[Apologies if this results in a double posting. I tried to add to an existing RANSOMER thread but that seems to have got stck "pending" so posting new]
Hi,
I also am seeing RANSOMER virus discovered every day. AVG says that it is "secured" each time yet, every day, it rediscovers it.
I see 3 threads on ransomer [tried adding to the] latest.
My occurance is slightly different in that:
- The virus is found each day by resident shield rather than scan.
- I see Ransomer.LRV
It was initially discovered using AVG2015 (updated to latest). I have tried updating to "AVG antiVirus FREE" 2016 (updated to latest) with no difference. resident shield still "finds" and "secures" the same Ransomer.LRV - (though in a different file).
Running "Whole Computer Scan" has never found any sign of Ransomer 9just tracking cookies removed - Thank You :-) )
I have run both "whole Computer Scan" and "Anti rootkit scan" with any option I can find to be as thorough as possible to no avail. - Resident Shield still finds Ransomer the next day.(eg "scan inside archives", "enable thorough scanning"..)
Each time the Ransomer instance is found in a .dll in C:\windows\TEMP\[name].dll
So far name = sbmdmlxn, 3ibbq1af , kmpqaZhn4 and ndrvm5ch
Each time the extended element infomation indicates the process name to be:
c:\Windows\SysWOW64\svchost.exe
It is as though AVG is only finding spawned "symptom" instances of the virus while leaving the actual infection untouched to spawn anew the next day.
I have run both windows cleanup and ccleaner to clearout any temporary etc files (notably those in c:\WINDOWS\temp - NB. case of this directory is different from that reported by AVG, I have assumed case is not significant?) Still resident shield found RANSOMER again the next day. (even though I see no .dll in C:\WINDOWS\temp - possibly a transient file existed, or possibly only the one removed/secured by AVG??)
Nothing is present in the virus vault.
Running Windows 7 [Having run windows update for all security updates and all relevant other updates]
I currently have the affcted laptop airgapped but typing in the info that would be in a screenshot:
Threat: Trojan Horse Ransomer.LRV [more info]
Object name: c:\Windows\TEMP\ndrvm5ch.dll
Severity: High
Identified by: Resident Shield
Date: 2016-08-23 15:24:07
Extended Element information:
Process name: c:\Windows\SysWOW64\svchost.exe
process ID:2756
Created: 2016-08-23, 15:24:07
Username: SYSTEM
Session ID: 0
Status: Healed
Is AVG capable of fixing this infection completely? or only symptoms such it will keep recurring?
Please advise how to remove this virus permanently and completely.
Thanks!
Eric