My backup software BackupAssist recently had detected a possible ransomware infection. I've scanned the PC using MalwareBytes and Windows Security Essentials and nothing was detected. The extension of the suspicious file is "sceneclassifier1218.crypt. Any recommendation on the tools i need to run and remove the suspicious file ?

Accepted Answer

Thursday, August 08 2019, 06:09 AM - #permalink
Hello, Robert

I'd like to know if you're running Windows 10 operating system and have you recently installed any updates? If that is the case, then the detection is probably a false positive. Ransomware-type infections often append names of encrypted files with various extensions (one of them is ".crypt"), which is why anti-virus suites may end up providing false positive results even though the system is clean.

I also need to know if any other file(s) in your system have been modified (now contain a ".crypt" extension) and/or do you see any ransom-demanding notes (e.g., .txt, .html or image files) anywhere in the system? You should also check the list of running processes in Task Manager to see if there are any suspicious names (e.g., strings of random characters). Ransomware-type infections may also use names of random applications (even those that are legitimate/genuine) as a disguise. Therefore, before searching you should close all web browsers and other running applications.
  • Robert Siakisi
    more than a month ago
    Hi Karolis,

    PC is running Windows 10 version 1809 and get's its update from the WSUS server. I have white-listed the files and my backup is in normal operation.

    I will further run other tools as you have mentioned already.
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    Eddie Chu
    Eddie Chu
    Monday, August 23 2021, 01:15 PM - #permalink
    you may use this tool to verify if your antivirus software can protect against Ransomware encryption

    The reply is currently minimized Show
Your Reply