Evidently, my computer has been hacked/phished/somehow had something installed on it.

On 2 different websites, over the past 3-4 days, I've gotten this message:

- "Your account is temporarily locked"

- "It seems that you are not carried out with the input of the device earlier. To ensure the security of your account, please answer a few control issues."


And it asks me to provide my Date of birth, Social Security Number, and Current E-mail.


This first happened on Wells Fargo's website about 3-4 days ago, and it also happened on eBay today, about 20 minutes ago. When it happened with Wells Fargo, I called customer support and was told that there is nothing causing my account to be locked on their end and that everything looked to be good to them. And when I tried to check my Wells Fargo account on the app on my phone and on the Chrome browser on my phone, it let me access my account without normally and any issues.

Also, I just noticed in my 'My Documents' folder that there are 3 Text Document files that are all similarly-named as "recovery_file_(*with 9 letters here*)", but these 3 Text Document files were all apparently created yesterday and earlier today. However, as I stated, I originally ran in to this problem with the Wells Fargo website 3-4 days ago, and I don't see any other newly-created documents prior to yesterday morning.

As for my computer, it is a Dell Optiplex GX620 and I am running Windows XP. And I will foolishly admit that I don't have any sort of extra Virus Protection, other than the built-in Firewall with Windows XP. However, I have had this Dell PC for like 3 years and I have not had any problem with it before this.

I should also add that I just recently moved and got service with a new Internet provider last week, so my new Internet service started just a few days before this problem started.

Edit: I also need to add that I was accessing the Internet for about a week by tethering my cell phone to my computer via a USB cable. This was last week, for the few days prior to getting the new Internet service at my home.

If anyone has any helpful advice or information as to what I should do about this, please know that your help would be very much appreciated!!

Also, should I delete the 3 "recovery_file" text documents that are in the 'My Documents' folder immediately? Or could that possibly cause my computer to crash/not work properly now?

Check out the stickies, and do what they say.

DO NOT reply to any of those requests for SSN, etc.

Free Malwarebytes comes highly recommended.

First, follow these steps.

Second, are you sure your computer is only 3 years old? Windows XP was released in 2001. Its last release was in 2008. Microsoft stopped supporting it in 2014.

What this means is that no-one should be using XP at all. Vulnerabilities are not patched. It's incredibly easy to compromise. You should be using Windows 7 or newer, no ifs, no buts. Windows 7 was released to the public in 2009. Even Windows 8 has been around since 2012.

If you continue using XP you will continue to be extremely insecure. Using it with no antivirus is insane. Incidentally, a firewall is not antivirus software, and the XP firewall is terribad.

To help with the immediate problem, follow the steps in the link at the top of my post. Stop using the machine for anything else.

What thunderbolts said.

Also, you should consider immediately changing your passwords to all online accounts from a clean PC / mobile. Do not use your PC until it has been cleaned.

First off, thank you very much for the replies. I most definitely appreciate the helpful information! Second, I apologize for not replying sooner, but I have been trying to get everything copied off of my computer's hard drive on to an external hard drive, so that I can reformat the hard drive in my desktop PC, and I unplugged the cat5 cable, so that my computer is not connected to the Internet while doing this. And, apparently, whatever it is that has been installed on my computer has drastically slowed down the way it functions, and it now seems to be literally taking like 10 to 20 times as long as it normally would to move files. Also, frustratingly, I have a 1TB drive in my computer with less than 20 GB left on it, so I have literally over 900 GB worth of files that I need to try to move/copy over to the external hard drive before I can reformat it. And to make it even more difficult, I had to buy an external hard drive to be able to do this. Fortunately, I was able to find a 1TB Toshiba Portable Hard Drive on Craigslist for $30 yesterday, so I've finally been able to start getting my files moved. However, like I said, it is significantly slower than it used to be with regards to moving these files, so it's been extremely frustrating already.

