You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Execute

Pages: 1 ... 4 5 [6]
76
It's time to cheer! TeslaCrypt has been finally defeated!

This is the MASTER decryption key, that the malware creators released:
440241DD80FCC5664E86198DB716E08CE627D8D40C7EA360EA855C7EA360AE885C727A49EE

It has happened, because of the valiant efforts of researchers from ESET and other ones,
but it is unknown if there might be another, tougher ransomware released. (Let's hope not!)

You can now decrypt files encrypted by any variant / version of TeslaCrypt Ransomware
(.ccc, .vvv, .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .xxx, .ttt, .micro, .mp3 or with no extension).

In the related article http://sensorstechforum.com/teslacrypt-master-decryption-key-available/,
you can find more information about how to decrypt your files and about what tools you can use in order to do so!

77
Gaming Malware / CryptoHitman Ransomware with a 'Hitman' theme
« on: May 12, 2016, 05:05:04 pm »
Jigsaw ransomware has been rebranded and now has a new name, extension and screen message.

The new variant is called CryptoHitman and its name is based off the Hitman characters from the video game series of the same name. It is not excluded to be spread through crack executables for famous games like MM Locker did. It would make sense as SquareEnix also has games which are protected with Denuvo protection and they are the publishers of the Hitman game series.

You can read more about CryptoHitman in the blog article about how to Remove CryptoHitman Ransomware.

Best Regards,
Execute

78
Gaming Malware / Far Cry Primal cracks spread MM Locker ransomware
« on: May 11, 2016, 12:27:01 pm »
The MM Locker ransomware encrypts files with the .locked extension.

There is a rumor going on around the Web, that this ransomware can enter a PC when a user downloads a "crack" for a game. The crack executables are being advertised around video sites like YouTube to gain popularity. They are not for just any game, but for big well-known AAA titles. One example is Far Cry Primal with the FCPrimal.exe file.

Far Cry Primal is one of the games that have Denuvo protection. In other words - they are not cracked - everything that is presented as a "crack" is fake (and probably delivers ransomware as this case here). Besides, pirating games is illegal in the first place.

You can read more about MM Locker in the blog article: MM Locker Ransomware Spreads via Far Cry Primal Cracks.

If you have been infected by the ransomware, you should read the article for more information and to learn how you can remove the virus.

Best Regards,
Execute


79
EasyDialSearch(.)com is the website of a browser hijacker.
It will change your browsers' settings - the homepage, new tab setting, and the search engine.
An associated program is available on the Google Web Store.
Easy Dial is the name of that program as well.
If you attempt to install it, an auto download will trigger with a file package.
The package is with a .crx extension with a size bigger than 15 MB.
Very unusual for a program, and that file can contain anything from Easy Dial to malware.

--> For more information about the unwanted application, refer to this article.

--> For a detailed guide on how to remove the EasyDialSearch(.)com hijacker and all of its files, watch this video.

N.B.!
This is an open forum topic. You may ask questions or anything about EasyDialSearch(.)com Browser Hijacker.
You may also share if you found something new related to it. We will try to aid you in the best way we can.


80
There is a solution found for the MBR-locking ransomware, Petya.

Even if your files were encrypted, a researcher has made a tool which founds the needed password.
The tool comes for several operating systems in binary files (simple double click executable applications).

You can find more information on this in the article here.




81
Malware Removal Questions and Guides / Remove Salam! Ransomware
« on: April 07, 2016, 03:56:34 pm »
Salam! Ransomware struck Lithuanians a few days ago, and this ransomware is continuing to spread.
In the picture below you can see the window that is generated with the ransom payment instructions:



The ransomware creates a .dll file - %APPDATA%\tribologists.dll, which helps it grow, after it has infected a computer.
The file should be detected by most anti-malware programs, but there might already be other versions with the .dll file having different names and sizes.

For the moment there is no known way to decrypt encrypted files, but you should try data recovery tools.

This topic is open for everyone to comment, share experience, ask for help, etc.
What do you know about this ransomware? Do you think it will spread across the World like others?


