Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

Recent Posts

Pages: [1] 2 3 ... 10
Malware Removal Questions and Guides / Re: .java ransomware
« Last post by Execute on Today at 10:43:33 am »
Hello @BurakNuman

Actually, this looks like a copycat and more of a BTCWare or GlobeImposter variant,
much like the previous copycat which used .Wallet (a Dharma extension) :
.Wallet Files Virus Removal – Restore Data

You can try to recover files using the methods described at the end of the article or try these 2 decryptors outright:

Best Regards,
Malware Removal Questions and Guides / Re: badbios is real
« Last post by Execute on Today at 09:46:22 am »
Hello @checkmymac!

We at SensorsTechForum have heard about this airgapped malware.
We are not surprised it is still finding a way to infect computers.

One of its (known) distribution methods observed by Dragos Ruiu, who reported it back in 2013 is indeed with USB flash drives. Maybe that's how you got infected (your USB was on an infected PC and then connecting it to your own computer, the malware spread.) As reported by Dragos, doing a clean reinstallation of your computer should help, while not using any USBs for a while. Try that if you haven't done it by now and see if you still have the problem.

Your claims that its somebody's job to disrupt PCs might be true, but sounds more like a conspiracy theory. They (the people behind the virus) might just be blackhat hackers behind it (as in more than 1), or a really clever person who likes to do such stuff.

It will be interesting to see some screenshots or videos about it, so you can share such media if you'd like.

Kind Regards,
Malware Removal Questions and Guides / .java ransomware
« Last post by BurakNuman on March 18, 2018, 08:05:19 pm »
15.03.2018 one of my clients has been infected with a new kind of Dharma/Crysis and it seems  like there is no decryption method or application available.
Malware Removal Questions and Guides / badbios is real
« Last post by checkmymac on March 17, 2018, 12:31:46 am »
i have your "bad bios" problem on my laptops  (pc)  smartphones (iphone huawei) and macbookpro and my ps3 and xbox360 ... its a crazy harrassment piece of memory remote airgapped malware...

it is more a spying tool than a hacking malware and it has nothing to do with the nsa because i live in france and all my devices are remotely controlled

i dont receive some of my emails

i receive my sms with some delay

sometime i have no internet

my softwares are not launching my cursor is moving by itself some unknowns audio files are playing by themselves too

a software  of 10mo can take  10 min to come on the launchpad and i have a ssd...

someone is playing with me and its not a civilian and its 24H on 24H

dragos never understood but it wasnt a lonely hacker who was behind his problems

 this is a kind of very sophisticated malware

it is made to destruct your electronic digital life

i will make you some movies    

   they cant stop playing with me it is their jobs...
So, we have to wait....

Afraid so... such is the case with most ransomware viruses. The article will be updated if there is a free decryptor and we will notify you in case of any new developments revolving around the ransomware.

Kind Regards,
So, we have to wait....
Malware Removal Questions and Guides / Zenis ransomware targeting companies
« Last post by Execute on March 14, 2018, 03:28:41 pm »
A new ransomware threat has been hitting companies in the last 24 hours. The author calls himself "ZENIS" and malware researchers have dubbed the ransomware "Zenis" accordingly. The ransomware encrypts files and changes their names by using both a prefix and an extension, which are custom. The extension is randomized code made of base64 characters.

You can read more about the Zenis ransomware from the following article:

Zenis Ransomware Removal – Restore Zenis- Files

The price for file recovery may differ between individual user victims and companies hit by the malware. Victims should not pay, unless they are in a critical situation as a decryptor may be found in the near future.

Hello Piotr,

it is indeed an updated version of the Dharma/CrySiS ransomware virus. It uses the same extension (.java) as the variant in this article:

.java Files Virus (Dharma Ransomware) – Remove and Restore Files

The difference is in the code and the emails given for contact - which are also used as the extension of encrypted files. That's why Rakhni Decryptor doesn't recognise them. Maybe in the future their decryptor will work, but ransomware is ever-changing and this is one of the few ones which is without known flaws in its encryption process.

Unfortunately, there is not much you can do.
You could remove the virus with a security program, reinstall your OS, backup the most important files somewhere in case a working decrypter version surfaces in the future...

Otherwise, you will just have to wait.

Best Regards,
I got encrypted disk, and all files have a names like this:

Code: [Select][[email protected]].java
Looks like new version of Dharani/CrySiS ransomware. But rakhnidecryptor from Kaspersky does not recognise and can not decrypt such files. Any idea what I have to do?

If necessary I will send sample of such file via PM, because It is not possible to attach files with such extension.
I had same trouble few days ago, I rebooted PC then run recovery and update one more time
Info about recovery:
Pages: [1] 2 3 ... 10