Windows 10: Malware Help - Infected by 'Redeemer' ransomware virus

I was just using my PC until it suddenly restarted, I thought it was a simple malfunction until I saw that it had been rebooted into Windows 10 Safe Mode I am using Windows 10 OSI am trying to access basic Windows 10 functions that should still work in Safe Mode such as the Windows Start Menu or even Settings, but the shortcuts nor buttons work. Whenever I click the start menu nothing happens.I open task manager in curiosity, and I find the process called Isass.exe which was using practically 100% of my CPU. I killed the process.I searched online on Google to find out what it was and multi

:)

 

I have been infected with Ransomware

Oh.

I see that a Community Moderator converted your thread from a Discussion to a Question.

Do you have a question?

It is not quite clear (to me at least) why you've created this thread....

In case that you do indeed have a problem with ransomware:

It would be helpful if you would describe your problem more precisely, see:
Suggestions for asking a question on help forums

Without knowing more details, suggestion to read/do:

Try to identify with what Ransomware you're dealing here:
https://id-ransomware.malwarehunterteam.com/index.php

and read/follow this guide:
How to remove ransomware the right way: A step-by-step guide

Also: See the pinned threads here:
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/

Might be the best to get free expert help in above mentioned bleepingcomputer forum....

=======================

Also suggestion to read:

• Ransomware Avoidance
  
• Best Practices for Safe Computing - Prevention of Malware Infection
  

 

Ransomware infection?

Any files that are encrypted with MRCR1 Ransomware will have the the
.MRCR1.PEGS1, .RARE1,
.RMCM1 or .MERRY extension appended to the end of the encrypted data filename and leave files (ransome notes) named YOUR_FILES_ARE_DEAD.HTA as explained

here. The ransom note instructs victims to contact the cyber-criminals at "L: *** Email address is removed for privacy ***" or "TELEGRAM @comodosecurity" to get payment instructions.

You can submit samples of encrypted files and ransom notes to ID Ransomware for
assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further
assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

Fabian Wosar released a decryptor tool for victims of this type of infection.

• Emsisoft Decrypter for MRCR (Merry X-Mas) -
  
  How to use Emsisoft Decrypter for MRCR

There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Merry X-Mas (.MRCR1) Ransomware Support & Help topic - YOUR_FILES_ARE_DEAD.HTA

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners
do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already
been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if
other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.
Disinfection will not help with decryption of any files affected by the ransomware.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like

Malwarebytes 3.0,
HitmanPro and
Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an

Online Virus Scan...ESET is one of the more effective online scanners.

 

steps taken for infected Pc's.


I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected.

thx