You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Execute

Pages: 1 ... 23 24 [25] 26
361
Web Browsing Practices / Re: Maxthon Web Browser
« on: December 30, 2015, 07:17:35 pm »
@Tabeer @James

I have found out that upon installing new versions of Maxthon, it has a Maxthon App Store add-on selected to be installed with it. It's nothing malicious, but you might see a pop-up or two for a promotion they are running - it can be uninstalled as well.

Browser still runs fast as always.

362
Malware Removal Questions and Guides / Re: Remove NewFloder.exe
« on: December 30, 2015, 07:12:33 pm »
@Tabeer, try with another anti-malware program, if MSE is not helping you. And 3-4 days sounds like a lot, I guess this malware is taking some of your computer memory.

Also, as dealing with the registry can get messy, try installing a Registry cleaner also, to see if it can fix the issue.

Did you search for a newfolder.exe process or service? If you haven't - search your PC for that and try to disable and delete it.

Best Regards,
Execute

363
Malware Removal Questions and Guides / Re: Remove NewFloder.exe
« on: December 29, 2015, 10:17:31 am »
Well, Tabeer, it does sound like a malicuous program caused this.

First, do you have an anti-malware program? If you do - run a full scan of your PC.
If you don't - get such a program and scan. In any case, you need such a program at all times, so malware doesn't run wild.

Second, it seems that this malware might have messed up with registry entries
and that would explain why those files are created and keep getting back.

Third, if the anti-malware scan doesn't fix your problem, or you are somehow prevented from downloading such - write back.
I will try to guide you to what you should do next.

You could also go to your Task Manager and see if you have some process running like: "newfolder.exe".

364
Malware Removal Questions and Guides / Re: Remove NewFloder.exe
« on: December 28, 2015, 04:42:18 pm »
NewFloder.exe is an executable file, judging by the extension - don't open it!

What do you mean by "main folder" - C:\Windows ?
The main drive like C:\ ; D:\ ; E:\ (whatever your disk drive letters are...) ?
Оr lots of folders that are main for each program etc. ?

We will need more information, but it sure does sound like malware...

365
Gaming Malware / Re: PC Games
« on: December 23, 2015, 09:53:19 am »
Well, Tabeer,
this is actually a forum about gaming malware and viruses that can be connected to games, or games that come with malware inside their packages if downloaded from suspicious sources.

Advice #1: If you are playing online games, make sure your Adobe Flash Player and Java are updated to the latest version.
Advice #2: If you are going to download an offline game, make sure you do it from an official or reliable source.
Advice #3: You can try 'Karateka' from 2012, it is short, sweet and challenging. Battles are one on one, or on small stages.

All the best,
Execute

366
Hi,

I have the same problem. There is any progress regarding this malware? Did anyone managed already to do/find a solution for decrypt the files?  :( :-\

Regards,

We are still researching the matter. If we find anything that might help - we will share it. We will keep all of you posted.

Best Regards,
Execute

367
Would like to mention how it kept running a process to clear shadow volumes on my mother's computer.

Which ****'d up my NAS.

The key.dat is located in the registry this time.

Do you have access to the "key.dat" file? If it's in the Windows Registry - can you see any information about it? Any "values" in the registry entries?

Also, if there is a registry entry, there should be a file with the same name somewhere. Usually registry files are kept in C:\Windows directory (or where the OS is installed). The bad thing is, that the file might be stored somewhere over the internet with this variant.

If you do find it on the disk of the PC, you should scan it with a security program first. You never know if there is some malware along with .dat files. Then, you should check if you can open the file with Notepad and see if the first line inside can give us more information about it.

Write back with any info.

368
Malware Removal Questions and Guides / Google Redirect Virus
« on: November 24, 2015, 11:17:29 am »
The Google Redirect Virus is still lurking around the Web, and is infecting more and more people.
It is a dangerous virus, because it hides in a compromised computer for long periods of time. It observes browsing activities and inserts scripts into search engines - mainly Google, but also Yahoo and Bing. The virus has other names like: Yahoo Redirect Virus, Bing Redirect Virus, Happili Redirect Virus, Nginx Redirect Virus. So, when using such engines, instead of clicking to see a search result generated from your search query, you are being redirected to sites with malicious content and other suspicious sites. Reports show that the redirects lead mostly to these sites:
  • search.babylon.com (One of the most famous browser-hijacker-related search engines).
  • livejasmin.com (Ad-supported online adult website).
  • adf.ly (A legitimate ad-supported service that can be exploited via malvertising).
  • neatsearchserver.com (has known associations with the ZeroAccess rootkit).
This threat is still out there, infecting more and more computers, silently. There are a number ways of getting infected, but the most common ones are by opening malicious email attachments (without you knowing they are malicious) or by clicking on dubious links (be it out of curiousity or not). It is a big problem, as everybody who was a device connected to the Internet is exposed and everybody uses search engines on a daily basis. Do you know if you are infected or not?

