Author Topic: Would you believe?  (Read 2215 times)

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Would you believe?
« on: May 06, 2016, 02:29:20 PM »
I finally got nailed by a damn ransomware crypt virus, during removal of last version of ESET SS, and before I could get the new version installed!

Un freaking real....

Thank GOD, my network and server are not see able via drive letter

This is going to take a while

TC
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9692
Re: Would you believe?
« Reply #1 on: May 06, 2016, 02:50:23 PM »
Can it still be bypassed by doing a roll back with the installation media?

Please inform about any other tricks you use, there's been suspiciously silent recently...

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Re: Would you believe?
« Reply #2 on: May 06, 2016, 03:00:12 PM »
Will do....

So far nothing from malware bytes has worked

Running ESET online scanner now, so far it's caught 5 copies of the crypt Trojan and 707 infected files....

Been over 21 years since I had a virus catch me.....geez

NOTICE: these types of viruses are prone to hit online MMO games!

TC
« Last Edit: May 06, 2016, 03:03:01 PM by TequilaChaser »
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Re: Would you believe?
« Reply #3 on: May 06, 2016, 03:17:47 PM »
scanned results:  723 infected files ---> 687 cleaned ---> 36 Quarantined <---most of these is all AMD Crimson Driver folder Crimson Driver ver 16.3


will see how much more damage it has done and keep everyone posted

TC
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Re: Would you believe?
« Reply #4 on: May 06, 2016, 03:27:48 PM »
Can it still be bypassed by doing a roll back with the installation media?

no rollbacks, no restores can be done

it destroys all shadow copies and restore points, all pictures, video, music, etc........

only thing I think will be the safest option is to do a complete format of every drive / partition and start over fresh, once I make sure that the drives ( HD's and SSD's have been scrubbed thoroughly )

taking this pc offline as soon as I finish this post

TC
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline hgtonyvi

  • Silver Member
  • ****
  • Posts: 1945
Re: Would you believe?
« Reply #5 on: May 06, 2016, 03:36:25 PM »
Stay off the porn.....lol

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Re: Would you believe?
« Reply #6 on: May 06, 2016, 03:40:01 PM »
Stay off the porn.....lol

Funny haha.....

Lost all the pictures of my granddaughter, Rudeboi....that I had taken myself and videos of her

TC
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9692
Re: Would you believe?
« Reply #7 on: May 06, 2016, 03:54:42 PM »
it destroys all shadow copies and restore points, all pictures, video, music, etc........

That reminds me of some ransomware virus which seemed to destroy everything. In reality it moved them to one of the Temp folders, also changing their attributes to hidden system files. For cleaning purposes the Temp folders are often the first ones to be emptied...

Anyway, there was some script available from Bleepingcomputers.com to undo the changes, and even if there isn't and you have lost something that hadn't been backed up you might want to take a look into the Temps with a bootable Linux.

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Re: Would you believe?
« Reply #8 on: May 06, 2016, 04:15:40 PM »
Rgr Bizman.... I have what is it? Hiren's CD on a USB stick... hadn't thought of that til you mentioned Linux

It has like 700 different programs, script, cleaners, etc... including Linux boot ability

Swapping systems out right now so I can hopefully make FSO tonight

Thank you for the tip

TC
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline save

  • Gold Member
  • *****
  • Posts: 2873
Re: Would you believe?
« Reply #9 on: May 08, 2016, 06:58:01 PM »
Some ransomware can be decrypted :

https://noransom.kaspersky.com/

My ammo last for 6 Lancasters, or one Yak3.
"And the Yak 3 ,aka the "flying Yamato"..."
-Caldera

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9915
Re: Would you believe?
« Reply #10 on: May 08, 2016, 08:56:17 PM »
The new ransomware is a pain in the butt. It's coming out in variants so fast and so thick that most AV software is no longer able to keep up.

There is a new type of AV software hitting the market. Products like Cylance, Carbon Black, and I think Web Root has some goodness in it. These products have moved away from relying on signatures.

I get involved in a lot of security product testing (for work, alpha and beta code). In the last few months have been testing some new AV analysis stuff and boy what the desktop AV doesn't pick up scares the crap outta me. We have a pilot program at work to trial other software, and Cylance is one of them (unfortunately it's not available for consumers). It picked up stuff McAfee, Kaspersky, and Microsoft completely missed.

If anyone were to ask me for a home I would probably look at the Webroot products.

Offline MADe

  • Silver Member
  • ****
  • Posts: 1117
Re: Would you believe?
« Reply #11 on: May 08, 2016, 09:35:10 PM »
cryptoware virus, every boot infected more. I erased and did a clean install!
Nasty piece of work, never keep your valuable files, only, on your surfing pc.
ASROCK X99 Taichi, INTEL i7 6850@4.5GHz, GIGABYTE GTX 1070G1, Kingston HyperX 3000MHz DDR4, OCZ 256GB RD400, Seasonic 750W PSU, SONY BRAVIA 48W600B, Windows 10 Pro /64

Offline flyndung

  • Copper Member
  • **
  • Posts: 119
Re: Would you believe?
« Reply #12 on: May 10, 2016, 10:00:20 AM »
you can recover most of your files by using undelete program. it encrypts your files and then deletes them the older file.

Offline mikev

  • Nickel Member
  • ***
  • Posts: 581
Re: Would you believe?
« Reply #13 on: May 10, 2016, 12:26:38 PM »
  Had the same type of thing happen to me just 2 weeks ago. was just doing a search for a home repair project and wow 1 click and wow, instant cyber bomb. i also had Malwarebytes and did no good other then continue to locate new Trojans and infected files. after about 10 repeated scans it was just easier to reinstall windows.
  this is why i store all my need to be saved data on external HDs. after reinstalling windows ,motherboard drivers , video card drivers , i just plug in my external HD with all my installed programs i had and in about 4 or 5 hours im right back to where i left off
1 Of these days you will regret shooting me down.
https://www.youtube.com/watch?v=_R4qb6_RPUc

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9692
Re: Would you believe?
« Reply #14 on: May 10, 2016, 01:05:59 PM »
Mikev, since you seem to take precautions, a System Image would save you quite a lot of time. Simply create one every now and then when you know your system is exactly like you like it, especially when you have installed some new programs which require the registration to be reopened after each reinstall. Creating one doesn't take too much time, it doesn't eat resources in the background and restoring your entire system on a blank hard disk will only take about half an hour or so. In between making copies of new single files and folders just in case is good maintenance.

For you and others who might be interested, here's how: http://windows.microsoft.com/en-us/windows/back-up-programs-system-settings-files#1TC=windows-7