Kaspersky
Solved

How to resolve with files infected .besub? [Closed]

  • 5 July 2019
  • 5 replies
  • 803 views

Dear Sirs/Madam

My PC now is infected ransomware with files having tail .besub.
Now I can not open the files (such as .doc, .pdf, ..) in my laptop. Although I am using KIS 2019.
Please help me to solve the problem.
Thank you very much!

KIS user
icon

Best answer by Flood and Flood's wife 5 July 2019, 07:41

View original

This topic has been closed for comments

5 replies

Userlevel 7
Badge +11
Hello Lelong,
Welcome!
I sent you a pm, please read asap.
Thanks!
F
Userlevel 7
Badge +11
Hello Lelong,
Please read & follow information provided:
  • https://id-ransomware.malwarehunterteam.com/index.php?lang=en
  • https://www.nomoreransom.org/crypto-sheriff.php?lang=en
  • Also look to see if any Kaspersky utilities help: http://support.kaspersky.com/viruses/utility
  • If you have a Kaspersky sofware with a valid license, open a support ticket in my Kaspersky account, https://my.kaspersky.com/ send them a .zipped sample of an encrypted file, mark the .zip, "Possible Malware contaminated file"; & if you have the same file unencrypted, send that as well.
&
  • Review Kaspersky Settings > Additional > Threats and exclusions > Detection types > enable Detect Other Software.
&
Clear the contents of Temp folder, instructions: http://support.kaspersky.com/1161
  • Reboot.
  • Uninstall any recently installed junk
  • Reboot.
  • Uninstall any and all junk toolbars
  • Reboot.
  • Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.
  • Remove the junk argument from the target field of the browser shortcut properties.
  • Remove any and all junk search providers in all of your browsers.
  • If necessay, change the home page, of all browsers.
Reference: Clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319
  • If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, clear browser cache and cookies,
  • Reboot.
---------------
If after doing every step above in sequence, the infection remains, please let us know:

  1. OS version, build, release?
  2. KIS 19.0.0. ? version and build?
  3. A screen print showing the infected .besub file
  4. Does KIS REPORTS show any information for besub, if YES, export that specific information to a text file & upload the text file using the "upload" icon below.
  5. Please look at HOSTS file: c:\Windows\System32\Drivers\etc\hosts - if it looks like anything other than


  • make a copy of the hosts file and upload with the GSI.zip to cloud storage.
  • Create GSI & Windows logs, when the .zip is ready, upload to cloud storage of your choice and post back the link please?
https://support.kaspersky.co.uk/common/diagnostics/3632#block7
Getsysteminfo (GSI) direct download: http://media.kaspersky.com/utilities/ConsumerUtilities/GetSystemInfo6.2.zip

Thanks!
Thank FLOOD very much!
With the first link https://id-ransomware.malwarehunterteam.com/index.php?lang=en, I could have solved my big problem. Yesterday, I already referred to id-ransomware.malwarehunterteam.com, www.bleepingcomputer.com but could not solve it, because id-ransomware.malwarehunterteam.com, www.bleepingcomputer.com were not updated .besub. Today, it is very lucky, with your instructions, I retried it and saved the data with the new version of STOPDecrypter v2.1.0.15 that id-ransomware.malwarehunterteam.com, www.bleepingcomputer.com were updated .besub.

Thank you very much again, looking forward to receiving enthusiastic help from you.

Regards!
Dear FLOOD!

Here the text file I have just found that ransomware left in my laptop.

Best regards!
Userlevel 7
Badge +11
I retried it and saved the data with the new version of STOPDecrypter v2.1.0.15 that id-ransomware.malwarehunterteam.com, www.bleepingcomputer.com were updated .besub.

Hello Lelong,
Thank you so much for letting us know. We are delighted the issue is resolved.
Just a friendly caution for the furture. I don't think we discussed "how" the infection happened, but, as you know from bitter experience, this type of infection is not welcome for you. Do everything you can to stay safe and protected from the bad guys!

Best regards!