My backup software BackupAssist recently had detected a possible ransomware infection. I've scanned the PC using MalwareBytes and Windows Security Essentials and nothing was detected. The extension of the suspicious file is "sceneclassifier1218.crypt. Any recommendation on the tools i need to run and remove the suspicious file ?
Accepted AnswerKarolis LiucveikisOffline0Hello, Robert
I'd like to know if you're running Windows 10 operating system and have you recently installed any updates? If that is the case, then the detection is probably a false positive. Ransomware-type infections often append names of encrypted files with various extensions (one of them is ".crypt"), which is why anti-virus suites may end up providing false positive results even though the system is clean.
I also need to know if any other file(s) in your system have been modified (now contain a ".crypt" extension) and/or do you see any ransom-demanding notes (e.g., .txt, .html or image files) anywhere in the system? You should also check the list of running processes in Task Manager to see if there are any suspicious names (e.g., strings of random characters). Ransomware-type infections may also use names of random applications (even those that are legitimate/genuine) as a disguise. Therefore, before searching you should close all web browsers and other running applications.