BLKPURE Virus? Malware? Help

[ShoTTaS]

Hi

A user in my company had opened an attachment from an unknown sender. it was on a .zip file.
after he opened the file. almost all his files was replace a .blkpure extension,,, is this somewhat kind of virus?

kindly advice please.

 

[maxie]

I am sure you have run a Scan with your Antivirus Software and checked with Malwarebytes ? ...

The next Step would be to upload the File in question to Virus Total ....

 

[ShoTTaS]

Yeah, i already have done scanning it with Trend Micro Officescan and Malwarebytes.
i will upload a file that was affected by this virus/malware or what is it called.

question: am i going to upload it here? is it okay?

 

[ShoTTaS]

Follow-up question, how am i going to retrieve the files that was affected? i already have done system restore but no luck. by the way the OS of the computer is Windows XP sp3.

 

[maxie]

Hi Read the Tutorial below ... Step 10 to attach Logs ...


http://www.sevenforums.com/tutorials/338716-malwarebytes-anti-malware-free.html

 

[ShoTTaS]

update: i have found out that this attack is from a ransomware,

does anyone knows how to stop this? another computer was infected today, still from an email attachment

 

[maxie]

Where are the Requested Files ? ....

 

[HAVOC]

Follow-up question, how am i going to retrieve the files that was affected? i already have done system restore but no luck. by the way the OS of the computer is Windows XP sp3.

Windows XP should not be used on the internet.

update: i have found out that this attack is from a ransomware,

does anyone knows how to stop this? another computer was infected today, still from an email attachment

Tell users to stop opening email attachments.

 

[ShoTTaS]

Hello HAVOC,

why does XP not be used on the internet? we have a bunch of computers still running in windows xP here.

Maxie,

i will upload the logs today, i was busy troubleshooting yesterday.

thanks

 

[cottonball]

ShoTTaS,

The file extension .blkpure you presented is rather unique. Have done some searching, but, no luck so far.

If VirusTotal does not provide info on it...
https://www.virustotal.com/

There are other scanners you can use to see if any of them provide information, such as:

Jotti's malware scan

ThreatExpert - Online File Scanner

VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!

Comodo Instant Malware Analysis


Also, what leads you to believe it is ransomware?

 

[ShoTTaS]

cottonball,, that was just the extension they use for the encryption of the files. we have found out that we are facing a cryptowall .. we dont have any more option, rather than reformat the computer, and put windows 7 on it since shadowcopy is not supported on Win XP's.

 

[ShoTTaS]

i believe it is a ransomware because on other blogsites and forums, i see those Cryptowall applications screenshot, same as what i see on our computers here.

 

[Layback Bear]

The reason XP is not recommend for internet use you have found out.

XP does not meet todays needed security requirements.

Cottonball is very good at beating up on infections so I will get out of the way.

 

[cottonball]

ShoTTaS,

Thanks for the info. I realize .blkpure was just an extension. Was trying to search the extension to get to the source of the infection.

If you are facing CryptoWall 3.0, at this time there is not much hope to recover the files.

Some info here > After a brief hiatus malware developers release CryptoWall 3.0 - News

You may also consider using CryptoPrevent > https://www.foolishit.com/vb6-projects/cryptoprevent/

Will you be able to provide the Malwarebytes report requested earlier?

 

[ShoTTaS]

Will you be able to provide the Malwarebytes report requested earlier?

I wasn't able to get the logs of malwarebytes.
I Cant get my hands on the infected computers anymore, it was being quarantined out of sight. Infected users where given new computers for their daily reports.

 

[ShoTTaS]

I will get back on you, if i will be allowed to touch those computers again.

 

[cottonball]

If you can, you may want to suggest the use of CryptoPrevent to whoever is fixing the machines: https://www.foolishit.com/vb6-projects/cryptoprevent/

If the company you work for has taken charge of whatever actions are necessary to clean the affected machines, that is good.

Assistance at this type of forum is really not intended for a computer used in a business. Many of us are amateurs, have different knowledge levels, and it is not possible to anticipate any alterations or configurations made to business machines, or how they will interact with the tools we commonly used in the removal of malware.