Results 1 to 6 of 6

Thread: Help Please with virus

  1. #1
    Junior Member
    Join Date
    Mar 2016
    Location
    Australia
    Posts
    122
    Thanks
    15
    Thanked 62 Times in 32 Posts
    Rep Power
    127
    Reputation
    1250

    Default Help Please with virus

    Has anyone else come across the Ground.exe trojan virus
    I've can see it changing attribs on exe's

    Does anyone know what the best way to handle this problem is?
    I have external HHD's that have this problem.

    Thanks in advance



Look Here ->
  • #2
    Senior Member
    mickstv's Avatar
    Join Date
    Jan 2010
    Age
    51
    Posts
    4,173
    Thanks
    2,225
    Thanked 2,404 Times in 1,392 Posts
    Rep Power
    681
    Reputation
    18426

    Default

    Never seen it before but if it's changing attrib's it might be some sort of cryptolocker in which case your files will be totally locked.

    If you can see it changing attrib's on files, I would turn the computer off right now. If the external drives are infected, don't plug them into any other computer, otherwise they will become infected as well.

    The only thing I could suggest is running the computer in safe mode with network support and do a full scan with malwarebytes. Then scan all ext drives with malwarebytes as well.
    Last edited by mickstv; 22-09-16 at 12:05 PM.

  • #3
    Member
    Au_radio's Avatar
    Join Date
    Mar 2015
    Location
    western Australia
    Posts
    381
    Thanks
    33
    Thanked 223 Times in 112 Posts
    Rep Power
    212
    Reputation
    4470

    Default

    If it is crypto locker there has been write ups here explaining how to get files back .

  • #4
    Premium Member

    Join Date
    Jan 2008
    Posts
    4,311
    Thanks
    5,982
    Thanked 4,171 Times in 1,771 Posts
    Rep Power
    1348
    Reputation
    50392

    Default

    I haven't come across the Ground.exe virus myself, but I discovered a reference to use a program celled Virutkiller available from the Kaspersky (anti-virus) website at .

    Do you have any idea of how you picked up this virus?

    Also, please keep us informed of your progress.

  • #5
    Member
    Join Date
    Jun 2008
    Age
    84
    Posts
    307
    Thanks
    3
    Thanked 186 Times in 81 Posts
    Rep Power
    259
    Reputation
    2814

    Default


  • #6
    Junior Member
    Join Date
    Mar 2016
    Location
    Australia
    Posts
    122
    Thanks
    15
    Thanked 62 Times in 32 Posts
    Rep Power
    127
    Reputation
    1250

    Default

    Thank you for the people who have replied,

    Yes I do know how it was picked up.

    I bought a RFID swipe card programmer on ebay & the Chinese manufacturer disguised the virus on the internal memory of the device.
    When you plug it into you computer to run the software you get this problem.
    A friend of mine bought the same RFID programmer and using vm also had the same issue.
    My fault for not using a VM.
    It's not crypto lock, if it was I would fly over there with my shovel

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •