| Author |
Message |
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
 Posted:
Fri Feb 20, 2015 3:58 pm |
  |
My so emailed me the pic below of her laptop. She can't open any word files. She brought her laptop to some computerrepairguy (i'm still pissed about this) who said he probably cant do anything about it (even more pissed about this). and she will be missing her laptop this weekend (godd@#$!@#@#) Also now she can't do any work this weekend. (meltdown imminent  )
Any ideas what I'll be dealing with here?
She told me she didn't open any email attachments
Didn't open any dodgy facebook video who redirect you to some website.
 |
_________________
   
www.microsoft.com
|
|
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13579
Location: In self-isolation practicing social distancing
|
| Posted:
Fri Feb 20, 2015 4:09 pm |
|
Its ransomware of some sort - the readme file would probably tell you which and you may find removal instructions on the web. |
_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
 x 5    
                                   x 335   🚽
 x 4  x 1746  x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
|
Roycropper
Baiting Guru
Joined: 14 Nov 2005
Posts: 7992
Location: Luxury Coffin
|
| Posted:
Fri Feb 20, 2015 4:12 pm |
|
|
|
|
|
Mattaz
Baiting Guru
Joined: 02 Jan 2015
Posts: 2073
Location: I'm on my way from happiness to misery with you
|
| Posted:
Fri Feb 20, 2015 5:03 pm |
|
I can recommend you to search for help at http://www.spywareinfoforum.com/
There are many volunteers who are specialized in removing all kinds of malware. Years ago I was one of them.
It takes some time because you have to follow the instructions they are giving you and you have to do all scanning and stuff by yourself, but it can save you a lot of money.
They will explain every step in detail so it is easy to do.
If you're from the lowlands I can recommend http://www.mivercon.be/forum/ |
_________________
🍰
"I am truly not a happy fellow at the moment." - Mr.George |
|
|
|
|
Joker
*** BANNED ***
Joined: 26 Jul 2012
Posts: 1116
|
| Posted:
Fri Feb 20, 2015 8:23 pm |
|
That definitely looks like cryptolocker which is a nasty breed of ransomware. It would not shock me is that came with a variant of the Zeus platform known as game over as well. You can get this from dodgy files as well like word docs through a macro based vector.
Can you post up the contents of the text file? Mainly I'm curious what they have to say.
https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
I hope your SO was religious about making backups.... |
_________________
All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر |
|
|
|
|
dwatina
Baiting Guru
Joined: 13 Feb 2010
Posts: 7164
Location: Home of the Orangemen! Friends call me Doc
|
| Posted:
Fri Feb 20, 2015 10:24 pm |
|
^^I year 'ya about back-ups. Even though I'm on a Mac--I do two complete backups every weekend (i.e., complete clones of my system). One to my 2nd internal drive, and the other to a firewire drive.
I use "Super Duper" for the Mac and the smart update--so it takes less than two hours total to do both clones. |
_________________
Support bacteria. It's the only culture some people have. (my quote--not a lad's)
*****
x97 [I lost count years ago and don't keep track anymore]
x3   
<a href="/forum/donate.php">[Click here to donate to 419Eater.com]</a>
x3 : Femmy Bait w/Team Femmy |
|
|
|
|
huskywowzer
Master Baiter
Joined: 03 Jan 2015
Posts: 204
Location: Where The Baiters Bait
|
| Posted:
Sat Feb 21, 2015 3:48 am |
|
You could always try wiping the computer fully and reinstalling Windows. Or you can install Ubuntu Linux from a USB drive. I had to do that with my last Ransomware virus. They are nasty buggers, aren't they? |
_________________
"SIR,I HAVE VIEW THAT THE WESTERN UNION SLIP YOU ATTACHED IS FORGED AND NO PAYMENT WAS MADE.THANKS FOR YOUR CO-OPERATIONS AND CONGRATULATIONS." -JONAH OTUNLA
" i can't waste my time again over to you what hell are you talking about." Mr. William Betha
"You are making this whole thing difficult for our chemist" Bill Henderson
"make sure you make the payment as soon as possible for the Great Gugaga isn't that patient with new members." Illuminati Scammer
"I will be jailed for criminal activities, I am a knight in my church" - Clint
x10 x20 x3 x4 x8 x2 x2  x2 x3 :flag_haggis: x2 misc. domains (no location) x7 |
|
|
|
|
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
| Posted:
Sat Feb 21, 2015 8:03 am |
|
| Joker wrote: |
That definitely looks like cryptolocker which is a nasty breed of ransomware. It would not shock me is that came with a variant of the Zeus platform known as game over as well. You can get this from dodgy files as well like word docs through a macro based vector.
Can you post up the contents of the text file? Mainly I'm curious what they have to say.
https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
I hope your SO was religious about making backups.... |
No she hasn't made a lot of backups she's a teacher and a lot of her university stuff is gone.
She gets her laptop back after this weekend. I will post try to post the txt but i can't do anything until then. We are still wondering how she got the virus |
_________________
www.microsoft.com
|
|
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13579
Location: In self-isolation practicing social distancing
|
| Posted:
Sat Feb 21, 2015 8:07 am |
|
^^^Does she ever get sent files by her students? |
_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
x 5
x 335 🚽
x 4 x 1746 x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
|
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
| Posted:
Sat Feb 21, 2015 8:09 am |
|
No. that's the first thing I asked. She said she didn't open any attachments |
_________________
www.microsoft.com
|
|
|
|
|
Joker
*** BANNED ***
Joined: 26 Jul 2012
Posts: 1116
|
| Posted:
Sat Feb 21, 2015 7:41 pm |
|
Downloads, attachments, dodgy videos.... all par for the course with malware these days. There is a reason I say it probably came with the Game Over variant of Zeus. They tend to bind that to files on the web and on other people's computers. Start doing file sharing in the office and it gets spread like wild fire.
