Executable files are created in HDD's and corrupts installers.

Hello good afternoon. My name is Mark, I'm from Argentina, Buenos Aires. I happened to comment on my case. The issue is that took my pen drive to a graphics company to make some flyers advertising. He was inserted into the machine, and when I'm connected to my PC, I was infected with a particular virus ... The issue is that .exe files are created on the HDD of the machine, files that have the name " direct access to MS-DOS program, "and I can not remove anything, the .EXE that is created with the following names, all random," nhmu "-" faivv "-" LBGP "-... that is, pass any number of Anti-Malware, Anti-Rootkit, Anti-Spyware, whatever you want ... the eliminated, but after a certain time, reappear. Also, we must consider that damages me installers who are in the other Ruled disks, ie, installers programs, games, all kinds of things, giving me a message saying: "The setup files are corrupted, or are incompatible with This version of Setup. Please correct the problem or Obtain a new copy of the program. "... Please dedicate myself to the computer more than 10 years ago, and never happened to me something, honestly, I surfed by more than 500 pages, in order to find information, and nobody can fix ... I set in the Windows registry in the background processes, services of the machine, not quite find anything .. I use the machine for will work, and always take care, this time, it was a mistake to have "confident" the company display advertising ... If you need images, is the way, no problem. I hope answers thanks and greetings!

Welcome to the forum. This is a type of ransom ware which is encrypting all your files to exe if you try and run any they will add more infections. You need to look for svhost running from a strange directory and kill it in task manager you can try downloading rkill see if that kills it delete once you have killed it. We can then fun our scans

Hello. Thanks for answering. The issue is this, I have a lot of processes are called svhost ... As I can realize that this is having problems? I think this has no solution, I can not give the key ...

MoxieMomma said:

Hi:

Unfortunately, in most cases, you either have to pay the ransom or your files are toast.
(Sometimes they are toast even if you do pay.)

If it's a ransomware variant for which no decryption key/solution is available now, some experts suggest the following:

• Remove the entire drive and save it for possible recovery in the future, if/when a key is released.
  
  • It's a long-shot, but if you have no data backups, it may be the only hope for ever recovering your files.
  
  
• Replace the hard drive with a new one and reinstall Windows from scratch on that new drive.

You can get expert help with general cleanup on the affected system, especially for other malware on it.
But, once the files are encrypted they are pretty much gone unless you have backups.
The ransomware itself is often "gone" once it has done its thing, as it cleans up after it encrypts your files.



Some of the more general computer fora and those that specialize in malware removal have entire sections devoted to ransomware and cryptovirology. You may find additional or more specific advice there, under the circumstances.


Sorry,
MM

Good afternoon. These days I was rested, because honestly I was around 50hs trying to solve the problem, and I have not accomplished. From what I can understand it is that you tell me that there is no solution regarding the problem that I'm having, right? That is, by the evolution that had the virus on my PC, I can no longer recover the installation, that is a super powerful virus, and at the end of the account, I was working with more than 14 programs to clean the system, and it became impossible ... so the only alternative is to pay a remote service to an entity that is responsible for eliminating this type of virus, and if not, try to save all my personal information, and format the primary disk, am I Right? Please, if there really is no hope more, decimelo, so start formatting the system and everything back to normal, because I need the PC to work ... I am very grateful and I hope answers, greetings!

MoxieMomma said:

RolandJS said:

-- purchase a replacement HD and get your Windows Prime installed;

Just curious, @RolandJS: what is "Windows Prime"?
I've never heard of that.

<just trying to learn>

@Markitoo22:

Yes, as far as I know, your data files are likely lost forever if you did not have robust backups somewhere that was not hit by the encryption.
Otherwise, the only real (*faint*) hope, as was already suggested, would be to pull out the hard drive and save it for the future unlikely possibility that a decryption tool may someday be released for that particular ransomware variant.

Several of the busy, reputable computer fora that specialize in computer security have large sections devoted just to ransomware as its own, special topic.

Sorry about that,
MM

Hello good day! Well, I am absolutely grateful to everyone for giving me answers regarding this important issue ... It is incredible, as today, in the 21st century, we still have problems to eliminate this type of virus ... That is, perhaps Microsoft does not have the solution for these things? Perhaps the great companies of anti-virus, that fill the mouth of words, and in the end, can not solve this type of failure, considering that they are the most important failures to solve, in the life of a Technician Informatico ... Thank you very much, seeing that in the end, this has no solution, I will proceed to clean my system, file by computer, and then format the computer. I remain calm, that is not a failure, but this was a success, since now we learned, that when this virus makes contact with your machine, there is very little chance of recovering the system ... I was traveling more than 500 pages, and I invested more than 50 hours in trying to solve the problem, it was not achieved, anyway, I now have a lot of information, and I know that in the future, if I find the same case, I will be able to respond quickly and solve quick way. Imagine, if I had decided to speak in this forum, I would still be thinking about how to solve the problem, and spending TOO much time, trying to solve something, now that you, I clarified the panorama, things are totally different, that makes me happy! Thanks for everything! Greetings from Argentina, Buenos Aires!