82
PC Tips & Tricks / Helpful Tips about Ransomware
« on: March 15, 2016, 09:26:53 am »
I decided to start a topic about useful tips on ransomware.

Things that can help you prevent such an infection that encrypts your files,
and things that can help if something unfortunate like that already happened.

Tip #1: If you see that a ransomware is in the process of encrypting your files, shutdown your PC as quickly as possible from the Power button.

Tougher ransomware viruses usually delete their key.dat file from your HDD/SSD,
that is used to encrypt your files, after the encryption process is 100% finished.

If you are successful and interrupt the encryption process, it is very likely that
you will still have the key.dat file with which you can decrypt ALL of your files.

Everybody is encouraged to contribute with tips that he/she knows about ransomware viruses. You can share ideas and thoughts too!

EDIT: It might be a good idea to keep a few files on your desktop - like documents and pictures with 1-2 different extensions (just in case).

83
Malware Removal Questions and Guides / Google Redirect Virus
« on: November 24, 2015, 11:17:29 am »
The Google Redirect Virus is still lurking around the Web, and is infecting more and more people.
It is a dangerous virus, because it hides in a compromised computer for long periods of time. It observes browsing activities and inserts scripts into search engines - mainly Google, but also Yahoo and Bing. The virus has other names like: Yahoo Redirect Virus, Bing Redirect Virus, Happili Redirect Virus, Nginx Redirect Virus. So, when using such engines, instead of clicking to see a search result generated from your search query, you are being redirected to sites with malicious content and other suspicious sites. Reports show that the redirects lead mostly to these sites:
  • search.babylon.com (One of the most famous browser-hijacker-related search engines).
  • livejasmin.com (Ad-supported online adult website).
  • adf.ly (A legitimate ad-supported service that can be exploited via malvertising).
  • neatsearchserver.com (has known associations with the ZeroAccess rootkit).
This threat is still out there, infecting more and more computers, silently. There are a number ways of getting infected, but the most common ones are by opening malicious email attachments (without you knowing they are malicious) or by clicking on dubious links (be it out of curiousity or not). It is a big problem, as everybody who was a device connected to the Internet is exposed and everybody uses search engines on a daily basis. Do you know if you are infected or not?

84
There is a new Ransomware Trojan that popped up a few days ago. It is called "hairullah@inbox(.)lv". It is distributed like most ransomwares do - through email attachments with malicious content, aggressive spam or through websites hosting exploit kits.

If you get infected, the Trojan will stay hidden for a while until it scans your system seeking to exploit files with the following extensions: txt, zip, rar, pdf, jpg, msi, iso, xml, inf, dwg, rtf, csv, avi, doc, xlx, db. After such files are found, they will be encrypted with the extension “id-0123456789_hairullah@inbox(.)lv”, where the numbers in the extension may vary. After the encryption the user will be asked to pay a ransom to unlock his files via a message that can re-appear after every restart of the machine.

Some researchers believe that this particular Ransomeware targets files only on a computer’s data storage that have been mapped and assigned a letter, such as HDDs, SSDs, and any removable drives.

Do you know any information regarding this Ransomeware? If you have come across it – with what security software did you remove it and have you somehow managed to get your files decrypted?

85
Cryptowall has become a very devastating ransomware. It encrypts files on your computer and asks for a large ransom to “potentially” get them back via an encryption key. There is no telling that if you pay, all of your files will be restored or that you will be provided with a key, and if that key would work or not.

In Cryptowall 1.0, the ransomeware made a copy of important files and encrypted it, while just deleting the original files. In this way, the original files could be recovered with data recovery tools. Then Cryptowall 2.0 came in, with that restoration ability gone as it also could delete Shadow Volume copies of Windows and system restore points as well. It was also using individual TOR gateways for payment for each user that fells victim to it. By using a private TOR network, the creators can stay hidden from authorities. The RakhniDecryptor.exe and RectorDecryptor.exe from Kaspersky are tools that could be used in order to decrypt at least some files, although those tools were made specifically for other ransomware Trojans.

