Announcement

Collapse
No announcement yet.

OT'ish... Nasty new virus

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT'ish... Nasty new virus

    There is a diabolical new virus making the rounds that encrypts your files. After it - unknown to you - encrypts your files - it pops up a screen that tell you to pay $300 to unencrypt the files.

    This post explains it better than I can.

    http://www.bleepingcomputer.com/foru...6#entry3165383

    From this thread

    http://www.bleepingcomputer.com/foru...ijack-program/

    Be aware! Have good backups! (if your backup is an external drive or network - make sure you don't keep it connected...)
    sam

  • #2
    Another reason to run Windows as a virtual machine and take a snapshot frequently.

    Comment


    • #3
      People still run Winbloze ? I haven't touched that crap since 1996.

      Comment


      • #4
        I managed to escape the majority of the virus factory and the ransom ware going around. My mother, before she passed away didn't. A guy called her and offered to "clean up" her computer and delete old useless files. She fell for it, and before long, her computer was screwed up like you wouldn't believe. Then the guy who she had been talking with told her that if she bought their anti-virus software $300 download, all of her problems would go away. She didn't and they didn't. Eventually, the task fell to my brother and I who worked on the thing for a couple of weeks removing the ransom ware these clowns had installed. True, they knew how to get the malware out...after all, they put it in there.
        No good deed goes unpunished.

        Comment


        • #5
          I still have to use Micro$oft in my day job but for personal use linux is my choice. (linuxcnc is really what got me started in linux - now it is all I use)

          sam

          ps - we are migrating most of our file servers over to linux - but there is still software that requires windows server that we use.

          Comment


          • #6
            I would be very careful about this one. I looked it up on Symantec and F-Secure and found nothing to do with it on their sites. This is what is known as RansomWare. It will encryt many file types with an offer to decrypt for a fee, usually $300. These are the file types it encrpts:


            *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c

            It attacks via several methods. First is by sending reasonable looking e-mail to companies mainly talking about something like shipping. There is an attached executable file included which can appear to be a ZIP file. Do not open such files, especially from somebody you know. That's right, it is somebody you know that is the biggest threat because they are the people that send you the most mail that you trust. There is no reason to be sure they are not infected.

            The virus can also take over websites and trap you in a drive by infection. Make sure you have you browser JAVA disabled as that is the most common browser hole. It can also be sent via e-mail from anybody. Do not open attachments unless you are sure what they are and you are expecting them.

            Antivirus software can easily remove the virus but once your files are encrypted there is no way to decrypt them unless you pay the ransom. That only works some of the time so you will be out your money either way.

            There is a program that can assist you in recovering files that are no longer listed in the system. It is software that recovers files from shadow files which is something that is on every hard drive that Windows deals with when copying.

            See here: http://www.shadowexplorer.com/downloads.html
            Last edited by Evan; 09-25-2013, 07:22 PM.
            Free software for calculating bolt circles and similar: Click Here

            Comment


            • #7
              Another thing you can do to make your Windows machine safer is to create another user account that has limited permissions. If you set up a guest account for yourself with no write access to the system drive ( usually drive C:\) then the virus cannot install itself as when viri first encounter your machine they usually only have the same permission level as the current user and they always try to take over drive C:\ first. That will prevent nearly all viruses from taking over your machine.

              A guest account is very limiting so you will have to switch to your normal administrator level account to install software, then switch back to guest level for safety. That is how most operating systems work except for Windows.
              Free software for calculating bolt circles and similar: Click Here

              Comment


              • #8
                You don't need extra software to recover system files from the shadow file system. Windows has a built-in utility that already does that. It's called SFC. It will also repair the Registry. It can take multiple runs to complete all repairs but it works. It runs from an elevated command prompt.

                Comment


                • #9
                  Originally posted by Tilaran View Post
                  People still run Winbloze ? I haven't touched that crap since 1996.
                  Yup, can't see the reason to use inferior product that actually costs you money to get.
                  Amount of experience is in direct proportion to the value of broken equipment.

                  Comment


                  • #10
                    SFC only recovers Windows system files, nothing else.

                    The encryptor virus encrypts many many files other than systems files, all files with the extensions I posted.
                    Try recovering a few thousand files without that software.... ( or in my case a few million files...)
                    Free software for calculating bolt circles and similar: Click Here

                    Comment


                    • #11
                      Originally posted by Tilaran View Post
                      People still run Winbloze ? I haven't touched that crap since 1996.
                      I've used it since 1986 and none of the other "crap" even comes close to the utility of Windows. But, each to his own.

                      Comment


                      • #12
                        That's all that's in the shadow files is system and program files. And SFC does indeed repair links in the Registry. That list you posted is data files. Easy enough to get from backup.

                        Comment


                        • #13
                          Shadow files include anything that is copied, deleted or moved and in case of the system drive if images are made the shadow is the entire drive. It also covers anything that has been backed up. They will be written over as the data stored increases.

                          I have around at least 50,000 data files that I have created myself. Those are not easy to replace other than from a backup, which I have of course. That is only on one computer. Have several others in active use. My wife also has several, also in use.
                          Free software for calculating bolt circles and similar: Click Here

                          Comment


                          • #14
                            Originally posted by Jaakko Fagerlund View Post
                            Yup, can't see the reason to use inferior product that actually costs you money to get.
                            because they want to be able to run software they chose not what ever free ware is available.
                            The shortest distance between two points is a circle of infinite diameter.

                            Bluewater Model Engineering Society at https://sites.google.com/site/bluewatermes/

                            Comment


                            • #15
                              frigg.. windows bashing now is like a time warp.. but back in the 80's it was mac<>windows...


                              Windows works fine. If any of the non-mac os'es had a market share, the virus guys would be all over them also. Luckily the bad guys skipped the rest and are now going for the phones


                              Back to the topic -yep.. bad virus, but this stuff has been around forever. Practice safe computing and you'll likely never see it.

                              Comment

                              Working...
                              X