|
||||||
Views:
11,648,161 |
![]() ![]() ![]() ![]() |
02-11-25 06:48 PM |
||||
Guest: Register | Login |
0 users currently in General Forum | 2 guests | 5 bots |
Main - General Forum - Kafuka's CitiHall: "Scattered before you there are three tomes.." (15) |
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8264/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
So it scans for files. Ouch.
I wonder if it's searching for file extensions then. It'd be interesting to know if it searches like that. The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1124/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8273/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
So essentially, if you avoid things like .doc.. and other commonplace formats..
Maybe it's too dumb to target OpenOffice documents? The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1138/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Emuz |
| ||
Site Administrator
![]() 11 Hit Combo: Mother's Rosario Level: 109 ![]() ![]() ![]() ![]() Posts: 2065/3393 EXP: 13681444 Next: 278201 Since: 12-30-11 From: Akron, Ohio; USA Last post: 196 days Last view: 1 day |
Oh wow I had no idea this was a real infection. Have you tried Malwarebytes? It works most of the time for when I have to do virus cleanup at work.
The last one I had to work on was in 3 or 4 places and would randomly geenrate filenames and use the registry to load it on login. Maybe you could examine the registry and see if you can stop it from spawning (hardly ever works.) If you can identify where the binaries are you could try using a Linux livecd and remove them. Just some random suggestions. The Dynamic Profile Administrator™"Never Knows Best" Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!! 'Victory Noriko' by @thatsheepagain. 'Chibi Dance Noriko' by @Haru__Kitsu. 'Deity's Night Out (Featuring Gabbie)' by @thatsheepagain Noriko Emotes by @Haru__Kitsu. Side Bar Noriko by @thatsheepagain 'Noriko's Nature Walk' by @projectTiGER_ Emotive Noriko by @thatsheepagain. "Space Candy Noriko" by BerryVerrine. "Super Sharp Noriko" by Xionfes. A gift illustration from the wonderful EverKinzPony! "Magical Girl Noriko" by @cute_hospital! "Patient Chibi Noriko" by @Ruii_ki! 'Dapper '60s Noriko' by @thatsheepagain. 'Shiny Chibi Noriko' by @inioli. 'Flower Veil Noriko' by @Sushiee_. 'Noriko in Realism' by @_Sarybuu. 'Noriko's Midnight Adventure' by @projectTiGER_ 'Yukata Noriko' by @yunyunmaru_ 'Birthday Wishes Noriko' by @thatsheepagain |
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8303/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
Well, KuSki collects them and runs virtual machines with them.
Maybe he could research how to keep ourselves safe? The world could always use more heroes! |
Emuz |
| ||
Site Administrator
![]() 11 Hit Combo: Mother's Rosario Level: 109 ![]() ![]() ![]() ![]() Posts: 2066/3393 EXP: 13681444 Next: 278201 Since: 12-30-11 From: Akron, Ohio; USA Last post: 196 days Last view: 1 day |
Posted by Gywall That's like a good idea! That's how you gain knowledge to fight these things! ![]() The Dynamic Profile Administrator™"Never Knows Best" Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!! 'Victory Noriko' by @thatsheepagain. 'Chibi Dance Noriko' by @Haru__Kitsu. 'Deity's Night Out (Featuring Gabbie)' by @thatsheepagain Noriko Emotes by @Haru__Kitsu. Side Bar Noriko by @thatsheepagain 'Noriko's Nature Walk' by @projectTiGER_ Emotive Noriko by @thatsheepagain. "Space Candy Noriko" by BerryVerrine. "Super Sharp Noriko" by Xionfes. A gift illustration from the wonderful EverKinzPony! "Magical Girl Noriko" by @cute_hospital! "Patient Chibi Noriko" by @Ruii_ki! 'Dapper '60s Noriko' by @thatsheepagain. 'Shiny Chibi Noriko' by @inioli. 'Flower Veil Noriko' by @Sushiee_. 'Noriko in Realism' by @_Sarybuu. 'Noriko's Midnight Adventure' by @projectTiGER_ 'Yukata Noriko' by @yunyunmaru_ 'Birthday Wishes Noriko' by @thatsheepagain |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1170/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Emuz |
