Topic: About virus in electrum wallet.. (Read 1927 times)

Thanks for the links it helps to me and learn how to prevent and remove the ransomware virus...
But how about my other files that already gone? how can get it back?
The electrum still working and then i update it just right now and still didnt see the files of the electrum

Ive already transfer all my bitcoin in coinbase just incase my electrum crash or hack by ransome virus...

There are obviously no viruses in Electrum... Just make sure you're downloading Electrum from the right place and that it is the correct executable. This has been happening too many times lately. Releases are signed so you can verify them.

It looks like you got a ransomware virus. Do not pay the extortion amount, just restore everything from a backup. And get a antivirus to remove everything.

check here http://malwarefor.me/2015-09-04-angler-ek-sends-alphacrypt-ransomware/  and http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Heres a screen shot of viruses detected yesterday... Trojan horse is more than others...



Can anyone what is this virus? that some of my files disappear in some of my folders....
Then every folder has "READ ME TO UNLOCK"

Then i also got this .txt title "Read to unlock"
With this content or text inside
"
Your files are locked and encrypted with a unique RSA-1024 key!
To regain access you have to obtain the private key (password).
++++++++++++++++++++
To receive your private key (password):
Go to http://u5ubeuzamg54x5f3.onion.to and follow the instructions.
You will receive your private key (password) within 24 hours.
Your ID# is 28403489

If you can't find the page, install the Tor browser (https://www.torproject.org/projects/torbrowser.html.en) and browse to
http://u5ubeuzamg54x5f3.onion
++++++++++++++++++++
BEWARE - this is NOT a virus.
The ONLY way to unlock your files/data is to obtain your private key (password) or you may consider all your data lost.
You have just 5 days before the private key (password) is deleted from our server, leaving your data irrevocably broken.
++++++++++++++++++++
LOCKED ON POSSESSION OF COPYRIGHTED MATERIAL AND SUSPICION OF (CHILD)PORNOGRAPHIC MATERIAL.

What does it mean?
Some of my files are disappear or not visible..

I got this from my infected desktop
"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://lk2gaflsgh.jgy658snfyfnvh.com/84575D56D5726045
2. http://dg62wor94m.sdsfg834mfuuw.com/84575D56D5726045
3. https://djdkduep62kz4nzx.onion.to/84575D56D5726045
 
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: djdkduep62kz4nzx.onion/84575D56D5726045
4. Follow the instructions on the site.

IMPORTANT INFORMATION:
Your personal pages:
http://lk2gaflsgh.jgy658snfyfnvh.com/84575D56D5726045
http://dg62wor94m.sdsfg834mfuuw.com/84575D56D5726045
https://djdkduep62kz4nzx.onion.to/84575D56D5726045  
Your personal page (using TOR): djdkduep62kz4nzx.onion/84575D56D5726045
Your personal identification number (if you open the site (or TOR 's) directly): 84575D56D5726045
"
This is always pop up in my desktop...I didnt know what does it mean...

Ok thanks for the link i will give it a try feedback later... I got the free version i will install it later on my desktop..
Do you have full version on it?
Ok thank's for PMed

sent
here it is for anyone else
https://www.malwarebytes.org/
use the free version

Can you pm me the link of malware bytes full version. I will try it  and maybe it can help to prevent detecting again trojan virus(I mean to fix all files)
I am using mobile right now i will get the screenshot later after i came in my house... soon

download malware bytes, its quick and ruthless

I don't have any anti virus before i just install it right now because there's something always pop on my screen " always say that i need to update to recover all my files if not your files will be disappear"
After i install avg anti virus and scan i got 38 virus in my desktop trojan and worms. and also the pop up ads and the notepad with bold text is not appearing after install antivirus... But the virus still not gone always scan with my avg anti virus.. I think my desktop is infected and my wallet is not safe...

Windows defender is a virus number 1

i have the same probelm specially with windows defender, not too sure why but AVG seems to work fine

Yes,it's a false positive...

likely false positive,what files are inside data dir ?

Hi guys i detect few worms and trojan in electrum wallet (appdata) my problem is
I want to know if this virus can affects or it can harm my electrum wallet?
I am using avg licenced and updated...