EXTREME Overclocking Forums
Home | Reviews | Forums | Downloads | RealTime Pricing Engine | Folding Stats Contact Us


Go Back   EXTREME Overclocking Forums > Software Discussion > Antivirus & Spyware

Welcome Guest Visitor! Please Register, It's Free and Fun To Participate!
The EXTREME Overclocking Forums are a place for people to learn how to overclock and tweak their PC's components like the CPU, memory (RAM), or video card in order to gain the maximum performance out of their system. There are lots of discussions about new processors, graphics cards, cooling products, power supplies, cases, and so much more!

You are currently viewing our boards as a "guest" which gives you limited access to view most discussions. You need to register before you can post: click the register link to proceed. Before you register, please read the forum rules. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own pictures, and access many other special features. Registration is fast, simple, and absolutely free! To start viewing messages, select the forum that you want to visit from the selection below.

After you have registered and read the forum rules, you can check out the FAQ for more information on using the forum. We hope you enjoy your stay here!

Note To Spammers: We do not allow unsolicited advertising! Spam is usually reported & deleted within minutes of it being posted, so don't waste your time (or ours)!


Please Register to Post a Reply
 
Thread Tools
Old 10-14-2016, 06:18 PM   #1
Mr.PACO
StillTryin4More
Mr.PACO's Avatar
Senior Member
 
Posts: 313
Last Seen: 06-13-2017
Age: 52
From: Florida,NYC & NC
iTrader: 31 / 100%
Ransome-ware

If this was addressed before, I could not find it.

My office pc was hit with a ransom-ware and has encrypted all our doc, files, fotos, etc.
I've tried many many different anti-malware, decryption, antivirus software but none have helped.

IO have no idea of the name n type. Only that it is some form of ransom-ware.

Please if anyone has any insite with this it would be greatly appriciated
Attached Thumbnails
Click image for larger version

Name:	10-14-2016 8-38-53 AM.jpg
Views:	108
Size:	301.3 KB
ID:	172175  
Puerto Rico  Offline
    Register to Reply to This Post
Old 10-15-2016, 02:11 AM   #2
jbmcmillan
OLD FART
Senior Member
 
Posts: 3,891
Last Seen: Today
Age: 63
From: Langley,B.C.
iTrader: 9 / 100%
https://noransom.kaspersky.com/ Try these and see if it helps.
Canada  Offline
    Register to Reply to This Post
Old 10-15-2016, 10:33 AM   #3
BigE4u
Yessss!
BigE4u's Avatar
Senior Member
 
Posts: 5,492
Last Seen: 01-09-2017
From: Texas
iTrader: 50 / 100%
Curious... how does one aquire such ransomware, not that i want it, because im online most of the time, but i dont go looking for free movies/games/programs/videos/music/etc, aka, warez or the like, i also dont open/view spam/strange emails, and my system is clean of such malicious content.
United States  Offline
    Register to Reply to This Post
Old 10-15-2016, 10:48 AM   #4
Mr.Scott
Chief Engineer
Mr.Scott's Avatar
Senior Member
 
Posts: 12,581
Last Seen: Yesterday
Age: 55
From: Spencerport N.Y.
iTrader: 67 / 100%
Mostly from e-mail. Bogus link or attachment.
United States  Offline
    Register to Reply to This Post
Old 10-15-2016, 11:24 AM   #5
Mr.PACO
StillTryin4More
Mr.PACO's Avatar
Senior Member
 
Posts: 313
Last Seen: 06-13-2017
Age: 52
From: Florida,NYC & NC
iTrader: 31 / 100%
Quote:
Originally Posted by BigE4u View Post
Curious... how does one aquire such ransomware, not that i want it, because im online most of the time, but i dont go looking for free movies/games/programs/videos/music/etc, aka, warez or the like, i also dont open/view spam/strange emails, and my system is clean of such malicious content.
Yes it came from a bogus e-mail. My boss said he opened it because it said it came from Fed-Ex. I tried to explane to him that they will not send you a zip file that has to be opened.

Additional Comment:

Quote:
Originally Posted by jbmcmillan View Post
https://noransom.kaspersky.com/ Try these and see if it helps.
Thank you, I have tried that site also. But no go.

