Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard
Chatting Places
Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 8,937,290
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
03-19-24 08:32 AM
Guest: Register | Login

0 users currently in General Forum | 12 bots

Main - General Forum - Kafuka's CitiHall: "Scattered before you there are three tomes.." (15)
Next newer thread | Next older thread

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339

Epele
Posted on 02-09-14 09:46 PM Link | ID: 46011
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8264/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.


The world could always use more heroes!

Kak
Posted on 02-09-14 09:53 PM Link | ID: 46027
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1124/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1124
Posted by Gywall
So it scans for files. Ouch.

I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that.
That's exactly what it does.

-----

Epele
Posted on 02-09-14 10:05 PM Link | ID: 46054
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8273/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?


The world could always use more heroes!

Kak
Posted on 02-09-14 10:07 PM Link | ID: 46057
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1138/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1138
Posted by Gywall
So essentially, if you avoid things like .doc.. and other commonplace formats..

Maybe it's too dumb to target OpenOffice documents?
I don't know, but I think it may get those kind of documents too.

It's a pretty complex ransomware.

-----

Emuz
Posted on 02-09-14 10:45 PM Link | ID: 46127
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 108


Posts: 2065/3392
EXP: 13196963
Next: 323536

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 106 days
Last view: 6 days
Oh wow I had no idea this was a real infection. Have you tried Malwarebytes? It works most of the time for when I have to do virus cleanup at work.
The last one I had to work on was in 3 or 4 places and would randomly geenrate filenames and use the registry to load it on login. Maybe you could examine the registry and see if you can stop it from spawning (hardly ever works.) If you can identify where the binaries are you could try using a Linux livecd and remove them.

Just some random suggestions.

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Epele
Posted on 02-09-14 10:46 PM Link | ID: 46128
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8303/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


The world could always use more heroes!

Emuz
Posted on 02-09-14 10:48 PM Link | ID: 46129
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 108


Posts: 2066/3392
EXP: 13196963
Next: 323536

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 106 days
Last view: 6 days
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Kak
Posted on 02-10-14 06:29 AM Link | ID: 46179
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1170/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1170
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.

-----

Emuz
Posted on 02-10-14 11:35 AM Link | ID: 46190
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 108


Posts: 2067/3392
EXP: 13196963
Next: 323536

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 106 days
Last view: 6 days
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.

The Dynamic Profile Administrator™


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Kak
Posted on 02-10-14 02:38 PM Link | ID: 46205
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1182/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1182
Posted by Emuz
Posted by KuSki
Posted by Emuz
Posted by Gywall
Well, KuSki collects them and runs virtual machines with them.

Maybe he could research how to keep ourselves safe?


That's like a good idea! That's how you gain knowledge to fight these things! :)
Generally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.

Second. this page is what everyone needs to see to understand what's going on and how to prevent it.

This is because there's no way to decrypt the files without paying due to the complex encryption scheme used.


Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like.

I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc.
FBI ransomwares generally don't encrypt anything, but they do disable safe mode (usually) and lock computer access.

In any case, disallowing programs to run in the %appdata% and %localappdata% folder is the good way to prevent anything from happening. It should also prevent the installation of some rogue AVs.

-----

Epele
Posted on 02-10-14 05:37 PM Link | ID: 46325
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8364/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.


The world could always use more heroes!

Kak
Posted on 02-10-14 05:39 PM Link | ID: 46331
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1230/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1230
Posted by Gywall
Well, that's one thing.

I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions.
They generally all encrypt what I said before. There are countless extensions that would cover quite a bit of time to say.

-----

Epele
Posted on 02-10-14 07:19 PM Link | ID: 46377
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8382/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?


The world could always use more heroes!

Kak
Posted on 02-10-14 07:32 PM Link | ID: 46380
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1251/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1251
Posted by Gywall
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.

Maybe you should just store your data in the windows folder directory?
No, it does encrypt even that, looking at some videos on Youtube.

Generally, programs, libraries and other safe files aren't touched. Remember this ransomware is supposed to cause wrecks in office settings, among other places. >_>

Nobody wants the computer unable to boot (and therefore making the criminal unhappy as he would be unable to receive money).

-----

Epele
Posted on 02-10-14 07:33 PM Link | ID: 46383
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8383/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.


The world could always use more heroes!

Kak
Posted on 02-10-14 07:35 PM Link | ID: 46385
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1254/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1254
Posted by Gywall
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware.
It will encrypt documents, images, music and videos on every folder of any hard drive. Full stop.

Programs are unharmed.

-----

Epele
Posted on 02-10-14 07:36 PM Link | ID: 46387
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 8384/20774
EXP: 199971951
Next: 1953941

Since: 01-01-12
From: UK

Last post: 804 days
Last view: 20 hours
But then how does it know what a document is and what isn't?


The world could always use more heroes!

Kak
Posted on 02-10-14 07:44 PM Link | ID: 46403
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1260/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1260
Posted by Gywall
But then how does it know what a document is and what isn't?
Extension scanning.

It's similar to what Loveletter (except that overwrote files with itself) and other programs did.

-----

ゼンガー・ゾンボルト
Posted on 02-10-14 07:47 PM Link | ID: 46406
Normal User

Roy Koopa
My name is Sanger Zonvolt. I am the Sword that cleaves evil!
Level: 153


Posts: 2296/7703
EXP: 45141470
Next: 181934

Since: 01-04-12
From: Sweden

Last post: 1021 days
Last view: 984 days
I believe Combofix could get rid of CryptoLocker.

____________________
There is nothing that can stand against my Zankantou!

My youtube channel
FFRK Brotherhood

Kak
Posted on 02-10-14 07:49 PM Link | ID: 46413
Global Moderator

Bullet Bill
well then
Level: 129


Posts: 1264/5515
EXP: 24918075
Next: 131579

Since: 01-29-14
From: ???

Last post: 799 days
Last view: 745 days
Post #1264
Posted by Trapster
I believe Combofix could get rid of CryptoLocker.
Any AV now can get rid of Cryptolocker.

About the encrypted files... well... not so much. x_x

There's no way to unencrypt them.

-----
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339


Next newer thread | Next older thread
Main - General Forum - Kafuka's CitiHall: "Scattered before you there are three tomes.." (15)


Acmlmboard v2.5.5 (10/04/2020)
© 2005-2024 Acmlm, Emuz, et al.

Page rendered in 0.329 seconds. (1015KB of memory used)
MySQL - queries: 214, rows: 705/739, time: 0.296 seconds.