Points of Required Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard | IRC: #abdev
Chatting Places
IRC: #kafuka | Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 5,404,737
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Calendar | Stats | Ranks | Online users | Search
08-16-18 11:50 AM
Guest: Register | Login

0 users currently in General Forum | 1 guest | 1 bot

Main - General Forum - Kafuka's CitiHall: "J♠ J♣ A♠ Q♠ A♡ - Would you go alone?" (14)
Next newer thread | Next older thread

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316

Epele
Posted on 02-09-14 09:46 PM Link | ID: 46011
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8264/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-09-14 09:53 PM Link | ID: 46027
Global Moderator

Bloober
heh
Level: 115


Posts: 1124/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1124
Posted by Gywall
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.
That's exactly what it does.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-09-14 10:05 PM Link | ID: 46054
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8273/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-09-14 10:07 PM Link | ID: 46057
Global Moderator

Bloober
heh
Level: 115


Posts: 1138/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1138
Posted by Gywall
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?
I don't know, but I think it may get those kind of documents too.

It's a pretty complex ransomware.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Emuz
Posted on 02-09-14 10:45 PM Link | ID: 46127
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 97


Posts: 2065/3264
EXP: 9174705
Next: 142620

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 21 hours
Last view: 16 hours
Oh wow I had no idea this was a real infection. Have you tried Malwarebytes? It works most of the time for when I have to do virus cleanup at work.
The last one I had to work on was in 3 or 4 places and would randomly geenrate filenames and use the registry to load it on login. Maybe you could examine the registry and see if you can stop it from spawning (hardly ever works.) If you can identify where the binaries are you could try using a Linux livecd and remove them.

Just some random suggestions.

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Epele
Posted on 02-09-14 10:46 PM Link | ID: 46128
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8303/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Emuz
Posted on 02-09-14 10:48 PM Link | ID: 46129
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 97


Posts: 2066/3264
EXP: 9174705
Next: 142620

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 21 hours
Last view: 16 hours
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Schezo
Posted on 02-10-14 06:29 AM Link | ID: 46179
Global Moderator

Bloober
heh
Level: 115


Posts: 1170/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1170
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Emuz
Posted on 02-10-14 11:35 AM Link | ID: 46190
Acmlmistrator

11 Hit Combo:
Mother's Rosario
Level: 97


Posts: 2067/3264
EXP: 9174705
Next: 142620

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 21 hours
Last view: 16 hours
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Schezo
Posted on 02-10-14 02:38 PM Link | ID: 46205
Global Moderator

Bloober
heh
Level: 115


Posts: 1182/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1182
Posted by Emuz
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.
FBI ransomwares generally don't encrypt anything, but they do disable safe mode (usually) and lock computer access.

In any case, disallowing programs to run in the %appdata% and %localappdata% folder is the good way to prevent anything from happening. It should also prevent the installation of some rogue AVs.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 05:37 PM Link | ID: 46325
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8364/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-10-14 05:39 PM Link | ID: 46331
Global Moderator

Bloober
heh
Level: 115


Posts: 1230/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1230
Posted by Gywall
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.
They generally all encrypt what I said before. There are countless extensions that would cover quite a bit of time to say.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:19 PM Link | ID: 46377
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8382/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-10-14 07:32 PM Link | ID: 46380
Global Moderator

Bloober
heh
Level: 115


Posts: 1251/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1251
Posted by Gywall
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?
No, it does encrypt even that, looking at some videos on Youtube.

Generally, programs, libraries and other safe files aren't touched. Remember this ransomware is supposed to cause wrecks in office settings, among other places. >_>

Nobody wants the computer unable to boot (and therefore making the criminal unhappy as he would be unable to receive money).

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:33 PM Link | ID: 46383
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8383/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-10-14 07:35 PM Link | ID: 46385
Global Moderator

Bloober
heh
Level: 115


Posts: 1254/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1254
Posted by Gywall
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.
It will encrypt documents, images, music and videos on every folder of any hard drive. Full stop.

Programs are unharmed.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

Epele
Posted on 02-10-14 07:36 PM Link | ID: 46387
Administrator
The Sorceress.
Warning: Explicit Content.

Level: 206


Posts: 8384/18849
EXP: 127266039
Next: 347340

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 1 hour
But then how does it know what a document is and what isn't?


<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Schezo
Posted on 02-10-14 07:44 PM Link | ID: 46403
Global Moderator

Bloober
heh
Level: 115


Posts: 1260/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1260
Posted by Gywall
But then how does it know what a document is and what isn't?
Extension scanning.

It's similar to what Loveletter (except that overwrote files with itself) and other programs did.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website

ゼンガー・ゾンボルト
Posted on 02-10-14 07:47 PM Link | ID: 46406

Hammer Brother
My name is Sanger Zonvolt. I am the Sword that cleaves evil!
Level: 127


Posts: 2296/6094
EXP: 23385338
Next: 341228

Since: 01-04-12
From: Sweden

Last post: 1 day
Last view: 13 hours
I believe Combofix could get rid of CryptoLocker.

____________________
There is nothing that can stand against my Zankantou!

My youtube channel
FFRK Brotherhood

Schezo
Posted on 02-10-14 07:49 PM Link | ID: 46413
Global Moderator

Bloober
heh
Level: 115


Posts: 1264/5444
EXP: 16364402
Next: 446962

Since: 01-29-14
From: ???

Last post: 8 days
Last view: 8 days
Post #1264
Posted by Trapster
I believe Combofix could get rid of CryptoLocker.
Any AV now can get rid of Cryptolocker.

About the encrypted files... well... not so much. x_x

There's no way to unencrypt them.

You may or may not be able to recognize where I stole this grid background from.
Stats
Kak
Bloober
aka Schezo
Level:115
Days:1659
Ranked:6
Links
???
Twitter
YouTube
Website
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316


Next newer thread | Next older thread
Main - General Forum - Kafuka's CitiHall: "J♠ J♣ A♠ Q♠ A♡ - Would you go alone?" (14)


Acmlmboard v2.5.4 (8/04/2018)
© 2005-2018 Acmlm, Emuz, et al.

Page rendered in 0.499 seconds. (1041KB of memory used)
MySQL - queries: 211, rows: 665/699, time: 0.275 seconds.