You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - jimdays

Pages: [1]
1
Thank you for the info on the tor browser. I went on a public computer to find another gandcrab ransomware (on pirate bay) to see how they would negotiate the price. It started out at $500 and they accepted my offer of $300. The screen then updated to $300. Then I offered $100 and they said *uck you and banned further chat. (see below screenshot). I suppose they will only spend not more than 15 seconds on the chat before they ban you. There is money to be made from somebody else.

2
Thank you for the response. Couple other questions:
1) You said tor browser is used because it doesn't store personal data. My question is, why doesn't a regular browser even work ( I tried Chrome/firefox/IE and it didn't work) to be able to go to the person's ransom amount page? (I was able to see the person's ransom amount page with tor browser). Is Chrome/firefox/IE just not able to resolve certain categories of internet addresses?
Here is the person's ransom amount page (posted in bleeping computer public forum):
http://gandcrabmfe6mnef.onion/60a5301a365e6aee
I went to that page a couple days ago with tor browser and was able to see his ransom amount page but I couldn't get to it with regular browser.
2) Do you have any idea what percentage of time (using the chat function in ransom amount page) the victim is able to negotiate a lower ransom amount?  Like, for example, negotiate from $600 to $300?

3
Thank you for unbanning me. I have one more question. The computer I have is Windows 7 netbook. It has a hidden partition that can be used to restore the computer (erase everything and re-image from the hidden partition). Do you think the hidden partition got affected by the Gandcrab 5.0.4? In other words, if I were to use that hidden partition to restore the computer, would that work OK? I don't have any plans to do that (because the computer seems to run fine now), but I want to know for future reference.  Malwarebytes free version is constantly showing zero virus/malware on the computer. Oh, one other question. I was looking online for other people that got gandcrab  and somebody posted the ransom screens (unfortunately I  deleted all my encrypted files (about 2000) with ransom info before I had a chance to look at them). The screen (posted) said you need to use a tor browser to see the ransom amount and how to pay. I used a regular browser ( on that person's posted info) and that didn't work. I downloaded the tor browser and I was able to see the ransom amount ($600) that just increased to $1200 because he didn't pay by the deadline. Also there was a chat function (now made inoperable until payment received) presumably to negotiate a lower price, and there was detailed but simple info on how to pay. My question is: why didn't the regular browser lead me to the ransom amount screen? What is so special about the tor browser that it is necessary to use it to see the ransom amount screen? In that chat function, are people typically able to negotiate a
lower ransom, say $300 instead of the initial $600?

4
I registered and posted on this forum yesterday about Gandcrab that I got. After I posted the message, I wanted to browse the forum, but I got message that I was banned permanently. I logged out and tried to read the forum, but it said that guest was banned permanently. Can you recover the message I sent to you and post it? I didn't post anything against the forum rules, so I shouldn't have been banned. It must be some mistake. 

5
Malware Removal Questions and Guides / I got Gandcrab 5.0.4, have questions
« on: December 01, 2018, 02:06:21 am »
I downloaded a fake software from pirate bay. (This particular software now seems to be deleted from pirate bay). The exe showed a lot (about 3/4) of positives on Virus Total, but I clicked on it anyway. The computer was immediately infected. Documents, pictures, music, etc all encrypted and with file extension oldsb-decrypt.
I used Malwarebytes free and it found and deleted several hundred files. I ran Malwarebytes several more times and getting 0 infected files, although one time got two infected files. I did a Windows search and it found over 2000 files with name oldsb.
I deleted all 2000 files.  I don't care about my files because everything is backed up. Many infected files were on c/users
I noticed my Windows sample music ( like Beethoven) are gone and also Windows sample pictures are gone. The computer seems to run fine, maybe even faster than before.
I manually deleted a few other files on c/users that seemed to have any reference to the virus. I found one image, see below (that shows name of ransomware) I think I'll keep as a souvenir.
My questions are, do you think the computer is OK now? Where can I look in my computer to find any other files that are related to the virus?
Besides losing Windows sample music and pictures, what other differences will become evident after I deleted the 2000 infected files? So far, I can't see any problem with operation of the computer.

Pages: [1]