All the various Decryptors I have tried ALL say the same thing; must have an uninfected copy of the file in order to decrypt it.

If I had an UNinfected copy of the file I wouldn't need a decryptor.

I was able to recover about 80% of our files from back-ups, but some current financial excel files that were being worked on at the time are presently the most important that I canot seem to get.

And I read that the more you try to fix it yourself, the worse it gets.

Last edited by Mr.PACO; 10-15-2016 at 11:24 AM. Reason: Automerged Doublepost
Puerto Rico  Offline
    Register to Reply to This Post
Old 10-15-2016, 11:30 AM   #6
BigE4u
Yessss!
BigE4u's Avatar
Senior Member
 
Posts: 5,492
Last Seen: 01-09-2017
From: Texas
iTrader: 50 / 100%
Quote:
Originally Posted by Mr.Scott View Post
Mostly from e-mail. Bogus link or attachment.
Figured as much and thanks for the heads up.... i've gotten those a time or two, i just straight up delete them, STAT!
United States  Offline
    Register to Reply to This Post
Old 10-15-2016, 12:25 PM   #7
The Dude
I ❤ 7
The Dude's Avatar
Senior Member
 
Posts: 1,416
Last Seen: Yesterday
Age: 38
From: Pennsylvania
iTrader: 14 / 100%
Only the Admin should have the Admin PW. No One Else. Not even the boss, especially not the boss. (unless he's the admin I suppose )
United States  Offline
    Register to Reply to This Post
Old 10-15-2016, 12:31 PM   #8
jbmcmillan
OLD FART
Senior Member
 
Posts: 3,891
Last Seen: Today
Age: 63
From: Langley,B.C.
iTrader: 9 / 100%
http://blog.trendmicro.com/trend-mic...yptor-updated/
Canada  Offline
    Register to Reply to This Post
Old 10-15-2016, 03:34 PM   #9
Mr.PACO
StillTryin4More
Mr.PACO's Avatar
Senior Member
 
Posts: 313
Last Seen: 06-13-2017
Age: 52
From: Florida,NYC & NC
iTrader: 31 / 100%
Quote:
Originally Posted by jbmcmillan View Post
Will give them a try also come Monday.
Thank you.
Puerto Rico  Offline
    Register to Reply to This Post
Old 10-15-2016, 04:28 PM   #10
AMDGUY
Riff Raff
AMDGUY's Avatar
Senior Member
 
Posts: 3,782
Last Seen: Today
Age: 49
From: Mpls, Mn.
iTrader: 85 / 100%
I hope you get it figured out. I've never had to deal with that luckily.
I wonder why such a weird dollar amount? I had to Google it, $324.93.
United States  Offline
    Register to Reply to This Post
Old 10-15-2016, 06:05 PM   #11
BigE4u
Yessss!
BigE4u's Avatar
Senior Member
 
Posts: 5,492
Last Seen: 01-09-2017
From: Texas
iTrader: 50 / 100%
I remember when this ransomware came out.... started out as an FBI LOCKOUT posting with your picture in top right hand corner, thats if you had a webcam running, and you had to go down to the local CVS/WALGREENS(drugstore) and pay $200 to get it unlocked. lol
United States  Offline
    Register to Reply to This Post
Old 10-16-2016, 09:03 AM   #12
mimart7
Je plie, donc je suis
mimart7's Avatar
Senior Member
 
Posts: 1,817
Last Seen: Today
Age: 51
From: NYC
iTrader: 1 / 100%
Quote:
Originally Posted by Mr.PACO View Post
Will give them a try also come Monday.
Thank you.
We get hit with ransom ware at work every so often. Usually it is the user's machine.

You have to segregate the machine from the rest of the network, otherwise it will infect other machines, servers, etc.

You can go to a backup of the data from before the infection, and restore it.

