• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

".scarab" Ransomware

Azuma Hazuki

Azuma Hazuki

Golden Member
So, as many know, I work at a small independent computer place during the day. We had a customer from a local university come in today with a nice Dell Precision tower, something with 64GB of memory and an E5 Xeon, that had gotten hit with a crypto virus I've never seen before.

It got everything. I seriously think it encrypted everything but Windows itself and its programs. Files have been renamed to have "_yotabyte@protonmail.com.scarab" on the end of them.

Googling shows almost nothing about this; the most informative result was in Russian and thank goodness for translation. This thing seems to be a very new variant, as all my search results are a week old or less (and most of them are shady generic "how to remove X malware" stuff).

Has anyone been hit with, or even seen, this variant before? Kaspersky refers to it as Purga.de I believe.
 
I had ransomware on my Win10.
I cleared it by using System Restore [in safe mode], restoring my machine to a previous date.
 
The best course of action for ransomware removal is a thorough scan of the system, removing any original ransomware files, so no new downloaded data would be encrypted. Afterward following these steps:

1. Restart the PC in "safe mode with networking"
2. Install RKill and run it to kill any malicious services.
3. Install any popular antivirus and do a quick scan (Majority of the providers do have free versions of their software). Or just use Windows Defender. It works really well in most cases.
4. Install and scan your PC with Malwarebytes and Hitman Pro.
5. Restart PC in normal mode and do another quick scan with Malwarebytes.

This should remove the malicious software on your PC, afterward, you can try one of the following to recover your files:

1. Windows restore point. If you have a recent restore point before infecting, you should be able to use it to retrieve the data by resetting your Windows to a healthy state.

2. Shadow explorer. If the ransomware doesn't delete shadow copies of the files, you can recover them using it.

Other than that, a full wipe of windows and a fresh installation will do the trick.

Hopefully, this helps you a little. Good luck!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top