0
My backup software BackupAssist recently had detected a possible ransomware infection. I've scanned the PC using MalwareBytes and Windows Security Essentials and nothing was detected. The extension of the suspicious file is "sceneclassifier1218.crypt. Any recommendation on the tools i need to run and remove the suspicious file ?
Accepted Answer
0
Hello, Robert
I'd like to know if you're running Windows 10 operating system and have you recently installed any updates? If that is the case, then the detection is probably a false positive. Ransomware-type infections often append names of encrypted files with various extensions (one of them is ".crypt"), which is why anti-virus suites may end up providing false positive results even though the system is clean.
I also need to know if any other file(s) in your system have been modified (now contain a ".crypt" extension) and/or do you see any ransom-demanding notes (e.g., .txt, .html or image files) anywhere in the system? You should also check the list of running processes in Task Manager to see if there are any suspicious names (e.g., strings of random characters). Ransomware-type infections may also use names of random applications (even those that are legitimate/genuine) as a disguise. Therefore, before searching you should close all web browsers and other running applications.
I'd like to know if you're running Windows 10 operating system and have you recently installed any updates? If that is the case, then the detection is probably a false positive. Ransomware-type infections often append names of encrypted files with various extensions (one of them is ".crypt"), which is why anti-virus suites may end up providing false positive results even though the system is clean.
I also need to know if any other file(s) in your system have been modified (now contain a ".crypt" extension) and/or do you see any ransom-demanding notes (e.g., .txt, .html or image files) anywhere in the system? You should also check the list of running processes in Task Manager to see if there are any suspicious names (e.g., strings of random characters). Ransomware-type infections may also use names of random applications (even those that are legitimate/genuine) as a disguise. Therefore, before searching you should close all web browsers and other running applications.
-
Robert Siakisimore than a month agoHi Karolis,
PC is running Windows 10 version 1809 and get's its update from the WSUS server. I have white-listed the files and my backup is in normal operation.
I will further run other tools as you have mentioned already.
Responses (1)
-
Accepted Answer
0you may use this tool to verify if your antivirus software can protect against Ransomware encryption
https://github.com/eddiechu/Encrypt-Delete-Test

Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »