Points of Required Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard | IRC: #abdev
Chatting Places
IRC: #kafuka | Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 4,775,694
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Calendar | Stats | Ranks | Online users | Search
01-19-18 05:41 PM
Guest: Register | Login

0 users currently in General Forum | 1 guest

Main - General Forum - Kafuka's CitiHall: "One does not simply ask for fries.. one demands it!" (14)
Next newer thread | Next older thread

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284

Epele
Posted on 02-09-14 09:46 PM Link | ID: 46011
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8264/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-09-14 09:53 PM Link | ID: 46027
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1124/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1124
Posted by Gywall
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.
That's exactly what it does.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-09-14 10:05 PM Link | ID: 46054
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8273/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-09-14 10:07 PM Link | ID: 46057
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1138/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1138
Posted by Gywall
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?
I don't know, but I think it may get those kind of documents too.

It's a pretty complex ransomware.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Emuz
Posted on 02-09-14 10:45 PM Link | ID: 46127
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 91


Posts: 2065/2922
EXP: 7428539
Next: 40373

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 2 min.
Last view: 1 min.
Oh wow I had no idea this was a real infection. Have you tried Malwarebytes? It works most of the time for when I have to do virus cleanup at work.
The last one I had to work on was in 3 or 4 places and would randomly geenrate filenames and use the registry to load it on login. Maybe you could examine the registry and see if you can stop it from spawning (hardly ever works.) If you can identify where the binaries are you could try using a Linux livecd and remove them.

Just some random suggestions.

The Plain Profile Administrator™


"Wastashi Dake ga Inai Boaado"

Epele
Posted on 02-09-14 10:46 PM Link | ID: 46128
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8303/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


The Hero In Every Pretty Pervy Yuri - Thieppy

Emuz
Posted on 02-09-14 10:48 PM Link | ID: 46129
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 91


Posts: 2066/2922
EXP: 7428539
Next: 40373

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 2 min.
Last view: 1 min.
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)

The Plain Profile Administrator™


"Wastashi Dake ga Inai Boaado"

Schezo
Posted on 02-10-14 06:29 AM Link | ID: 46179
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1170/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1170
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Emuz
Posted on 02-10-14 11:35 AM Link | ID: 46190
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 91


Posts: 2067/2922
EXP: 7428539
Next: 40373

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 2 min.
Last view: 1 min.
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.

The Plain Profile Administrator™


"Wastashi Dake ga Inai Boaado"

Schezo
Posted on 02-10-14 02:38 PM Link | ID: 46205
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1182/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1182
Posted by Emuz
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.
FBI ransomwares generally don't encrypt anything, but they do disable safe mode (usually) and lock computer access.

In any case, disallowing programs to run in the %appdata% and %localappdata% folder is the good way to prevent anything from happening. It should also prevent the installation of some rogue AVs.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 05:37 PM Link | ID: 46325
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8364/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-10-14 05:39 PM Link | ID: 46331
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1230/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1230
Posted by Gywall
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.
They generally all encrypt what I said before. There are countless extensions that would cover quite a bit of time to say.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:19 PM Link | ID: 46377
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8382/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-10-14 07:32 PM Link | ID: 46380
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1251/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1251
Posted by Gywall
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?
No, it does encrypt even that, looking at some videos on Youtube.

Generally, programs, libraries and other safe files aren't touched. Remember this ransomware is supposed to cause wrecks in office settings, among other places. >_>

Nobody wants the computer unable to boot (and therefore making the criminal unhappy as he would be unable to receive money).

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:33 PM Link | ID: 46383
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8383/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-10-14 07:35 PM Link | ID: 46385
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1254/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1254
Posted by Gywall
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.
It will encrypt documents, images, music and videos on every folder of any hard drive. Full stop.

Programs are unharmed.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:36 PM Link | ID: 46387
Administrator
The Sorceress.
Totally crushing on a certain french girl.

Level: 190


Posts: 8384/16076
EXP: 95817671
Next: 480222

Since: 01-01-12
From: UK

Last post: 1 hour
Last view: 46 min.
But then how does it know what a document is and what isn't?


The Hero In Every Pretty Pervy Yuri - Thieppy

Schezo
Posted on 02-10-14 07:44 PM Link | ID: 46403
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1260/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1260
Posted by Gywall
But then how does it know what a document is and what isn't?
Extension scanning.

It's similar to what Loveletter (except that overwrote files with itself) and other programs did.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website

ゼンガー・ゾンボルト
Posted on 02-10-14 07:47 PM Link | ID: 46406

Snifit
My name is Sanger Zonvolt. I am the Sword that cleaves evil!
Level: 118


Posts: 2296/5283
EXP: 18042283
Next: 340631

Since: 01-04-12
From: Sweden

Last post: 1 day
Last view: 32 min.
I believe Combofix could get rid of CryptoLocker.

____________________
There is nothing that can stand against my Zankantou!

My youtube channel
FFRK Brotherhood

Schezo
Posted on 02-10-14 07:49 PM Link | ID: 46413
Global Moderator

Red Cheep-cheep
GOT'EM
Level: 110


Posts: 1264/5207
EXP: 14312515
Next: 96371

Since: 01-29-14
From: ???

Last post: 36 days
Last view: 1 day
Post #1264
Posted by Trapster
I believe Combofix could get rid of CryptoLocker.
Any AV now can get rid of Cryptolocker.

About the encrypted files... well... not so much. x_x

There's no way to unencrypt them.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Red Cheep-cheep
aka Schezo
Level:110
Days:1451
Ranked:7
Links
???
Twitter
YouTube
Website
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284


Next newer thread | Next older thread
Main - General Forum - Kafuka's CitiHall: "One does not simply ask for fries.. one demands it!" (14)


Acmlmboard v2.5.3 (1/7/2018)
© 2005-2018 Acmlm, Emuz, et al.

Page rendered in 0.227 seconds. (773KB of memory used)
MySQL - queries: 192, rows: 634/659, time: 0.162 seconds.