Cryptowall 3.0 - the latest version, encrypts your files using a mixture of RSA and AES encryption, which can be “unlocked” only by a private decryption key that only the creators of the ransomware know. The RSA cryptosystem used in Cryptowall 3.0 may vary from 1,024 to 4,096 bits, and the 256-bit length of the AES key used, makes the encryption so strong that it can take literally billions of years to brute-force all the possible variations of the decrypting key with a super-computer. It would take 1 billion years to crack a 128-bit encryption key with a super-computer, experts say. Also, the AES algorithm encrypts files many times – the more bits it is, the more times it encrypts a file. Not to mention that some users report that Cryptowall 3.0 uses Chinese characters – modern Chinese contains more than 3,000 symbols in its alphabet, so any attempt to crack the code seems really infeasible.
Here is our article about Cryptowall 3.0 -  http://sensorstechforum.com/remove-cryptowall-3-0-and-restore-the-encrypted-files/#comment-16407.

You can remove the dreadful virus with an advanced anti-malware program, but most of your files might remain locked. So far, there is no real solution found to help decrypting files of the victim users. The ransomware is built by people, so there might be a weak-link to be found somewhere.

Do you have any ideas? What do you think should be done? What methods have you tried and what have you done to prevent such an attack from happening?

86
Internet and Networking Security / Which is the Most Secure Browser?
« on: October 08, 2015, 05:25:39 pm »
I have used plenty of browsers with many different features. The question about internet security arises. Which browser is the most secure?
There are a few things to consider here - how much time does it take to patch vulnerabilities; does the browser block ads and/or has virus and malware scan integrated in it; does it track your personal data and if so, what kind and how, e.g. cookies...
In this article, we have covered some pretty interesting facts about the most popular browsers: http://sensorstechforum.com/which-is-the-most-secure-browser-for-2015-firefox-chrome-internet-explorer-safari/
So I have found out what time does it take for the most popular browsers to change their code, in order to patch vulnerabilities and exploits:
  • Google Chrome - up to 15 days
  • Maxthon Cloud Browser - up to 15 days
  • Mozilla Firefox - up to 28 days
  • Internet Explorer - up to 30 days
  • Opera - up to 48 days
  • Apple Safari - up to 54 days
Less used browsers such as Opera and Safari may need a longer time to update their code, but usually less vulnerabilities and exploits have been discovered for them in general.

WhiteHat Aviator, SRWare Iron and Maxthon have an Ad-blocker integrated with their default installation.
Google Chrome, Mozilla Firefox, Comodo Dragon and many others have an option to add an Ad-blocker as an extension, but also incorporate some basic virus protection for files downloaded.

Unfortunately, all above-mentioned browsers use cookies to track data in some way, to be supported by ads in order to provide a free service and so on. Anonymity on the Internet is pretty much gone, but it can be achieved through the browsers Tor and WhiteHat Aviator as they have the most features related to it and to me they can be considered as the most secured browsers.

What do you think? I am interested to see your comments on the matter!  8)

87
Windows 7 / Suspicious Windows 7 Update
« on: October 01, 2015, 06:23:22 pm »
Yesterday, some really weird and suspicious Windows 7 update showed in my Windows Update agent.
The update is listed as important, yet it failed to install once and after that it couldn't go through at all.
No information was attached to the update's "More Information" section, since it was all in scrambled letters...
You can get a glimpse of the weird symbols, from my update log:
______________________________________________________

gYxseNjwafVPfgsoHnzLblmmAxZUiOnGcchqEAEwjyxwjUIfpXfJQcdLapTmFaqHGCFsdvpLarmPJLOZYMEILGNIPwNOgEazuBVJcyVjBRL

Download size: 4.3 MB

You may need to restart your computer for this update to take effect.