If there are no backups, then the machine will have to re-imaged.
United States  Online
    Register to Reply to This Post
Old 10-17-2016, 08:02 AM   #13
digitaldd
Blah Blah Blah
digitaldd's Avatar
Senior Member
 
Posts: 3,308
Last Seen: Today
Age: 45
From: Queens, NY,
iTrader: 5 / 100%
I would suggest reimaging the infected system no matter what.
United States  Offline
    Register to Reply to This Post
Old 10-17-2016, 09:23 PM   #14
Spartacus
HULK SMASH!
Spartacus's Avatar
Senior Member
 
Posts: 1,844
Last Seen: Yesterday
Age: 30
From: Austin, Texas
iTrader: 19 / 100%
Any chance you have recovery/system restore points or shadow clones?
I've had luck with some by using that and copying the files off before they can be re-infected.
(you do have to be careful with this because it could be carried to the machine you're copying to)
United States  Offline
    Register to Reply to This Post
Old 10-18-2016, 06:02 AM   #15
thread
Mad Warranty Voider
thread's Avatar
Senior Member
 
Posts: 2,263
Last Seen: Today
Age: 31
From: Melbourne, Aus
iTrader: 1 / 100%
Quote:
Originally Posted by Mr.PACO View Post
All the various Decryptors I have tried ALL say the same thing; must have an uninfected copy of the file in order to decrypt it.

If I had an UNinfected copy of the file I wouldn't need a decryptor.
If the ransomware has used the same key for all the files, the decryptor should only need an uninfected copy of one of the files to figure it out.
Australia  Offline
    Register to Reply to This Post
Old 10-18-2016, 03:20 PM   #16
Mr.PACO
StillTryin4More
Mr.PACO's Avatar
Senior Member
 
Posts: 313
Last Seen: 06-13-2017
Age: 52
From: Florida,NYC & NC
iTrader: 31 / 100%
Was able to recover the more important financial docs and about 80-90% of other stuff.
Dont know how but it disabled the restore, so there was nothing to restore to.
Found the bug n got rid of it. Fortunately only files affected were the ones on the single PC no other ones on the network were hit.
will be checking any/all viable important files n moving em to a separate drive and just gonna do a fresh OS install to be safe.

Thank you guys for all your helpful tips.
Greatly appreciated.

Additional Comment:

Quote:
Originally Posted by thread View Post
If the ransomware has used the same key for all the files, the decryptor should only need an uninfected copy of one of the files to figure it out.
will give it another go, maybe I did or used something wrong the first time

Last edited by Mr.PACO; 10-18-2016 at 03:20 PM. Reason: Automerged Doublepost
Puerto Rico  Offline
    Register to Reply to This Post
Old 10-21-2016, 02:53 AM   #17
PommieB
Overclocker
PommieB's Avatar
Senior Member
 
Posts: 9,988
Last Seen: Today
From: Northern NSW
iTrader: 0 / 0%
Guy's are right, you should back-up the OS drives every so often, decent cloning hardware will back up the OS drive, it's then just a matter of swapping out the OS drive for the cloned drive.

I've been getting nasty emails offering me thousands of dollars, they just want my password of my bank account and my computer so the money can be placed in my bank account, I've been deleting them twice a day for a good six months. I'm beginning to wear them down, only had one so far this week.

Never used to get them with Win8 or 7.
Australia  Offline
    Register to Reply to This Post
Old 10-21-2016, 04:12 AM   #18
mimart7
Je plie, donc je suis
mimart7's Avatar
Senior Member
 
Posts: 1,817
Last Seen: Today
Age: 51
From: NYC
iTrader: 1 / 100%
Quote:
Originally Posted by PommieB View Post
Never used to get them with Win8 or 7.
I don't think it is cause and affect. You just have more criminals sending out spam.
United States  Online
    Register to Reply to This Post
Old 10-22-2016, 10:38 AM   #19
PommieB
Overclocker
PommieB's Avatar
Senior Member
 
Posts: 9,988
Last Seen: Today
From: Northern NSW
iTrader: 0 / 0%
Your probably right, I'd say I had win 8 tied down much tighter and it's been lost on the updates, the change was instant.
Australia  Offline
    Register to Reply to This Post
Sponsored Links:
Please Register to Post a Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:36 AM.

Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
Powered by vBulletin
Copyright ©2000 - 2016, EXTREME Overclocking