I also wanted to add that I specifically tried to download and install the Malwarebytes free program, and it downloaded properly, but, for some reason, my computer will literally not allow it to Run/Install. I have tried numerous times, even restarting my computer multiple times in between attempts, and the program literally will not Run/Install. Does anyone have any ideas about what I might go to do to at least get that program to be able to Run properly?

And with regards to me still using Windows XP, it's just that I am completely familiar and comfortable with it, having used it since I first started using computers and the Internet over 10 years ago, and I really like the layout and the features on it, so I have been reluctant to move on to a newer operating system. Obviously, though, with XP losing support last year, and with it being such an old/outdated OS, I do realize that it is certainly much more vulnerable than a newer OS. With that stated, what Windows version would some of you recommend I try out to reformat my hard drive with? Should I just try to get a torrented version of Windows 7? Or should I try to check out Windows 10? If somebody would offer me a specific suggestion about this - especially, if there is an operating system that would be at least somewhat similar to Windows XP - I would really appreciate it!

Sent from my Nexus 5 using 2+2 Forums

Both symptoms are pretty common when you have a virus. Follow the malware sticky to resolve.

Never, ever, ever. Do not download a torrent for operating system or security software. The data will be compromised with a virus before you even install it.

Seriously consider paying for your software. It is not that expensive and you get a lot of benefits.

Keep in mind that if you copy everything to that new 1T disc, you will be copying the virus(es) also. You still need to get that stuff disinfected.

If MalwareBytes can't run, try others listed in the stickies. You gotta get this cleaned up.

OP, you're going about this the wrong way, as suggested above.

And do not ever get a cracked/torrented copy of Windows. Start behaving like a sane adult and get this fixed as we have suggested.

Well, it turns out that the issue with my computer is much worse than I originally expected. Much, much worse. I've been meaning to come back here and post an update for several days now, but I've been really frustrated and discouraged, and I am having to use a Chromebook that I have used very little and am not as good at typing on, so I've been putting off posting an update.

With that stated....

.... apparently, my computer has been hit/attacked by something called Ransomware and most of the files on my 1TB hard drive (particularly, photos) are now encrypted and I can no longer access/view them. Each picture/file now has .ccc added to the end of the filename; which, apparently, is part of the encryption that has been done via the hacking.

This is extremely frustrating and disheartening, as I have literally over 500,000 photos on my hard drive, and, maybe, over a million pictures, and I'm not exaggerating. And while not all of them are actually personally-taken photos of my family or are of important memories, several thousand of them are. Evidently, the way this "ransomware" virus/hack/attack works is that it actually gets installed on your computer and then encrypts the files on your hard drive and makes them inaccessible to you. Then, several notepad files are created with this information and your computer's desktop background is actually changed to display the information about what happened to your files/why they are no longer viewable/accessible and you are given directions as to how you are supposed to contact the hackers and pay them to get the decryption key to regain access to your files. Supposedly, the amount required to get the decryption key is typically $500; and if you don't reply within 5 or 7 days, the hackers raise the amount to $1,000. And, possibly, if you don't reply within a week (or some amount of time), you may completely lose the opportunity to even possibly pay for the decryption key, as they claim that it will be destroyed, if you don't pay the ransom within a week or so.

I have been reading about this ransomware for several hours a day over the past few days and it seems like this is no joke and that there is literally no known way to decrypt the encryption that these hackers use to encrypt your photos/files and make them inaccessible to you. Apparently, the FBI knows about this type of ransomware hacking/virus and they are literally unable to decrypt/break the encryption that these hackers use. And the hackers ask you to contact them through the tor-browser, which is close to untraceable, so they are pretty much unable to be found and the hackers can actually communicate with you about this openly without having to worry about being traced. One person who was hacked even mentioned that he contacted some sort of support chat/help for the hackers through tor-browser and was able to negotiate the price back down to $500, after waiting too long and the decryption key ransom went up to $1,000.

