Jump to content


Photo

Corona-Lock ransomware


  • Please log in to reply
2 replies to this topic

#1 lerxst

lerxst

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 02 July 2020 - 10:55 AM

Hello,
 
I have a PC that just got infected with this Corona-Lock ransomware, encrypting all the user files and with a text file message posted on the Desktop requesting a payment to free-up the files.
 
I found this explanation of the issue:  adware.guru/remove-corona-lock-virus
 
I would be interested to know if anyone here has come across this and if there is any known way to recover the encrypted files?
 
Thank you,

Edited by Budfred, 02 July 2020 - 07:22 PM.
Disable link.


#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,586 posts

Posted 02 July 2020 - 07:21 PM

This is a long standing scam that has a lot of different names - this one appears to be exploiting the panic about Covid.  The most effective tool is backing up your files and using good security.  However, if your computer is already infected, there are various tools that may help.  I strongly suggest that you do NOT use the tool on that website unless you have good evidence that it is a valid tool.  I disabled the link since we do not know if it is a dangerous site and there are many sites like that which will actually infect your computer.


Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,376 posts

Posted 03 July 2020 - 04:58 AM

Hi,
 
This looks like a new version of a Ransomware infection.
 
Navigate to this topic.
 
Submit a sample of the compromised files for their review.
They will reply and let you know what you are dealing with.
 
From what we know now, your files are not recoverable.
Your only solution would be to restore the files from a good backup if you have one.
 
The compromised files can be transferred to a CD or Flash drive.
Should a solution be found in the future you may be able to restore them.
 
Good luck.
<<<>>>
 
If you have problems with running this computer download and run this tool.
I will check your logs and advise.
 
Download the Farbar Recovery Scan Tool (FRST).
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png
 
Attach the file(s). A 2 Steps process.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.
 
Please post the logs  for my review.
 
Wait for further instructions
 
p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button