0

We are just struck by encryption virus.

I don't know which is it, but it encrypted files with extention which finishes with doctor@freelinuxmail.org.

How to find out which PC is infected?

We did not still receive ramsom message - so this mean that virus still operating?

I make search over the Internet, but I can not be sure that sites provided info are not some hackers sites and I can use instructions inside.

Any ideas?

Bogdan Bogdanov
  • 119
  • 4

2 Answers2

4

You've been hit by a virus, possibly a ransomware. The way to proceed depends on the kind of virus, but in general you must use an antivirus to check all your machines, and be ready to wipe out the infected ones and restore data from backups.

If you receive a ransom request, it would be wiser to not pay it.

Related question: Getting files back by paying Ransomware

Note: a Google search for doctor@freelinuxmail.org returns a number of shady sites offering to download and install their "anti-virus solutions". Don't install software from unknown sources; rely on legitimate antivirus products (here's some that come to my mind, listed in no particular order: F-Secure, Kaspersky, Norton, AVG, Avast etc.).

Community
  • 1
dr_
  • 5,060
  • 4
  • 19
  • 30
  • I agree that we will not pay. My question was how to find out which is the virus and how to check from which PC infection comes! – Bogdan Bogdanov Jan 30 '16 at 15:29
  • This is something that only a legitimate AV will tell you. – dr_ Jan 30 '16 at 15:34
  • This is the main point of my question - if someone knows something - for example go to the registry and find key or something else. On Google there are several sites with information which are from several days ago to several hours ago, but I don't know which are legitimate. – Bogdan Bogdanov Jan 30 '16 at 15:44
  • Also it is very strange that we did not receive message for ransom. – Bogdan Bogdanov Jan 30 '16 at 15:52
  • It sounds as if someone *installed* one of these fake antivrus products.... –  Jan 30 '16 at 18:43
  • Nope, we did not installed any product yet. We use Microsoft Security Essentials. I try to receive some lead from people which are much more familiar with the topic than I am. – Bogdan Bogdanov Jan 30 '16 at 20:21
2

Well, either someone's playing a bad joke, or something is infected.

Your best bet is to hire an expert or ask on a forum dedicated to that kind of thing, like Bleepingcomputer, and then do EXACTLY what they tell you to do, without deviation.

Other than that, if you're worried about it spreading, turn everything off.

Then on a fresh, new, clean PC (or boot DVD), download the bootable Rescue CD/DVD/disk for your antivirus solution (and a few others)

After that, use one of those boot disks or another Live CD to search every file system on every machine for that doctor@freelinuxmail.org extension.

The safest route is that every disk drive that has those files should be destroyed - buy new ones and install from scratch - OS first, Antivirus next, THEN plug in your network cable/connect to Wifi, update Antivirus defs, and then patch, in that order.

Whether or not you choose the safest route, run those rescue disks on every machine.

Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51