Windows 10: Malware help please + cryptoprevent

So I have this in the log of cryptoprevent
Event ID=866 Message of: Access to C:\Users\Zman\AppData\Local\atbizdu\cgcstpk.exe has been restricted by your Administrator by location with policy rule {B6AF3C37-6012-4DEC-87BB-5125E94F5BC5} placed on path C:\Users\AdminZman\AppData\Local\*\*.exe.

on a constant basis I cannot get into that folder I cannot delete it rename it or anything if I try to take ownership of it I get told I cant even though Im a adminstrator account.
I booted off a windows 7 disk went to a command prompt and deleted it yet its back again Ive ran malwarebytes hitman pro windows defender. How do I figure out how thats being created and whats trying to access that exe?

thanks

:)

 

How crypto ransomware spreads... is it decryptable...should I pay the ransom

quietman7,

While this discussion deals mainly on how to deal with the after-effect of ransomware.. Do you have suggestions on what users can do to protect their computer and/or data from these attacks?

I have liked cryptoprevent, but have seen other market entries (some from suspicious vendors)

CryptoPrevent Malware Prevention

use free version only-for personal use

This tool (cryptoprevent) does not run in the back ground, it automatically changes registry settings (some recommended by Microsoft), but it does update occasionally, so check it for updates.

And maintaining a rotating backup, with non-attached storage (to much work for many average users)

Also, with the reports of the more recent attackers using tools and methods previously associated with state sponsored intrusions, would a more hardened OS by Microsoft, that incorporated some of the methods from spiceworks and/or cryptoprevent, be helpful.

Exclusive: Chinese hackers behind U.S. ransomware attacks -...

A Top Cybersecurity Firm Says Ransomware Attacks Are Getting Worse

 

Windows 10 failed attempts to use "Backup and Restore (Windows 7)" function

Repeated backup failures. Running Windows 10, and when the “Backup and Restore (Windows 7) program is run front the Control Panel, I get the messages:



“Check your backup. The last backup did not complete successfully”.



“Windows Backup failed to get an exclusive lock on the EFI system partition (ESP). This may happen if another application is using files on the ESP.”



“Please retry the operation.”



Each time I retry, I get the same result and messages.

Windows 10 came installed on my Dell Inspiron 15 (500 Series) laptop. I have successfully used the same Backup and Restore (Windows 7) program to “Create a system image”, as well as to “Create a system repair disc”.

Please provide me with some insight and suggested actions.

 

Hi,
Seems like at bizz is some sort of social media sharing site have you ever joined it ?
You can try the normal like scanning with malewarebyes and adwcleaner and see what it finds.

 

nope never joined anything named close to that I have tried malwarebytes thou.

 

Hi. Have you resolved this or are you still looking for help? It sounds to me as if you have some sort of Rootkit (keeps spawning itself over and over).

Malwarebytes has an option to scan for Rootkits, but you have to check the box for it in Settings> Protection.
I would first start out with this though:

Run RKILL
Download RKill
This program doesn't install on the system. It just runs, and closes/ends all suspicious running items. Everything it does is temporary and undone by a reboot.

Run a scan with ADWCleaner
Downloads - AdwCleaner - ToolsLib
If the scan finds anything, it will offer you an option to clean - go ahead and do that. After cleaning, it will prompt for a reboot - do that as well.

Then run RKILL again.

Now run Malwarebytes with the Rootkit scan box checked and see if anything is found.

Posting the logs here from RKILL and ADWCleaner will also help.