1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved my computer has been inested with KVAG virus

Discussion in 'Virus & Other Malware Removal' started by rimzan, Nov 30, 2019.

Advertisement
  1. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    Hi,

    My computer has been infested with kvga virus and all my important files are altered i fixed with combo fix and system restore but my files are remain altered please help me to restore

    Thanks in advance

    Rimzan
     
  2. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    Hello

    I am Marie Curie and will gladly help you with any malware-related problems.

    Please familiarize yourself with the following ground rules before you start.
    • Read my instructions thoroughly, carry out each step in the given order.
    • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
    • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
    • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
    • Back up important files before we start.

    --------------------------------------------------------------

    Please run the following diagnostic scans so I can ascertain the state of your computer.

    STEP 1

    [​IMG] Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Double-Click FRST.exe or FRST64.exe to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.

    ======================================================
    STEP 2
    [​IMG] Logs
    In your next reply please include the following logs.
    • FRST.txt
    • Addition.txt
     
  3. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    Thask for the response ill run the steps and come back to you
     
  4. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    Alright. (y)
     
  5. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    Hello,
    I have not heard back from you in 3 days.
    • Do you still require help?
    • If you require additional time to complete my instructions, please let me know.
    • If after 48 hours you have not replied to this thread it will have to be closed.
     
  6. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    Please forgive me i was out on a business trip now im working on it ..
     
  7. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    Here you go
     

    Attached Files:

  8. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    Thank you. I have a few questions before we continue:
    1. You said your files have been altered. Did you have a ransom message on your system?
    2. Do you want me to clean your system?
    Marie
     
  9. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    1 yes i think i had a message somewhere but i did a system restore after that i was able to work on my computer as usual but my files like jppeg,mpeg,txt files that was in the computer was not able to open anymore (i have attached a screen shot of the files

    2 yes i wan to clean my system
     

    Attached Files:

    • sup.jpg
      sup.jpg
      File size:
      142.2 KB
      Views:
      3
  10. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    The file extension .KVAG has been used by STOP/DJVU ransomware. STOP ransomware variants after August 2019 are only decryptable if an offline key was used.

    Please upload an encrypted file to id-ransomware to confirm that it is indeed STOP ransomware. Please tell me the result.

    I will work through your logs in the meantime.
     
  11. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    here's the results,,


    This ransomware may be decryptable under certain circumstances.

    Please refer to the appropriate guide for more information.

    Identified by

    • sample_extension: .kvag
    • sample_bytes: [0x194 - 0x1AE] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
     
  12. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    Yes, this is indeed STOP Ransomware.

    STEP 1
    Potentially Unwanted Software
    I found a few potentially unwanted programs on your system. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, slow down your system, or have questionable privacy policies. Please tell me for each of the following programs if you want to keep them:
    • AVG Web TuneUp
    • GS.Supporter
    • VideoDownloadConverter Toolbar
    • Wondershare Helper Compact
    • WPM17.8.0.3297
    • YTD Video Downloader

    STEP 2
    [​IMG] Farbar Recovery Scan Tool (FRST) Search
    This step will search for a ransom note on your system to check if the files are decryptable (in most cases they are not).
    • Double-Click FRST64.exe to run the programme.
    • Type the following text into the Search: textbox:
      Code:
       _readme.txt
    • Click on the Search File(s) button.
    • Upon completion, a log (Search.txt) will open.
    • Attach the file to your next reply.
     
  13. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    above on unwanted software, i only use YTD video downloader to download video from youtube..

    rest I don't know about em

    here u go
     

    Attached Files:

  14. Curie

    Curie Malware Specialist

    Joined:
    Jun 18, 2015
    Messages:
    511
    STEP 1
    Attach File
    • Please navigate to the following file and attach it to your next post
      • C:\_readme.txt

    STEP 2
    [​IMG] Revo Uninstaller
    • Please download and install Revo Uninstaller.
    • Double-Click Revo Uninstaller to run the programme.
    • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
      • AVG Web TuneUp
      • GS.Supporter
      • VideoDownloadConverter Toolbar
      • Wondershare Helper Compact
      • WPM17.8.0.3297r
    • Double-Click the programme.
    • When prompted if you want to uninstall click Yes.
    • Ensure the Moderate option is selected and click Next.
    • The programme uninstaller will run. If prompted again click Yes.
    • Work your way through the uninstaller, ensuring you read each page thoroughly.
    • Note: If you are offered the choice to install additional software, ensure you decline.
    • Once the built-in uninstaller is finished click Next.
    • Once the programme has searched for leftovers click Next.
    • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
    • When prompted click Yes, followed by Next.
    • Click Select all, followed by Delete.
    • When prompted click Yes, followed by Next.
    • Upon completion, click Finish.
    • In your next reply, confirm you were successful in uninstalling all programmes listed above.
     
  15. rimzan

    rimzan Thread Starter

    Joined:
    Sep 18, 2003
    Messages:
    121
    First Name:
    Rimzan
    removed all exept one "WPM17.8.0.3297r" I did not find it anywhere !!

    WoW ,,, after removing all these my browser working very fast before it took ages on tab browsing now its fast
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1236467

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice