Operation Global III ransomware not only encrypts, but infects your data as well

what version of windows are u running? You need to make sure to run as admin, in a full privileged location. I literally tested it off ur file which is ur exact infection, so I no it works.

Edit: I just seen u already said win 7 64, this is the exact os I used also. All I can say for the weekend is to make sure the virus is running, perhaps even reboot. Then, make sure to right click and run as admin on ur desktop. U may find the infection will try to prevent u, just be quick. If this doesn't work, try safe mode with it running.

Edited by Nathan, 30 January 2015 - 10:20 PM.

I'm running explorer.exe from the desktop, right-clicking and run as admin. I don't get a prompt or UAC warning. The virus is not trying to stop it, as I have plenty of time to hit the Patch button. The result comes back as previously stated.

If I reboot, the explorer.exe is infected when I log back on, and it can't be run anymore.

Thanks again for your help so far. I'll keep trying and post back if anything worthwhile comes up.

Please try turning ur UAC on and trying it again, so the UAC prompt comes up. Also try in safe mode. If these dont work you will need to wait until Monday when I can remote in if u want.

Many of my files are encrypted - when I try to open a .Doc or .xls file - Word or Excel opens the Decoding text box.... Also .zip and almost all my photos can't be opened.   Mp3 and Avi files are also unusable. There might be other files infected which I might not have noticed.

I never even realized what the infection was - did not get any ransom note or lock screen - Also luckily all my important files which were in New MS Office format .xlsx and .docx were not affected. Which is a great relief...

The files were all infected on 12 Jan 2015 - so might be a recent virus/malware.... also I had an infection since 24 Dec 14 for which I am already getting help from this website.... (From the Malware/trojan.... forum)

But is there some way to find out what infected my files and how to recover them?

Appreciate any feedback you might be able to provide,

Thanks...

sharekhan,

we cannot help without more information. Does the encrypted files have a new extension on them? With a note or a screen shot of the infection, the chances are low I can help.

Hi Nathan,

I turned on UAC, rebooted and tried the patcher again in normal mode and safe mode. The same notification comes up, but the virus remains active. 

Does the patcher require an active internet connection? I have been trying this with the PC isolated from any networks, as this virus is very network aware.

I would really appreciate if you can have a look remotely. I can probably hook up the PC to the internet via a mobile card for that purpose. Let me know what time would suit you and what you need from my end to enable access.

I'm in +11hrs time zone in Australia, but will work with whatever time is suitable for you of course.

Thanks again.

it would prob be around 2-3pm EST on Monday. Please pm me from here on out so we do not flood the thread. Thanks.

Hi Nathan,

I have been infected by the AU version of the Operation Global III virus.

I have tried your AU version patch, and it says it runs correctly but the virus in the background doesnt stop.

Is there any new versions of the patch that you have or am I able to forward the infection exe to you to recreate a new patch?

The systems affected are a Windows 7 x64 PC and a Windows 2008 Server. Both not working with AU patch.

any assistance would be appreciated!

Regards,

xdefiantx

it would prob be around 2-3pm EST on Monday. Please pm me from here on out so we do not flood the thread. Thanks.

Would be glad to hear if there's any follow ups.

Got hit by the same AU version as well. Win7 64, UAC on and the AU patcher fails to stop the process (same as others).

Any help appreciated.

Hi 

In AU too. Just got infected. Have tried all the above. Was anyone successful with AU removal?

Thanks guys...

10mins later...

Patch just worked. And the only thing I did different was try and enter a code on it. AND I deleted the recycle bin.  Then it worked. Just sharing. 

Now to clean a bunch of files. 

Edited by cabooltureadam, 08 March 2015 - 02:01 AM.

Also, how do I prevent this happening, A. again... B. to the others on the network here that share the same NAS that still have corrupted files on it. 

All have the latest Trend. 

Cheers. 

Now getting a window come up 

Unsupported 16-Bit Application

The program feature \??\C:\Users\Adam\eQkwkIkY\KAkYcQsI.exe cannot not start of run due to incompatibility with 64 bit versions of windows. Please contact ......

Anyhow...I can't seemt ot be able to delete that file or folder......even in safe mode. 

Any thoughts....

Would really love some help :-) 

Hi Cabooltureadam,

I suggest you start a new topic on the Virus, Trojan, Spyware, and Malware Removal Logs section to get specific help for your problem.

Before you post please read Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help starting from Step 6.
 

Just to share my experience:

I'm in the UK but seem to have been infected by the AUS version in that the original patch did not work for me. Initially the AUS patch did not work for me either but then I followed cabooltureadam's advice and entered a code before attempting to run the AUS patch. This time it seems to have worked but only once I connected to the internet.

Now I have 1000's of files that are encrypted. I can fix them by opening in them one by one but does anyone know if there is a better way? Also, is there some time limit or system state that will mean I need to decrypt all files now e.g. before the next reboot etc?

sadly no, the virus has a messed up decryption function that would render a system useless if ran, so opening the files one by one is the only way. One other way would be to create a batch file and run it on each folder, but even then u need to make sure no real exe files are in there, and u will have a million apps opening at the same time which can crash your computer. I suggest simply taking one day where you manually click each important file and save it. Sadly is was a mess up the virus creator didn't account for.