By the way, according to the message that is visible on my computer's desktop background right now as I'm typing this, the encryption that is used by these hackers is RSA-2048 and they even include a link to the Wikipedia page for this type of encryption in the information. So, it seems as though this hacking and encryption is state of the art and, at this time, has no known way of being decrypted/broken. Also, some people have posted comments about paying the ransom (typically, the $500) and getting the decryption key and then being able to view/access their files again; but someone else pointed out that these posts could have been made by the hackers; and, to my knowledge, no one has actually credibly confirmed that paying the hackers the ransom will guarantee that you will get the decryption key or regain you access to your files. And some people have mentioned that they did actually pay the ransom, but did not get the key/did not actually regain access to their files. Not that I have $500 to pay the ransom right now; but I would like to know what the reality of the situation is and also inform myself about this as much as possible.

For the time being, I am in the process of moving all of the files from my computer's 1TB hard drive (over 900GB in total) over to an external hard drive, with the intention of reformatting my hard drive and at least being able to use my desktop computer again. And as someone mentioned in some post on some forum that I read through, the hope is that a decryption key/method will eventually be discovered and that the people who have been victims of this ransomeware will then be able to decrypt the encryption and have access to their files again, since they will have saved the encrypted files on an external hard drive (which is what I'm in the process if doing) and be able to access them later.


And in case anyone is curious, this is what the message being displayed on my desktop is right now:

"What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)


What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.


How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.


What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:"


OK, OP here again, and after that, there are some specific personalized links that I am supposed to go to, to be able to communicate with the hackers about the ransom that needs to be paid to be able to obtain the decryption key. As I mentioned, I do not have $500 to even be able to consider paying the ransom, even if I wanted to, so I have not even tried accessing any of these links.

Just before coming in here to post this a few minutes ago, I actually noticed a thread on another site where I also posted about this issue, that appears to be about what I believe is this exact ransomware hacking issue, so I'm going to also go post in that thread and see if I might be able to learn more about this and, hopefully, find out if there is a way to regain access to my files without having to risk paying the hackers the ransom they are asking for.

If someone has any ideas, suggestions or advice about this issue, or might be able to help me (and the many other victims of this awful hacking problem), please do help!!

And if you want to read up on this ransomware hacking stuff, just go to Google and search for "All of your files were protected by a strong encryption with RSA-2048" or even just "RSA-2048 encyption" and you will find several results with hundreds of posts by people who have dealt/are dealing with this extremely aggravating issue.

I'm not sure if this is going to work, as I don't think I have tried to upload an image file on here before, but if this image does upload, this is a picture that I just took with my phone of my computer screen with the desktop background image that is currently being displayed on my computer after it was hacked:




Sent from my Nexus 5 using 2+2 Forums

Sorry but this is pretty much the end of the line, you can pay the ransom or kiss your files goodbye. (also keep in mind that you can't expect anything if you choose to pay!)

There are a few types of ransomware which can be removed but I have no idea which ones and it might be a lot of work to find out which one infected your computer.

Are you speaking from experience or, at least, an informed perspective? Or are you just trying to have some fun and stress me out and make me worry more than I already am? If you do legitimately know something about this type of issue, I would appreciate it if you would respond and verify that you know what you are saying with regards to this. Or, let me know that you are just having a little fun at my expense.

Sent from my Nexus 5 using 2+2 Forums

Oh, ok, you read my other posts ^^. I honestly don't want to make fun of you, you didn't claim that "god exists" or "poker is rigged" or "jet fuel can't melt steel beams"

I was serious with my former post, but I guess my info was old. It seems like there are ways to get rid of this, just google "remove ransomware" or wait for a more knowledgeable person to comment here.

I'm deeply sorry for my uninformed post.

FYI, I was not trying to be a smartass; I was genuinely asking if you knew what you were talking about with regards to ransomware, or if you were just trolling me to have a little fun. And I'm still genuinely trying to figure out if there are any available options to decrypt the files that have been encrypted on my computer and actually be able to view the million or so pictures that I have/had on my 1TB hard drive?

