Results 1 to 3 of 3
Thread: Infected with LOCKY - or not?
2016-05-12, 06:42 #1
- Join Date
- Dec 2009
- Manchester England
- Thanked 0 Times in 0 Posts
Infected with LOCKY - or not?
Hi. Today at 10:55 I noticed that I had two files in the directory I was working in that had long (30 character +) meaningless alphanumeric names with .LOCKY extensions. I noticed that they had been created at 10:52 but at that time I was unaware of the significance of the name LOCKY. Within a couple of minutes I realised that I was possibly infected by the LOCKY ransomware and was looking at how to remove it. Now about 90 minutes later I am confused and don't know if I am infected or not.
Firstly at this point 90 minutes later I have not had a ransom demand and I appear to be able to access my files - so probably not infected? Also I have looked for entries in the Registry associated with LOCKY based on on-line information including Susan Bradley's recent article - again I appear to be clear.
So why am I worrying? When I search my computer I find over 400 files with the .LOCKY extension and all of them were generated between 10:52 and 10:54 today. I select them all and delete but it takes two attempts to completely remove the files because about 50 files remain after the first deletion step. Within 2 minutes it appears that all the files are back. The file names are as I said extremely long alphanumerics but all the files times were again 10:52-10:54 so almost certainly the same files. Obviously this is disturbing although at the moment it is an irritation rather than a serious problem.
I am now being bombarded by messages that files are being added and removed from DropBox.
OK anyone know what might be going on? I think I must be infected but by what? I should say that I have mcAfee installed and it is up-to-date and I have also run Malwarebytes antimalware without it finding a problem.
2016-05-12, 07:06 #2
- Join Date
- Aug 2012
- Durham UK
- Thanked 938 Times in 896 Posts
You haven't said which version of Windows you are using, but as you have a definite time for the files then I would boot up into Safe Mode to use your restore points.
This article will show you how - https://www.pcrisk.com/removal-guide...-ransomware#a2
When you scanned with MBAM did you check the box to search for Rootkits ?
The Following User Says Thank You to Sudo For This Useful Post:
2016-05-12, 10:56 #3
- Join Date
- Oct 2013
- Phoenix, AZ
- Thanked 137 Times in 128 Posts