| ||
Site Administrator
![]() 11 Hit Combo: Mother's Rosario Level: 109 ![]() ![]() ![]() ![]() Posts: 2067/3393 EXP: 13681444 Next: 278201 Since: 12-30-11 From: Akron, Ohio; USA Last post: 196 days Last view: 1 day |
Posted by KuSkiPosted by EmuzGenerally, you don't want to run programs in the %appdata% folder, considering just visiting some websites will automatically install Cryptolocker.Posted by Gywall Indeed. I am an IT professional as an occupation. I am well aware of how bad Cryptolocker and any new strains of same can be (not in person thankfully). Sometimes even if you do pay they don't get you the decrypt key. Also what makes it bad is it will encrypt network shares, USB/external disks and the like. I think @Gywall was referring to some of the less effective viruses/malware/"scareware w/o encryption" etc. The Dynamic Profile Administrator™"Never Knows Best" Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!! 'Victory Noriko' by @thatsheepagain. 'Chibi Dance Noriko' by @Haru__Kitsu. 'Deity's Night Out (Featuring Gabbie)' by @thatsheepagain Noriko Emotes by @Haru__Kitsu. Side Bar Noriko by @thatsheepagain 'Noriko's Nature Walk' by @projectTiGER_ Emotive Noriko by @thatsheepagain. "Space Candy Noriko" by BerryVerrine. "Super Sharp Noriko" by Xionfes. A gift illustration from the wonderful EverKinzPony! "Magical Girl Noriko" by @cute_hospital! "Patient Chibi Noriko" by @Ruii_ki! 'Dapper '60s Noriko' by @thatsheepagain. 'Shiny Chibi Noriko' by @inioli. 'Flower Veil Noriko' by @Sushiee_. 'Noriko in Realism' by @_Sarybuu. 'Noriko's Midnight Adventure' by @projectTiGER_ 'Yukata Noriko' by @yunyunmaru_ 'Birthday Wishes Noriko' by @thatsheepagain |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1182/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8364/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
Well, that's one thing.
I'd kinda like to know what kind of files the others encrypt. By that, I mean file extensions. The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1230/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8382/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
I would suspect certain extensions should be safe to prevent it from self-defeating. You wouldn't want to touch drivers.cab for sure. That's just asking for problems. Also, a lot of windows folder files too.
Maybe you should just store your data in the windows folder directory? The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1251/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8383/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
Encrypting things in the windows folder could be bad. Some systems will just crash due to not being able to run certain programs required by the hardware. The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1254/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Epele |
| ||
Site Administrator
The Sorceress. Boing~ Level: 237 ![]() ![]() ![]() ![]() Posts: 8384/20774 EXP: 207224920 Next: 754014 Since: 01-01-12 From: UK Last post: 1133 days Last view: 4 hours |
But then how does it know what a document is and what isn't? The world could always use more heroes! |
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1260/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
ゼンガー・ゾンボルト |
| |||
Normal User
![]() Roy Koopa My name is Sanger Zonvolt. I am the Sword that cleaves evil! Level: 155 ![]() ![]() ![]() ![]() Posts: 2296/7703 EXP: 46779511 Next: 637709 Since: 01-04-12 From: Sweden Last post: 1350 days Last view: 1314 days |
|
Kak |
| |||||
Global Moderator
![]() Bullet Bill well then Level: 131 ![]() ![]() ![]() ![]() Posts: 1264/5515 EXP: 26003243 Next: 421377 Since: 01-29-14 From: ??? Last post: 1128 days Last view: 1074 days |
|
Main - General Forum - Kafuka's CitiHall: "Scattered before you there are three tomes.." (15) |
Acmlmboard v2.5.6 (06/11/2024) © 2005-2025 Acmlm, Emuz, et al. |
MySQL - queries: 213, rows: 699/734, time: 0.287 seconds. |