Title: trojan extortioner Post by: andresem on May 12, 2017, 03:09:49 PM Today I got a trojan extortioner.
In the last two days I did not download, except movies on torrent and visited only to Poloniex and Bittrex. I still do not understand, where the trojan came from. Quickly worked my antivirus so it encoded about 20 files. So I was lucky. https://i.imgur.com/PMXq9Tz.png https://i.imgur.com/L75dLnt.png It creates files in folder programdata and windows, including the .bat files https://i.imgur.com/5nTb4eR.png https://i.imgur.com/NyBe4x7.png https://i.imgur.com/0ZQWhJU.png Here are the logs of NOD32 Code: Bpeмя;Moдyль cкaниpoвaния;Tип oбъeктa;Oбъeкт;Bиpyc;Дeйcтвиe;Пoльзoвaтeль;Инфopмaция;Xэш;Пepвoe пoявлeниe здecь Title: Re: trojan extortioner Post by: Lauda on May 12, 2017, 05:47:37 PM This is ransomware, and you're not the only one who is infected by it:
http://hexus.net/tech/news/software/105655-ransomware-wanna-decryptor-causing-it-failures-across-nhs/ This just shows how bad the IT departments in the UK hospitals truly are. Title: Re: trojan extortioner Post by: andresem on May 13, 2017, 09:12:00 AM This is ransomware, and you're not the only one who is infected by it: http://hexus.net/tech/news/software/105655-ransomware-wanna-decryptor-causing-it-failures-across-nhs/ This just shows how bad the IT departments in the UK hospitals truly are. Well, it's not only UK On the Russian-speaking kaspersky forum, I see messages from kazakhstan, Uzbekistan, Russia, and Ukraine. According to data malwaretech, more than 110,000 computers worldwide are already infected. detail: https://intel.malwaretech.com/botnet/wcrypt (https://intel.malwaretech.com/botnet/wcrypt) Title: Re: trojan extortioner Post by: steampunkz on May 13, 2017, 09:29:31 AM Today I got a trojan extortioner. In the last two days I did not download, except movies on torrent and visited only to Poloniex and Bittrex. I still do not understand, where the trojan came from. Quickly worked my antivirus so it encoded about 20 files. So I was lucky. https://i.imgur.com/PMXq9Tz.png https://i.imgur.com/L75dLnt.png It creates files in folder programdata and windows, including the .bat files https://i.imgur.com/5nTb4eR.png https://i.imgur.com/NyBe4x7.png https://i.imgur.com/0ZQWhJU.png Here are the logs of NOD32 Code: Bpeмя;Moдyль cкaниpoвaния;Tип oбъeктa;Oбъeкт;Bиpyc;Дeйcтвиe;Пoльзoвaтeль;Инфopмaция;Xэш;Пepвoe пoявлeниe здecь Sir I think you got this malware on downloading torrent files? Did you download the movies in the piratebay.org? If yes.. Then the malware really came from there. I have experience twice downloading malware but not that strong. The malware that I downloaded automatically installs Pop-up Advertisement even if your not using Internet browser, the Pop-Up ads shows every 3 minutes. I use Antivirus but still not working. So the only thing that I can do is to format my Desktop. I'm Glad that our country is not affected by that malware. Title: Re: trojan extortioner Post by: Lauda on May 13, 2017, 09:38:02 AM Sir I think you got this malware on downloading torrent files? Did you download the movies in the piratebay.org? If yes.. Then the malware really came from there. No. You do not need to download anything to get this ransomware. There is an exploit that was discovered and used by the NSA, which can infiltrate Windows systems via SMB: https://en.wikipedia.org/wiki/Server_Message_Block.I have experience twice downloading malware but not that strong. malware is the general term and not specific enough for this.The malware that I downloaded automatically installs Pop-up Advertisement even if your not using Internet browser, the Pop-Up ads shows every 3 minutes. That is adware.I use Antivirus but still not working. So the only thing that I can do is to format my Desktop. I'm Glad that our country is not affected by that malware. It looks like you are not experienced with IT and shouldn't post about this at all (hence:"Stop shit posting and do research first.").Well, it's not only UK I did not say that it was limited to the UK, I just linked one of the first and major articles about it. It looks like someone has managed to shut it down (or at least that's what some sources claim) by registering a domain which is actually a kill-switch built into the ransomware. On the Russian-speaking kaspersky forum, I see messages from kazakhstan, Uzbekistan, Russia, and Ukraine. According to data malwaretech, more than 110,000 computers worldwide are already infected. detail: https://intel.malwaretech.com/botnet/wcrypt (https://intel.malwaretech.com/botnet/wcrypt) Title: Re: trojan extortioner Post by: andresem on May 13, 2017, 09:42:06 AM Sir I think you got this malware on downloading torrent files? Did you download the movies in the piratebay.org? No, I download torrent from Russian site.I download more than a month from there and there were no problems So I strongly doubt, that this is due to torrents. Title: Re: trojan extortioner Post by: Lauda on May 13, 2017, 09:43:46 AM So I strongly doubt, that this is due to torrents. I just explained the reason to you. Read my post:There is an exploit that was discovered and used by the NSA, which can infiltrate Windows systems via SMB: https://en.wikipedia.org/wiki/Server_Message_Block. It affects most if not all versions of Windows. You don't need to download anything to get infected. Read more about said tools: https://wikileaks.org/ciav7p1/Title: Re: trojan extortioner Post by: andresem on May 13, 2017, 09:55:35 AM So I strongly doubt, that this is due to torrents. I just explained the reason to you. Read my post:I did everything, that me advised on antivirus forums I blocked ports 445, 135, 155 and installed updates MS17-010 from Microsoft |