Update type: Important

qQMphgyOoFUxFLfNprOUQpHS

More information:
https:// hckSLpGtvi.PguhWDz.fuVOl.gov
https:// jNt.JFnFA.Jigf.xnzMQAFnZ.edu

Help and Support:
https:// IIKaR.ktBDARxd.plepVV.PGetGeG.lfIYQIHCN.mil
________________________________________________________________________

At first I thought that this could be a Windows 7 exploit of some sort. Fortunately, I thought wrong.

After a 12 hour, almost nerve-wrecking, wait upon any official news about the subject, an answer came in.
A Microsoft spokeperson said the following:
"We incorrectly published a test update and are in the process of removing it"

I was sort of relieved after hearing the news, but, alas, still kind of troubled by this. Why did it take so much time for an answer?
Is Microsoft hiding something? Are their operating systems compromised, or at least were compromised temporalily?
What are your thoughts on this? Did you witness the update's misshaps with your own eyes?
Has something like this ever happened to you and do you feel safe after this?

88
I found this program to be very useful and time efficient. It is called Display Driver Uninstaller (DDU).
It currently supports only Windows OS (from Windows XP to Windows 10), but it can clean old video card drivers from brands such as nVidia, AMD, Intel and SurfacePro 3;D
It also cleans their leftover items such as registry entries, driver versions in the system folders (like the Driver Store) and also creates logs of files it has removed (mainly, some registry entries)!
It saves a lot of time and manual work and many errors can now easily be avoided with it!

What is your experience with video drivers? How hard it was for you to completely remove them from your system?
What other issues have you come across by trying to uninstall them properly?
What other issues have you found that video drivers can cause?

Do you know any noteworthy tips and tricks about dealing with bad video drivers??

89
Web Browsing Practices / Is Maxthon Web Browser Safe?
« on: September 30, 2015, 12:19:38 pm »
No matter if you have used the Maxthon browser before or not - do you feel safe browsing with it? Do you find it trustworthy? Why?

Also, what features have you found useful? Anything that can make it safer? I see it has a feature for clearing private data and browsing history in the Settings menu. All that data should be stored on a user's computer, but at the same time it is a cloud browser? Is any of that data stored in the cloud? What do you think and what have you found about the matter? ??? I am also not sure about what happens when you download files through it - does the browser has any anti-virus or anti-phishing scanner inbuilt?

Share your opinions and experience below.

90
Web Browsing Practices / Maxthon Web Browser
« on: September 29, 2015, 04:08:43 pm »
The Maxthon browser has been around for quite a long time now – more than 10 years. If you still haven’t heard of it, now is a good time. It has a lot of nifty features and half of them are either not found or tend to be ignored in other browsers.

Maxthon is a multi-platform cloud browser and offers support for Windows, Mac OS X, Linux, Windows Phone, iOS and Android. It offers a great synchronization between these operating systems and different devices. Maxthon stands out for its cloud services like Cloud Push and Cloud Download, which, respectively, let you send data to other devices (even over SMS) and save Web downloads to cloud storage instead to your computer.

The browser supports HTML5 in a unique way, combining both the WebKit and Trident rendering engines, which can be switched between via its Ultra and Retro modes. This is a very clever implementation as it serves the purpose to render and load any Web pages over the Internet and both layout engines are not found together in any other browser.
Maxthon has standard extension like other browsers – Favourite Bookmarks, Tabs, Pop-Up Blocker and using a master password for multiple sites. But, it also has other unique and very useful features included with its installation – AdBlock Plus, Mouse Gesture and Multi-Search.

AdBlock Plus is a great filter that blocks ads using both images and flash. The Mouse Gesture feature can be used to navigate through the internet by moving the mouse in patterns and giving commands that way such as Forward, Back, Refresh or even Hide. The Multi-Search allows you to search the Web for keywords via multiple search engines at the same time, also being able to choose how many, and which engines to include.

Many users report that Maxthon runs smoothly on different devices, cross platforms. Also, that it uses less memory and is faster than other browsers they have used.

If you haven't used this browser before, you can give it a go and share your first impressions of it below! :)

Pages: 1 ... 4 5 [6]