All Discussions > Steam Forums > Help and Tips > Topic Details
leonthesleepy Jun 2, 2019 @ 10:44am
(UPDATE: This was Ransomeware) Did my PC just get hacked?! Need any help please
(Update: Thank you so much for the help everyone! Right now i've confirmed that the virus was a file called "HlpVk.exe". I stopped the application through task manager and deleted it.

Currently going through the fallout of collecting all my encrypted files in hopes of decrypting it one day. If there is a lesson to be learned here guys,

- Please back up all your valuable data like family photos etc
- Dont end up like me, and make sure your firewall is on cause mine was off for some reason)


I think i'm about to panic. In nearly half of my folders on my PC, every file has been converted to a word document, accompanied with a text file that says "Restore-My-Files". I will post the contents of this mysterious file in a second comment.

I also started hearing my drives spinning more than usual and in my task manager, i saw this "App" having a high usage called

HlpVk , along with a file called oobelibMkey. I did a google search and couldnt find anything about it. Anyway, i went to end HlpVk task and deleted it, which seemed to stop the crazy drive usage. But now i'm stuck.

I have work that is just gone now because my files are stuck in some word format that i cannot access. Am i screwed for good? Thankfully my family photos are still intact, but my university work is not accessible because of this. Any help is appreciated....

Last edited by leonthesleepy; Jun 2, 2019 @ 9:16pm
< >
Showing 1-15 of 17 comments
ph0x Jun 2, 2019 @ 11:02am 
Personally, i'd just wipe your PC. Even if you pay the ransom, there is absolutely no gurantee they will actually unlock your data.
#1
Theblaze Jun 2, 2019 @ 11:03am 
That's a cryptolocker.

Upload both files to https://www.virustotal.com and let it scan, see if you can figure out whats the cryptolocker called and then do further research on google to find a decrypter.
Originally posted by RAEF626:
You got hit by ransomware. Nothing you can do unless you pay the ransom to get your files decrypted.

THAT is the absolute last solution and unless the cryptolocker isn't known, there is still no guarantee you get a decrypter from the guy(s) who made the cryptolocker.
#2
*P0P$*FR3$H3NM3Y3R* Jun 2, 2019 @ 11:04am 
Originally posted by RAEF626:
You got hit by ransomware. Nothing you can do unless you pay the ransom to get your files decrypted.
Absolutely crap advice there. Paying their ransom doesn't guarantee you get your files back instead they might just up their ransom once they identified you are willing to pay it.
There is always a chance that their hashing algortihm might have been reversed already and that an Anti Ransomware tool might be able to remove the encryption.
Other than that wiping the PC is an option.
#3
leonthesleepy Jun 2, 2019 @ 11:09am 
Originally posted by Theblaze:
That's a cryptolocker.

Upload both files to https://www.virustotal.com and let it scan, see if you can figure out whats the cryptolocker called and then do further research on google to find a decrypter.
Originally posted by RAEF626:
You got hit by ransomware. Nothing you can do unless you pay the ransom to get your files decrypted.

THAT is the absolute last solution and unless the cryptolocker isn't known, there is still no guarantee you get a decrypter from the guy(s) who made the cryptolocker.

Thanks for the advice!

I deleted the virus application already unfortunately...I did upload the ransom text file but it couldnt detect any engines. Going to look for some decryption online to see if its possible to retrieve some files :(
Last edited by leonthesleepy; Jun 2, 2019 @ 11:11am
#4
leonthesleepy Jun 2, 2019 @ 11:10am 
Originally posted by *P0P$*FR3$H3NM3Y3R*:
Originally posted by RAEF626:
You got hit by ransomware. Nothing you can do unless you pay the ransom to get your files decrypted.
Absolutely crap advice there. Paying their ransom doesn't guarantee you get your files back instead they might just up their ransom once they identified you are willing to pay it.
There is always a chance that their hashing algortihm might have been reversed already and that an Anti Ransomware tool might be able to remove the encryption.
Other than that wiping the PC is an option.

Thanks for the advice!

Does that mean i have to wipe absolutely everything? Or can i at least keep the files that were not encrypted - i.e Family photos that were untouched

It would really suck to have to lose everything man....
Last edited by leonthesleepy; Jun 2, 2019 @ 11:11am
#5
*P0P$*FR3$H3NM3Y3R* Jun 2, 2019 @ 11:17am 
Originally posted by leonthesleepy:
Originally posted by *P0P$*FR3$H3NM3Y3R*:
Absolutely crap advice there. Paying their ransom doesn't guarantee you get your files back instead they might just up their ransom once they identified you are willing to pay it.
There is always a chance that their hashing algortihm might have been reversed already and that an Anti Ransomware tool might be able to remove the encryption.
Other than that wiping the PC is an option.

