I recently developed a POSHKODER malware virus on my computer where the virus encrypted all office files. I have Windows 7.

rlaha1 · Apr 13, 2014

What can I do? Can anyone please help? I am not paying $300 for the decoding of my own files. That is just ridiculous.

Jacob McIntosh · Apr 13, 2014

rlaha1 :

Why did you make a virus in the first place?

rlaha1 · Apr 13, 2014

I didn't MAKE the virus. The virus downloaded to my computer when I tried to download one of my files in Dropbox (online storage). The thing is, so far there has not been any fixes available. This virus attacks Word, Excel and Powerpoint files and encrypts them. It has an extension of .POSHKODER at the end of every Office file. I have tried looking on other forums for help, but they have told me that the best bet is to go ahead and format the computer. I was hoping someone else could tell me if they have found a fix yet for this virus?

As far as I know, there are no antivirus programs that can fix it or quarantine it. Any ideas?

COLGeek · Apr 13, 2014

What anti-virus program are you using, by the way? Do you know where the file came from that you downloaded from your DropBox?

rlaha1 · Apr 13, 2014

I was using Microsoft Security Essentials, but it never picked up the virus on the full scan. So I am not sure what this virus is. Also, I was trying to download a Word file from my Dropbox to my hard drive as I needed it. As soon as I downloaded it, my computer shut down automatically and restarted without prompting me whether or not I wanted it to shut down. Then when it restarted, I noticed all of my office files had the extension .POSHKODER added and a blue window popped up saying that my files were encrypted. To decode them I would have to pay $300.

IndiGamerTECH · Apr 13, 2014

rlaha1 :

Hi, Depending how the files are encrypted, there is no telling if you will ever access those files again. But if you would want to keep everything, I recommend you download a copy of MBAM 2.0 from www.malwarebytes.org and download the free version. there are no freeware programs downloaded with it, so do not worry. Open Malwarebytes after you downloaded it. Update to the latest version if needed from the Program. Go to the settings tab and click on detection and protection. check the box that says "Scan for rootkits", and check off everything else. Go to the scan page and run a full scan. Remove the found objects and restart if needed. If you have any problems, PLEASE let me know.

rlaha1 · Apr 13, 2014

Thank you, but before I do that, my question is will it remove the virus/malware and keep my files intact or will the files still be infected? Thanks.

COLGeek · Apr 13, 2014

Have you tried this removal method?

http://blog.teesupport.com/how-to-remove-poshcoder-virus-poshcoder-ransomware-removal-guide/

IndiGamerTECH · Apr 13, 2014

I would try the person aboves method, because my method does not keep the files intact

rlaha1 · Apr 13, 2014

COLGeek :

You know this website makes you pay to remove the files right? I saw this one already but the website wants me to pay to help me fix this. I don't have money to pay them at this moment.

rlaha1 · Apr 13, 2014

IndiGamerTECH :

Would the files be deleted completely but the computer would work normally?

COLGeek · Apr 13, 2014

You can step through the fix without paying anyone. If you call them for help, it is on you.

This ransome-ware is not a virus, per se. Do you know exactly how you contracted this infection? You stated a file from your Dropbox earlier. Have you deleted/removed that file? Did you share that file with anyone? If so, are they now infected?

IndiGamerTECH · Apr 13, 2014

Actually there are many free decryption programs but you have to be careful on what you download to do it. I have never had the need to have to find a program to decrypt files, nor have I heard of one

rlaha1 · Apr 14, 2014

COLGeek :

Like I said before, I needed an word file from my Dropbox, so opened it and found the file. At that time it did not have that extension on my file so I downloaded it. As I downloaded it the computer shut down and when it restarted all of my office and PDF file have that .POSHKODER extension on them. I did not attempt to open up Dropbox after that and no I did not share the file with anyone.

COLGeek · Apr 14, 2014

Understood. It seems unlikely then that your Dropbox files are infected and that you contracted the problem elsewhere.

Have you attempted the removal process yet?

pyr0_m4n · Apr 14, 2014

COLGeek :

This website is flagged as a potential malware spreader site.

COLGeek · Apr 14, 2014

pyr0_m4n :

Understood. Didn't flag when I looked earlier this weekend. What browser/source identified the possible threat?

COLGeek · Apr 14, 2014

BTW, when I access a link provided by another user here on Tom's (or any forum for that matter), I open the link in a new private window. Just an additional precaution to minimize the threats of an unknown website.

pyr0_m4n · Apr 14, 2014

COLGeek :

WOT browser addon flags it.
https://www.mywot.com/en/scorecard/blog.teesupport.com?utm_source=addon&utm_content=popup
I don't go to any sites that come up red.

rlaha1 · Apr 14, 2014

COLGeek :

No not yet. I haven't had time since last Wednesday. I am trying to get as much information about this malware virus before I try anything. Thanks.

rlaha1 · Apr 14, 2014

pyr0_m4n :

COLGeek :

WOT browser addon flags it.
https://www.mywot.com/en/scorecard/blog.teesupport.com?utm_source=addon&utm_content=popup
I don't go to any sites that come up red.

So I guess my last resort is to just format the hard drive then??

COLGeek · Apr 14, 2014

Do you have your files backed up anywhere else? If not, I would at least try the removal. You can't get any worse than you are now.

Of course, a clean install on a freshly formatted system will remove the threat altogether.

Hawkeye22 · Apr 14, 2014

Without the proper encyption key, there is no way for you to decrypt those files. On the plus side, there have been many reports that once the ransom is paid they will send you a program to decrypt your files and everything will be intact.

If the files aren't important to you, then just scrub the hard drive and reinstall windows. I wouldn't even bother with trying to clean the virus off and risk having your files encypted again.

It's events like this that usually motivate people to start making appropriate backups of their data.

rlaha1 · Apr 14, 2014

Hawkeye22 :

Thanks. I guess I will just have to do that then.

IndiGamerTECH · Apr 16, 2014

You may also use hitman pro ( a free ransomware removal tool. Once I get home I can guide you through on how to remove this virus

I recently developed a POSHKODER malware virus on my computer where the virus encrypted all office files. I have Windows 7.

Reputable

Honorable

Reputable

Cybernaut

Reputable

Reputable

Reputable

Cybernaut

Reputable

Reputable

Reputable

Cybernaut

Reputable

Reputable

Cybernaut

Honorable

Cybernaut

Cybernaut

Honorable

Reputable

Reputable

Cybernaut

Glorious

Reputable

Reputable

Share this page