    Posts : 18
    Win 10 Pro 64bit
    Thread Starter

    Quote Originally Posted by simrick View Post
    Navigate to your
    C:\Windows\explorer.exe
    and upload it to Virustotal.com and scan it. Let's see what that says.
    OK, here is the link to the Virustotal scan: https://www.virustotal.com/#/file/7d...75ae/detection

    It doesn't apparently see anything ...

    I even deleted the two folders on my C drive and got CyberReason to stop them again. Before I clicked on the CyberReason "Yes Stop and Clean" button , I went and made a copy of C:/Windows/explorer.exe and uploaded it to Virustotal but it didn't find anything amiss. So this rotten bug must just enter into explorer.exe for a moment to try and do its deed and then exit before it can be discovered.

    I especially want to thank you folks for trying to help me with this. Where would we be in this world if it weren't for good folks like you who DO try to help others with these problems. I am not just saying this--I REALLY mean it!!!
    Last edited by Todd; 16 Oct 2017 at 21:59.
      My ComputerSystem Spec
  9.    16 Oct 2017 #19
    Join Date : Apr 2017
    Posts : 8,761
    windows 10 professional version 1607 build 14393.969 64 bit

    Had you made a backup image with either or both Macrium and Acronis?

    Which of these scan reports are available:
    Superantispyware
    ZoneAlarm
    Malwarebytes
    Windows Defender
    Bitdefender BDAntiransomware
    Kapersky
    Zemana
    Avast
    Norton Power Eraser

    Which others did you use?
      My ComputerSystem Spec
  10.    16 Oct 2017 #20
    Join Date : Oct 2014
    Posts : 363
    Win 10 Home Build 1709 16299.19 64bit

    https://rejzor.wordpress.com/2017/01...ed-on-my-disk/


    Are you confident in Cybereason ? A brief search indicates Cybereason places odd files on your system called honeypots to attract ransomware which may be the source of the unknown files.

    You mention you have 4 drives which likely means you have extensive files and are concerned about ransomware for good reason. That said, if you have not, do some research on Cybereason to see how it effects your system.

    You may also consider a clean reinstall of Win10 (saving your files). Ideal time with the new Fall update to be released tomorrow.

    Personally, I would consider backing up personal files (if not previously), making a copy of the new Win10 Fall Update using the Windows Media Creation Tool, wiping the drive(s) and reinstalling.
      My ComputerSystem Spec

 
Page 2 of 3 FirstFirst 123 LastLast


Similar Threads
Thread Forum
IBM warns of malware on USB drives shipped to customers
IBM warns of malware on USB drives shipped to customers | ZDNet
Windows 10 News
Flash drives recognized but external hard drives are not
My Windows 10 Home laptop will recognize all of my flash drives but won't recognize any of my external hard drives. They all use to show up but now they aren't. The hard drives show up in disk manager but won't show up in file explorer. I hooked...
Drivers and Hardware
Securely encrypt drives before syncing them to Amazon S3 Cloud
I intend to backup my whole system, secondary and external HDDs to Amazon Cloud. Currently my drives are not encrypted at all. I'm running Windows 10 (no UEFI). I was wondering what is the best way to securely encrypt private data before...
AntiVirus, Firewalls and System Security
Recycle Bin(s) on External Hard Drives show Local Hard Drive Recycle
Greetings group. I have a 2 month old hard drive that failed on my desktop PC, taking My Documents with 7 years worth of data. I had just moved the folder to the new drive and hadn't gotten a chance to backup yet. I'm trying to check Recycle bins...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 10:05.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums