Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Djvu Ransomware Strikes

Tippaporn

By Tippaporn
in IT and Computers

 Share

Recommended Posts

Tippaporn Star Member

Tippaporn

Posted
Posted (edited)

I hadn't had an infection for 15+ years now.  Looks like I got infected by the latest version of Djvu ransomware known as STOP Djvu this past Thursday.  I got it from a download.  I quickly downloaded a host of free anti-malware software from MajorGeeks and started scanning.  A couple of tools from Microsoft, which were ineffective.  From the Malware Removal & Repair category I downloaded Farbar Recovery Scan Tool 32-Bit 12.07.2023.  From the Specific (Stubborn) Removal Tools category I downloaded Kaspersky Virus Removal Tool 20.0.10.0 (currentdate/2023).  Kaspersky did the trick.  Once removed I reran the entire host of softwares a second time and they all came up clean.

Now the problem is I have a clean up job.  Djvu works by appending the original file extension with a .gaqq extension which cannot be removed by renaming the file, thereby locking the file.  At first I didn't know what the specific infection was until I noticed the added file extension.  A search of it told me that it was ransomware.  Since the ransomware was defeated and successfully removed (at least I believe so as two days later I've not had any issues and I am able to remove the .gaqq extension by renaming) I have to figure out how I can remove that extension globally.

I've been using Bulk Rename Utility for years now but I can only fix a folder at a time.  That's not the end of the world, despite the fact that I have 5 TB's worth of movies, 2 TB's worth of music and God knows how many JPEGs and similar.  I might have to spend a half a day.

So my search is for a utility that can change file extensions globally with a single click.  I assume that there must be something in existence capable of doing so.  The ransomware was able to do it.  :biggrin:

Does anyone here have a solution before I waste a good part of a day?  I'm thinking of a script that could perform the task.

image.thumb.png.1231d8ec8b8074005e488cc56fc4eaf0.png

Edited by Tippaporn
ukrules Star Member

ukrules

Posted
Posted
24 minutes ago, Tippaporn said:

I got it from a download.

What kind of download was it? Are we talking some kind of modified executable file or something far more stealthy like a PDF?

Tippaporn Star Member

Tippaporn

Posted
  • Author
Posted
3 minutes ago, ukrules said:

What kind of download was it? Are we talking some kind of modified executable file or something far more stealthy like a PDF?

A software installation file for file tagging software.  Looks like the software was untrustworthy.

  • Like 1
Tippaporn Star Member

Tippaporn

Posted
  • Author
Posted
5 minutes ago, Rotweiler said:

taskkill will do it (terminate the program; alter it so you can stop and delete it.

That's a nice little utility, Rotweiler.  Back in the 2000's I got infected often enough and I recall that killing the offending process via task manager didn't work as the malware would just restart itself automatically.  But I see that taskkill kills all associated processes, not just the main one.  It's definitely something to keep in mind for the future (hopefully I can go another 15+ years without incident).  Thanks.  :jap:

steven100 Star Member

steven100

Posted
Posted
On 7/15/2023 at 5:57 PM, Rotweiler said:

taskkill will do it (terminate the program; alter it so you can stop and delete it.

will taskkill remove my PUA.WIN32Crawlertoolbar  ....  Windows defender keeps finding the threat everyday but I am trying to remove it completely as it keeps coming back,  it's possibly embedded in Panda dome download i have.  

glegolo18 Silver Member

glegolo18

Posted
Posted
On 7/15/2023 at 5:23 PM, Tippaporn said:

That's not the end of the world, despite the fact that I have 5 TB's worth of movies, 2 TB's worth of music and God knows how many JPEGs and similar.  I might have to spend a half a day.

My suggestion is, that you will NOT listen to of course, download again your movies and music and delete the old files...... Easy enough... Something have to "give" and it must be you....

CecilM Advanced Member

CecilM

Posted
Posted

Go to portableapps.com and look for bulk renaming tools. 
BRU is great. If it can’t, then I’m not sure which other program could.

Good luck. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...