Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Manchester England
    Thanked 0 Times in 0 Posts

    Infected with LOCKY - or not?

    Hi. Today at 10:55 I noticed that I had two files in the directory I was working in that had long (30 character +) meaningless alphanumeric names with .LOCKY extensions. I noticed that they had been created at 10:52 but at that time I was unaware of the significance of the name LOCKY. Within a couple of minutes I realised that I was possibly infected by the LOCKY ransomware and was looking at how to remove it. Now about 90 minutes later I am confused and don't know if I am infected or not.

    Firstly at this point 90 minutes later I have not had a ransom demand and I appear to be able to access my files - so probably not infected? Also I have looked for entries in the Registry associated with LOCKY based on on-line information including Susan Bradley's recent article - again I appear to be clear.

    So why am I worrying? When I search my computer I find over 400 files with the .LOCKY extension and all of them were generated between 10:52 and 10:54 today. I select them all and delete but it takes two attempts to completely remove the files because about 50 files remain after the first deletion step. Within 2 minutes it appears that all the files are back. The file names are as I said extremely long alphanumerics but all the files times were again 10:52-10:54 so almost certainly the same files. Obviously this is disturbing although at the moment it is an irritation rather than a serious problem.

    I am now being bombarded by messages that files are being added and removed from DropBox.

    OK anyone know what might be going on? I think I must be infected but by what? I should say that I have mcAfee installed and it is up-to-date and I have also run Malwarebytes antimalware without it finding a problem.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Durham UK
    Thanked 1,047 Times in 995 Posts
    You haven't said which version of Windows you are using, but as you have a definite time for the files then I would boot up into Safe Mode to use your restore points.

    This article will show you how -

    When you scanned with MBAM did you check the box to search for Rootkits ?

  3. The Following User Says Thank You to Sudo For This Useful Post:

    satrow (2016-05-12)

  4. #3
    5 Star Lounger
    Join Date
    Oct 2013
    Phoenix, AZ
    Thanked 137 Times in 128 Posts
    I'd say you got lucky. I imagine you are trying to figure out what you were doing just before 10:52 that initiated the infection. And probably wondering what killed it.

    Better to be lucky than locky

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts