In reply to a post by Oliver341:

In reply to a post by 4M2:

Also, perhaps, disconnecting other booted machines, using the same OS, from the LAN?

Yes, if the device is connected to the LAN, and the infected PC knows the SMB password for it, or it has no password, it most definitely is at risk too.

I thought that was possible - I no longer have a XP machine connected to the LAN (always offline) together with a Win7 machine. Bit of a nuisance but better safe than sorry.

In reply to a post by sheephouse:

I first found nomoreransom.org referenced on a non-public site ...

I saw it referred to a while ago on the Action Fraud site;
https://www.actionfraud.police.uk/campaign/ransomaware

Wouldn't you think the dumb police would know about it and refer the OP to it? Luck of the draw I guess, whether you get a copper worth their salt when you call them, or get one who's useless.

I had a similar problem a few years ago. It was ransomware that loaded a ransom message when I logged on to my laptop. After searching I found out it was attached to my windows login.
I found a video on youtube how to remove it by starting in safe mode. side loading maiwarebytes which removed the malware and then going into the registry to remove the remnants of it.
I don't know if this will be helpful as it might be different to what you are experiencing but search youtube to see if you can find something similar to what you are experiencing.
https://www.youtube.com/watch?v=G2sUQFME0bE

In reply to a post by funkydan:

I had a similar problem a few years ago. It was ransomware that loaded a ransom message when I logged on to my laptop. After searching I found out it was attached to my windows login.
I found a video on youtube how to remove it by starting in safe mode. side loading maiwarebytes which removed the malware and then going into the registry to remove the remnants of it.
I don't know if this will be helpful as it might be different to what you are experiencing but search youtube to see if you can find something similar to what you are experiencing.
https://www.youtube.com/watch?v=G2sUQFME0bE

Great video Dan and "can" work.

I have been in the registry many times but it can be a minefield to find certain files but certainly worth a try.

Good find funkydan and good luck to the OP on hopefully restoring your files.

Scum like these need a large injection IMO.

Hi had a similar thing happen to a friend and sorted her pc out by downloading a file from beeping computer , it might be worth a try and dont worry its a safe prog.

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

good luck hope you get it sorted

this decrypter tool may decrypt the files https://labs.bitdefender.com/category/free-tools/

A despicable crime, but great to see the wide knowledge of TBB members so generously given as always. AnnHannah, I hope you can solve your relative's problem.

In reply to a post by Malwaremike:

A despicable crime, but great to see the wide knowledge of TBB members so generously given as always. AnnHannah, I hope you can solve your relative's problem.

I had a RoBo call from a scammer po porting to be BT IIRC,saying that my bb was going to be cut off if i didn't act, then you get the press 1 to speak to an adviser (scammer) but i had to go out so i didn't waste their time like i would normally have done, the number was not displayed on caller id, but was recorded on the 1471 service, a mobile numbers, so spoofed