Does that mean i have to wipe absolutely everything? Or can i at least keep the files that were not encrypted - i.e Family photos that were untouched

It would really suck to have to lose everything man....

I actually can't give good advice on that. Since I there might be the possibilty that you might eventually taint your new install with the same worm again :/ ...You should try finding answers in a forum dedicated to anti-Virus/ anti ransomware. :/
#6
leonthesleepy Jun 2, 2019 @ 11:19am 
Originally posted by *P0P$*FR3$H3NM3Y3R*:
Originally posted by leonthesleepy:

Does that mean i have to wipe absolutely everything? Or can i at least keep the files that were not encrypted - i.e Family photos that were untouched

It would really suck to have to lose everything man....

I actually can't give good advice on that. Since I there might be the possibilty that you might eventually taint your new install with the same worm again :/ ...You should try finding answers in a forum dedicated to anti-Virus/ anti ransomware. :/

Alright thank you so much though! I was really panicking for a moment there and wondering if i should just click on the link and see what the ransom was.

But after doing a bit of research it sounds more dangerous to go that route.
#7
Frank ツ Jun 2, 2019 @ 1:57pm 
I had this once agee ago, every file i clicked opened the webpage forcing me to buy an antivirus, i ended up just reformatting the pc.

It was quite funny though
#8
*P0P$*FR3$H3NM3Y3R* Jun 2, 2019 @ 2:01pm 
Originally posted by Frank ツ:
I had this once agee ago, every file i clicked opened the webpage forcing me to buy an antivirus, i ended up just reformatting the pc.

It was quite funny though
You gotta be trolling :S
#9
ChaosBahamut Jun 2, 2019 @ 5:29pm 
OP, I'd remove those links in your second post NOW if I were you.
#10
nathaniel b Jun 2, 2019 @ 5:46pm 
don't download tor, open the link, or send anyone any money!
this is some serious deep web ♥♥♥♥. If you cant find a solution, You might just have to accept the loss and factory reset your pc. I would recommend deleting everything, but if you really want to, you can save your family photos to a flash drive/usb stick before deleting everything
#11
BossGalaga Jun 2, 2019 @ 6:21pm 
Originally posted by RAEF626:
You got hit by ransomware. Nothing you can do unless you pay the ransom to get your files decrypted.

If you actually pay the ransom, they'll just ask you for more money because they'll assume if you're dumb enough to pay them that you'll be dumb enough to keep paying them.
#12
Muppet among Puppets Jun 2, 2019 @ 7:07pm 
A hard drive can fail every day.
Thats why you backup important things anyway.

You could keep the not encrypted valuable files. And treat them for a while as if they might be infected, and scan them at times in the future.
The encrypted files could be decryptable one day.

Find out how this happened in the first place.
#13
Omega Jun 2, 2019 @ 8:08pm 
You downloaded a virus and it encrypted all your files, you aren't "hacked".

Reinstall Windows, all your data is gone.

Disconnect the machine from your network in case it's one of the nasty ones which spreads like a worm. (Probably too late for that already)
Last edited by Omega; Jun 2, 2019 @ 8:09pm
#14
leonthesleepy Jun 2, 2019 @ 9:09pm 
Originally posted by Muppet among Puppets:
A hard drive can fail every day.
Thats why you backup important things anyway.

You could keep the not encrypted valuable files. And treat them for a while as if they might be infected, and scan them at times in the future.
The encrypted files could be decryptable one day.

Find out how this happened in the first place.

I think it had to do with me downloading video download software like "4k video downloader,keep vid pro" etc. Not entirely sure, but thats the last thing i remember that was installed. Also, my firewall was turned off when i went to check, so that only made things worse.

But yeah, good learning experience in general. Thank god i found a backup of my work elsewhere, so the encrypted files arent all that important. It was replacable stuff like steam downloads, and some videos that i already uploaded online. Plus a lot of apps.

I just ran AVG scanner and found the last copy of the virus and deleted it.

In case anyone is curious, it was labelled
Win32:Trojan-gen
HlpVk.exe

But thank you for the help everyone! So far my PC seems stable again, just have to go through the hassle of reinstalling a lot of apps. Going to get an extra HDD just to back up the really valuable stuff.
Last edited by leonthesleepy; Jun 2, 2019 @ 9:15pm
#15
< >
Showing 1-15 of 17 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Jun 2, 2019 @ 10:44am
Posts: 17
Start a New Discussion

Discussions Rules and Guidelines