The malware operator sits there figuring out how to monetize his infected bots. If he can't spy and collect financial details (bank, CC, paypal, etc), they load CryptoLocker on the computer and hold it for ransom.
You can ask yourself what the attack vector was but these days, it really is boiling down to multiple with many malware operators very happy to sit back quietly for months at a time working nothing but spreading their gear. Once they feel they have a sufficient spread they hit the oldest infections not giving them financial data or already bled off of that data with stuff like this, while working newer infections to gain further coverage as they spread.
Don't beat yourself up over that one. It's seriously gone down to a very scary level these days. |
_________________
All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر |
|
|
|
|
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
| Posted:
Wed Feb 25, 2015 9:16 am |
|
Well the computerguy was able to delete the virus. But the documents are still encrypted  I don't know what the name of the virus was
We had a huge argument about this shit. Because 7 years of work is gone. Part of a book she was writing. wordfiles of a lawsuit. And stuff from university. |
_________________
www.microsoft.com
|
|
|
|
|
Slightlyoutofit
Baiting Guru
Joined: 13 Feb 2007
Posts: 14309
Location: Foraging for Nuts.
|
| Posted:
Wed Feb 25, 2015 9:53 am |
|
She better have kept those wheelie bin photos or there'll be trouble. |
_________________
    
  
God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole |
|
|
|
|
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
| Posted:
Wed Feb 25, 2015 9:55 am |
|
Do not worry I keep anything wheelie bin related on my own computer. |
_________________
www.microsoft.com
|
|
|
|
|
Fryer
Baiting Guru
Joined: 15 Mar 2008
Posts: 2670
Location: Global Computer Mega Cafe
|
| Posted:
Wed Feb 25, 2015 9:10 pm |
|
| Klaasvaak wrote: |
| she's a teacher and a lot of her university stuff is gone. |
University networks = very scary!!
A bunch of kids who know very little about computing tied together via a mostly open configuration.... |
_________________
 x 710 x N x 2 Click here for a Sure Fire Pith Helmet Modality
YOU ARE A MOTHERFUCKER SCUMBAG AND AN EMPTY VESSEL
FUCK YOU AND YOUR ENTIRE FAMILY . YOU ARE SATAN. YOU ARE ANTI-CHRIST
guy nawaaa for you oooh |
|
|
|
|
Joker
*** BANNED ***
Joined: 26 Jul 2012
Posts: 1116
|
| Posted:
Wed Feb 25, 2015 11:18 pm |
|
^ I would agree there. My university network was definitely a scary place as it was a tech uni. Aside from the crazy bastards in the computer science/engineering wanting to "test" ideas and an open university standard that encouraged the "hacker mentality" (if you want to go all Anonymous and media driven with the definition of that screw you as I am talking old school dev.... not this skid shit). Throw on the import students who I am sure were installing malware onto uni lab computers to sell off login credentials to their buddies back home.... yeah uni computers and networks are a scary place. 
Flash drives are another angle. Plugged into an infected computer, they write a "spread file" to the drive and any computer that it gets plugged into... done deal. As someone said at an IT security conference once:
"You don't want me freely plugging my flash drive into your computer. You don't know where it has been, but I do." |
_________________
All warfare is based on deception - Sun Tzu, The Art of War
لئيم كافر |
|
|
|
|
Klaasvaak
Baiting Guru
Joined: 11 May 2004
Posts: 2163
|
| Posted:
Thu Feb 26, 2015 8:23 am |
|
well i've been reading about the Game over Zeus thing last few days, and thats some scary shit. |
_________________
www.microsoft.com
|
|
|
|
|
Nanny Ogg
Baiting Guru
Joined: 19 Mar 2007
Posts: 2628
|
| Posted:
Thu Feb 26, 2015 1:34 pm |
|
That looks a nasty virus. I've had to remove ransomwarefrom one of my student offsprings laptop. Think it was that euro/metropolitain police one.Grrr.
Touch wood things have improved since I upgraded and installed Malwarebytes Premium, its been worth the money, you can install the Premium on up to 3 computers.
Through experience Ive learnt to back up files, upload precious pictures to flickr or picassa or even email myself important documents/pictures/files |
|
|
|
|
|
windypops
Baiting Guru
Joined: 25 Jan 2005
Posts: 6059
Location: Planet X
|
| Posted:
Thu Feb 26, 2015 3:56 pm |
|
| Klaasvaak wrote: |
| Well the computer guy was able to delete the virus. |
The virus code would also include the encryption algorithm. If it's not on board you may never be able to decrypt the files as the key is missing.
*Edit to add* If the files are locked, you'll have to brute force them open first before even starting to unscramble the contents. |
_________________
"No amount of semen donation will save this situation" Sanny Sanny
"We must disagree to agree" Raji Musa
If it's LADS you want. GoTo: http://www.yopmail.com/
and sign in with either ladmail or kentbrockman
 |
|
|
|
|
|
|
SmartFeed
