Hi Edmund
Welcome to the Community Forums.
OK, well, the first thing is not to attempt to reboot you system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
If you are a WSA user (you have posted in the Techie Forum so I do not know if you are a user or not) run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Also, do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
If not a WSA user then I am not really sure what is your best approach given that the damage is done.
Please let us know eitherway.
Regards, Baldrick
Page 1 / 1
I have been infected by CTB Locker encryption virus which threatens my files unless I pay a ransom !
What do I do ?
What do I do ?
Any idea yet if the Webroot journaling and rollback function works with this variant?@ wrote:
Hi Edmund
Welcome to the Community Forums.
OK, well, the first thing is not to attempt to reboot you system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
If you are a WSA user (you have posted in the Techie Forum so I do not know if you are a user or not) run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Also, do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
If not a WSA user then I am not really what is your best approach given that the damage is done.
Please let us know eitherway.
Regards, Baldrick
We will have to wait for @ Roy and @ Dan have to say, Maybe @ Yevgeniy is around as he works odd hours at Webroot HQ?
Daniel 😉
Daniel 😉
Thanks. It looks like this variant of locker is spreading rapidly over the past month or so.@ wrote:
We will have to wait for@ Roy and@ Dan have to say, Maybe@ Yevgeniy is around as he works odd hours at Webroot HQ?
Daniel ;)
Any update or info on this infection?
Thanks,
Daniel 😉
Thanks,
Daniel 😉
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.