Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Manchester England
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Infected with LOCKY - or not?

    Hi. Today at 10:55 I noticed that I had two files in the directory I was working in that had long (30 character +) meaningless alphanumeric names with .LOCKY extensions. I noticed that they had been created at 10:52 but at that time I was unaware of the significance of the name LOCKY. Within a couple of minutes I realised that I was possibly infected by the LOCKY ransomware and was looking at how to remove it. Now about 90 minutes later I am confused and don't know if I am infected or not.

    Firstly at this point 90 minutes later I have not had a ransom demand and I appear to be able to access my files - so probably not infected? Also I have looked for entries in the Registry associated with LOCKY based on on-line information including Susan Bradley's recent article - again I appear to be clear.

    So why am I worrying? When I search my computer I find over 400 files with the .LOCKY extension and all of them were generated between 10:52 and 10:54 today. I select them all and delete but it takes two attempts to completely remove the files because about 50 files remain after the first deletion step. Within 2 minutes it appears that all the files are back. The file names are as I said extremely long alphanumerics but all the files times were again 10:52-10:54 so almost certainly the same files. Obviously this is disturbing although at the moment it is an irritation rather than a serious problem.

    I am now being bombarded by messages that files are being added and removed from DropBox.

    OK anyone know what might be going on? I think I must be infected but by what? I should say that I have mcAfee installed and it is up-to-date and I have also run Malwarebytes antimalware without it finding a problem.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,613
    Thanks
    147
    Thanked 871 Times in 833 Posts
    You haven't said which version of Windows you are using, but as you have a definite time for the files then I would boot up into Safe Mode to use your restore points.

    This article will show you how - https://www.pcrisk.com/removal-guide...-ransomware#a2

    When you scanned with MBAM did you check the box to search for Rootkits ?

  3. The Following User Says Thank You to Sudo15 For This Useful Post:

    satrow (2016-05-12)

  4. #3
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    I'd say you got lucky. I imagine you are trying to figure out what you were doing just before 10:52 that initiated the infection. And probably wondering what killed it.

    Better to be lucky than locky
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •