Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: TequilaChaser on May 06, 2016, 02:29:20 PM
-
I finally got nailed by a damn ransomware crypt virus, during removal of last version of ESET SS, and before I could get the new version installed!
Un freaking real....
Thank GOD, my network and server are not see able via drive letter
This is going to take a while
TC
-
Can it still be bypassed by doing a roll back with the installation media?
Please inform about any other tricks you use, there's been suspiciously silent recently...
-
Will do....
So far nothing from malware bytes has worked
Running ESET online scanner now, so far it's caught 5 copies of the crypt Trojan and 707 infected files....
Been over 21 years since I had a virus catch me.....geez
NOTICE: these types of viruses are prone to hit online MMO games!
TC
-
scanned results: 723 infected files ---> 687 cleaned ---> 36 Quarantined <---most of these is all AMD Crimson Driver folder Crimson Driver ver 16.3
will see how much more damage it has done and keep everyone posted
TC
-
Can it still be bypassed by doing a roll back with the installation media?
no rollbacks, no restores can be done
it destroys all shadow copies and restore points, all pictures, video, music, etc........
only thing I think will be the safest option is to do a complete format of every drive / partition and start over fresh, once I make sure that the drives ( HD's and SSD's have been scrubbed thoroughly )
taking this pc offline as soon as I finish this post
TC
-
Stay off the porn.....lol
-
Stay off the porn.....lol
Funny haha.....
Lost all the pictures of my granddaughter, Rudeboi....that I had taken myself and videos of her
TC
-
it destroys all shadow copies and restore points, all pictures, video, music, etc........
That reminds me of some ransomware virus which seemed to destroy everything. In reality it moved them to one of the Temp folders, also changing their attributes to hidden system files. For cleaning purposes the Temp folders are often the first ones to be emptied...
Anyway, there was some script available from Bleepingcomputers.com to undo the changes, and even if there isn't and you have lost something that hadn't been backed up you might want to take a look into the Temps with a bootable Linux.
-
Rgr Bizman.... I have what is it? Hiren's CD on a USB stick... hadn't thought of that til you mentioned Linux
It has like 700 different programs, script, cleaners, etc... including Linux boot ability
Swapping systems out right now so I can hopefully make FSO tonight
Thank you for the tip
TC
-
Some ransomware can be decrypted :
https://noransom.kaspersky.com/ (https://noransom.kaspersky.com/)
-
The new ransomware is a pain in the butt. It's coming out in variants so fast and so thick that most AV software is no longer able to keep up.
There is a new type of AV software hitting the market. Products like Cylance, Carbon Black, and I think Web Root has some goodness in it. These products have moved away from relying on signatures.
I get involved in a lot of security product testing (for work, alpha and beta code). In the last few months have been testing some new AV analysis stuff and boy what the desktop AV doesn't pick up scares the crap outta me. We have a pilot program at work to trial other software, and Cylance is one of them (unfortunately it's not available for consumers). It picked up stuff McAfee, Kaspersky, and Microsoft completely missed.
If anyone were to ask me for a home I would probably look at the Webroot products.
-
cryptoware virus, every boot infected more. I erased and did a clean install!
Nasty piece of work, never keep your valuable files, only, on your surfing pc.
-
you can recover most of your files by using undelete program. it encrypts your files and then deletes them the older file.
-
Had the same type of thing happen to me just 2 weeks ago. was just doing a search for a home repair project and wow 1 click and wow, instant cyber bomb. i also had Malwarebytes and did no good other then continue to locate new Trojans and infected files. after about 10 repeated scans it was just easier to reinstall windows.
this is why i store all my need to be saved data on external HDs. after reinstalling windows ,motherboard drivers , video card drivers , i just plug in my external HD with all my installed programs i had and in about 4 or 5 hours im right back to where i left off
-
Mikev, since you seem to take precautions, a System Image would save you quite a lot of time. Simply create one every now and then when you know your system is exactly like you like it, especially when you have installed some new programs which require the registration to be reopened after each reinstall. Creating one doesn't take too much time, it doesn't eat resources in the background and restoring your entire system on a blank hard disk will only take about half an hour or so. In between making copies of new single files and folders just in case is good maintenance.
For you and others who might be interested, here's how: http://windows.microsoft.com/en-us/windows/back-up-programs-system-settings-files#1TC=windows-7 (http://windows.microsoft.com/en-us/windows/back-up-programs-system-settings-files#1TC=windows-7)
-
yup a good plan Bizman . i like most just get to confident when browsing the net, and like most think our antivirus and malware will always save us. i sure hope someday they find a way to police the web so that people who do this stuff get what they deserve.
-
New Security News Article up today at http://www.bleepingcomputer.com
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
[/TeslaCrypt shuts down and Releases Master Decryption Key 5'18/2016 4:00pm
unfortunate that this is not the crypt virus that I caught.......
I , myself normally do back ups of my different OS HD's/SSD's and other pertinent files and information etc.... on a regular basis, sometimes depending on the subject matter 2 or 3 times a week......... for some unknown reason though, I slipped up and had not done my routine back ups of anything since I went to Florida Last October for my Grand Daughter's first Birthday........ all I can say is lessoned learned! ( again for the 2nd time in 21 + years, since the last virus that hit any of my own computers back around 1994/1995??? )
I did not lose as much as I first thought I had, just mainly the pictures and videos from Lauren's ( my Grand Daughter ) 1st Birthday, Family Reunion pictures/videos, Christmas Pictures and Videos....... all my stuff on the Intel i7-2600k system having to do with FSO/KOTH films and Aces High and AH3 Beta stuff ( pics, films, etc, I had made )
Thank Goodness I had over 62 GB's of music on my smart phone, and had nearly 224 GB's of Music I had copied over for my Dad to his PC's data storage Drive,, of older music.........my phone's 62 GB's worth is all new current stuff I have gotten recently and didn't have copied nowhere else.......
all HD's and SSD's have been scrubbed and reformatted....... just need to install the OS and start over........ thinking I will just stick with 1 OS this time, and forgo any muti-OS Boot setup like I had before........
side note: now that I had time to calm down, and fully diagnose how the dang virus got on my computer to begin with.... I have come to the conclusion that it was already on the computer before I even bothered with uninstalling/updating ESET from ESS8 to ESS9......... when I went to turn the computer on that Friday Morning ( I had turned it off Weds Evening as bad thunderstorms were rolling in ) the computer started up like it normally does, but before the screen could fully load the bios/cmos/DOS boot screen, the computer immediately shut itself down, waited a couple of seconds then restarted............and then proceeded to boot up as normal.......... I have concluded that this is when it loaded/installed the crypt virus..........and since it was already there, no matter what I was going to do with ESET, it would never have shown up any flags!
I only knew something was wrong, when I went to play KOTH in Aces High, and the title music was suddenly playing again, the background AH logo was missing, I couldn't see my mouse, and my normally saved login info was mostly missing, but some of the characters was written/typed in ancsi type of text......
ok.................here's hoping and praying none of the AH Players / AH Community ever run into such a nasty virus, this one will truly make you feel terribly sick!
sincerely,
TC
-
I have been a happy Webroot user, since soon 1,5 years.
Before Webroot I was using free product.
-
I have been a happy Webroot user, since soon 1,5 years.
Before Webroot I was using free product.
Yeah I believe webroot is using the next-gen endpoint AV (uses sandboxing type techniques)? Is that right.
The other two clients that do it are Cylance and Carbon Black - but neither are available to consumers (enterprise only). I use cylance and it rocks.