Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Anybody heard of "ZOBM" ransomware if so whats the best fix PLEASE ?

14 Dec 2019   #1
sheffieldyorky

Windows 7 64bit Service Pack 1
 
 
Anybody heard of "ZOBM" ransomware if so whats the best fix PLEASE ?

While I was on holiday in Ecuador I fixed a friends laptop, well it was the daughters actually but anyway.
On boot up it had multiple pages of "thegoodcaster.com" so I set to and cleaned it and removed all traces and its now working fine.
What I didn't know was that it had dragged along with it the ZOBM ransomware and it had embedded itself onto my stick holding all my utility software and files all of which are now infected.
I have undertaken a ZOBM search on here but nothing showing.
I have done a search on our friend Google but the only site I recognise is "bleepingcomputer" but when you click the link it is dead or doesn't go anywhere and when you go direct to the site and undertake a search for it comes back with "This page canít be displayed".
On a spare laptop I'm running a program (in safe mode ) at the moment that is scanning the external drive and it could not clean it.
I have tried getting onto the "malwarebytes" site my desktop can't access the site.
Any ideas anybody
I need this stick for my utilities



My System SpecsSystem Spec
.
14 Dec 2019   #2
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Sheffield,

Get over to bleeping on your spare - post there.
is there a file extention after each file, ie myutility.stop - this will identify the malware involved.


Roy


My System SpecsSystem Spec
14 Dec 2019   #3
sheffieldyorky

Windows 7 64bit Service Pack 1
 
 

Quote   Quote: Originally Posted by torchwood View Post
Hi Sheffield,

Get over to bleeping on your spare - post there.
is there a file extention after each file, ie myutility.stop - this will identify the malware involved.


Roy


Hi Roy
The extension is zobm
It is attached to every folder and file
Tony
My System SpecsSystem Spec
.

14 Dec 2019   #4
Alejandro85

Windows 7 Ultimate x64
 
 

It probably means that the computer you repaired was likely also infected. Like with all virus attack, the only reasonable action is to wipe the affected computer and reinstall the operating system from scratch, restoring your last safe backup afterwards.
Your pendrive likely has to go though the same procedure, just wipe it and ensure it's clean afterwards, then restore all your utilities from backups.

Don't bother with antiviruses at this point. They've already failed prevent anything.
My System SpecsSystem Spec
14 Dec 2019   #5
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
 
 

I wouldn't trust the pen drive, flash drive either! bios injection. re-flash bios with fresh/clean copy.
Bios Virus 2019
How to Cleanse a Virus in BIOS

My System SpecsSystem Spec
17 Dec 2019   #6
sheffieldyorky

Windows 7 64bit Service Pack 1
 
 

Quote   Quote: Originally Posted by Snick View Post
I wouldn't trust the pen drive, flash drive either! bios injection. re-flash bios with fresh/clean copy.
Bios Virus 2019
How to Cleanse a Virus in BIOS

I have now transferred the contents of the pen drive to the "spare laptop"
I then formatted the empty pen drive.
As this is a spare laptop that I was going to sell (only needs a keyboard and a battery ) I will use this to experiment on.
So if anybody has any ideas I will be more than happy to try them out and report back the results.
I will take a photo, I will not use a screenshot "just in case".
The spare laptop and the desktop are in no way connected so there will be no possibility of any data transferring across.
Tony
My System SpecsSystem Spec
17 Dec 2019   #7
RolandJS

Windows 7 Professional 64-bit
 
 

And, of course, the spare laptop will have to be wiped clean.
My System SpecsSystem Spec
.
Reply

 Anybody heard of "ZOBM" ransomware if so whats the best fix PLEASE ?




Thread Tools




Similar help and support threads
Thread Forum
Has anyone heard of the "Godzilla" antivirus?
Hello My friend allowed a "tech support" person to access her computer remotely. One of the things that he did to her PC was to download and install an antivirus program called "Godzilla." She had numerous problems afterward and by the time she gave me her computer to look at, the browser had...
System Security
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
105MB partition "NO NAME" File System (OEM Service Volume) - whats it?
I am running Windows 7 SP1 x64 (all latest updates auto apllied) and have recently moved to a EFI RAID0, RAID1, RAID5 system based, i.e All virtual volumes are initialised as GPT On all volumes there is the standard 128MB partition (in the first sectors of volume) for the GPT header however; on...
General Discussion
Whats mean by "Connection close"
Hello! I checked my IP address in this site (What's My IP Address? My IP Address Information - Whois) then it show my connection is close so whats that mean? This is its screen shot. http://www.freeimagehosting.net/uploads/361cee8f93.jpg :o
Network & Sharing
Whats "Firefox sync" server settings?
Hello! I use "Firefox,Google chrome and Opera" i want sync all bowers bookmarks so please tell me if you know how to "Sync" above mention 3 browser. Currently i use Xmarks" but in next year they stop free service. So please tell me how do i "Keep up to date" bookmarks in "Firefox,Chrome,and opera"...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 18:49.
Twitter Facebook