Sent from my Nexus 5 using 2+2 Forums

i'm not an expert, but am pretty generally knowledgeable about stuff.

there are no options for decrypting those files outside of paying the ransom. if you pay the ransom, then generally speaking they will give you the key to get everything back, but of course there are no guarantees. outside of that, the best you'll be able to do is recover some files - and at this i wouldn't expect much success. there are only two ways i can find to do this.

1. file recovery software can look for old deleted files. ransomware often makes a copy of each file, then deletes it, in its process of encrypting. file recovery software might be able to find some of these deleted copies on the hard drive and recover them for you. not sure what you've done to the hard drive since, but writing or moving a lot of data around on the drive will make this less likely to have any success.

the other way is using shadow volume backups. these are backup copies of files that windows system restore makes if you have it on. the virus attempted to delete these, but it's worth checking.

this goes over how to use those two restore methods, and lots of other info.
http://www.bleepingcomputer.com/viru...mation#restore

This is false. If you pay the ransom, your files will be decrypted. The business model (....) of the hacker is based on this, if word gets out that ransomware victims are doubly scammed, nobody will ever pay the ransom no more.

Lots of speculation in this thread.

OP, some ransomware of the type you describe can be decrypted without paying the ransom. Try reading this, and doing what is suggested.

Most of it, however, can't.

There is a weight of anecdotal evidence (and probably some studies, if you look hard enough) that paying the ransom in many cases will get you a decryption key (as Gabe says, that's the business model) but obviously you have no guarantees since you're dealing with pretty sketchy people.

To everyone else:

- while it sucks for OP, this thread is a great illustration of why continuing to use XP (or any other deprecated OS) is bad, and why doing so without even a proper firewall or antivirus is just asking for trouble

- it's also a good reminder that proper use of CryptoPrevent can help guard against a lot of this kind of thing.

I don't know if if this is what you have but it's worth a look. http://yro.slashdot.org/story/15/11/...-to-pay-ransom

if you read carefully what you quoted, you will see that we agree.

Interesting - couldn't find this via the googles. definitely a lot more hopeful than the file recovery stuff i was reading about, which i imagine works poorly and rarely.

reading this thread inspired me to buy bitdefender for black friday. claims it comes with anti-ransomware protection, but i dunno how effective that'll be. i'm also curious about their BOX offering - i have a NAS and also a small business with ~10 computers, seems interesting.

Still not sure anyone really considers it necessary to buy antivirus/antimalware products.

You should be perfectly well protected with a combination of:

• running a modern and properly patched version of Windows;
• one good free antivirus (including BitDefender's free version);
• MBAM (again, the free version);
• the free version of CryptoPrevent;
• always running as a limited standard user and not as an admin user;
• something like Secunia PSI to tell you when stuff is outdated;
• sensible browsing and limiting via extensions etc what you run in a browser;
• not installing toolbars, or indeed Java or Flash, unless you have a very good reason to do so; and
• common sense

Indeed this should be way more than enough.

yep i know its not necessary, but for 30 bucks its nice. no ads and whining to buy, has 5 licenses so i can cover my mom and wife, and her phone which i recently had to factory reset because she got adware in her chrome browser that somehow got into a folder you don't have access to, though that might not have been stopped by a phone bitdefender but its worth a shot.

This list is missing a very important item: backups.

You don't have to install narrow security software like cryptoprevent if you can recover from ransomware by restoring data from your backup.

Fair point. Backups are important for a host of reasons, and that's one of them.

Having said that, I'd rather avoid the infection in the first place than do a full system restore because of it.

CryptoPrevent isn't that narrow any more; it just makes group policies easy to use for people who wouldn't ordinarily use them, and it's grown in scope a lot in the last couple of years.

Just one note on this...

If you are planning on paying the ransom you need to be pretty quick about doing it. Some of the ransoms state they are time limited after which the keys are destroyed, and in other cases the FBI / other crime agency shuts down the payment method so you cannot pay the ransom.

I have known this happen to 1 company that got hit, by the time they realised they could not recover from backups there was no route to pay.