369
As I understand you have Safari on an Apple machine?
If that is the case, try searching for leftover files that have "Mysearch-engine.net" in their name in these directories:
  • /Home/Library/Applications Support/
  • /Library/StartupItems/
  • /Home/Library/StartupItems/
  • /Home/Library/LaunchAgents/
  • /Library/LaunchAgents/
  • /Library/LaunchDaemons/

If your computer is slow, then you might have some other malware on your computer and should scan your PC with an anti-malware program. I recommend Spy Hunter, Malwarebytes or StopZilla. I hope that solves your problem. Write back with feedback and if you have further questions!

370
Anyway, my browser start page is suddenly changed to mysearch-engine.net without asking. I always get new commercial windows when I want to open new tabs or access websites. Besides, the computer slags at times. I Google it on the Windows computer and find posts like describes it as a browser hijacker. It could endanger my private data!!! I follow support.apple.com for main page settings but failed still. To be honest, I have no idea now! Could you please help? Thanks in advance!

Have you tried the solutions provided in the Blog : SensorsTechForum.com/Remove Mysearch-engine.net ? There you can select "Safari" in the removal instructions guide and try that out.

371
You can start Rakhnidecryptor in a command prompt window with parameters:
-h         -> help
-l          -> path and name for the log file
-start    -> value to start from [0;1.000.000] (for you should be 557976)
-end     -> the value where to stop the scan <=1.000.000
I didn't find yet the Password, so I don't know what you should do after.

That is helpful, but not everybody knows exactly how to do that.

First, if someone needs to get information about a log file from a previous RakhniDecryptor scan - they are .txt files located in your SystemDrive directory (the Drive where you have installed the Operating System), usually "C:\" . All logs start with the name "RakhniDecryptor." and are all visible.

Second, in order to start RakhniDecryptor in a CommandPrompt window, so you can write different parameters in it, you need to do the following:
  • Go to Windows "Search" opened from the "Start" button.
  • Type in "cmd" in that search field and press the "Ctrl+Shift + Enter" buttons (at the same time) to open CommandPrompt as an Administrator.
  • Move the "rakhnidecryptor.exe" file into the "C:\" Drive.
  • Go back to Command Prompt, see what directory is written before the blinking lower dash. If it is D:\... or something different than the C:\ drive, you have to change it to only the C:\ letter.
  • To change the directory to C - type in "C:". If it's showing a path like C:\Windows\System32, type in "cd.." as many times as needed, until it is showing only the "C:\" drive letter:
===>

Third, type in Command Prompt the following parameters:
  • RakhniDecryptor.exe -start <number from 0 to 1000000> to start decrypting from a certain value.
  • In test4just's case, it should look like: "RakhniDecryptor.exe -start 557975" (One number before it found the password - if it indeed does scan chronologically)
  • If you want to set where the scan will end - just type "end" instead of "start". "RakhniDecryptor.exe -end 999999" for example. You can type both commands in one line.
Fourth, some optional commands you can type for convenience:
  • A command you can type to specify how many cores of your processor to be utilized, thus changing how much resource the Decryptor uses:
    "RakhniDecryptor.exe –threads <number>";
    If you don't write the -threads and number parameters, the Decryptor should utilize all cores and threads of your processor.
    But if the whole computer is running slow because of it, you can type in 2 threads less then the number of cores you have.
    If you have an 8 core processor, you can type "RakhniDecryptor.exe –threads 6" to see if it helps.
  • Typing "RakhniDecryptor.exe -l <Directory and filename (.extension)>" will save your log files in a Directory and format you want.
    E.g.: RakhniDecryptor.exe -l D:\Log.txt - this will create a file named "Log" with the .txt extension in the D:\ Drive.
    Note: If you type the same command every time without changing the name of the file or its format - there will be only one file which is going to be overwritten every time.

372
@ibn
I am glad that it worked! An external disk is a good prevention method for important files to be locked and I endorse it!  ;)

@xxxnick
Well, Nikos, there are different variants of the ransomware and it seems some variants lock the files with a stronger password. Just wait more, to see if you get lucky in the end. Best of luck!

373
PC Tips & Tricks / Re: How can I test Anti-virus software ?
« on: November 02, 2015, 03:32:19 pm »
That is a really interesting question, Vermon:)

There is a test-file included into the signature definitions of every Anti-Virus program. The file is developed by the European Institute for Computer Antivirus Research (EICAR) and can be downloaded from their official website at eicar.org . With the said file, you can do a test for the two most important layers of defense any Anti-Virus should have:
  • Real-time protection
  • On-demand scanning
The file contains the following, non-malicious, single string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You can re-create the file on your own, without downloading it from the EICAR site. Here’s how to do it:
  • Make a new document on your computer with a text editor like Notepad.
  • Copy and paste all of the characters from the string, that is posted above.
  • Save the file with a .com extension, e.g. "Test.com". You will need to select “All Files” from “Types”,
    at the bottom of the save dialog in Notepad in order to save the file with a .com extension.
If the real-time protection mode of your anti-virus program is working properly, it should automatically trigger an alert with a description “EICAR-test-file (not a virus)”.
You can also manually scan the file to see if your anti-virus on-demand scanning feature is working.

If you are not prompted by either of the features, that means your anti-virus is probably not working properly!!!

374
I am not a tech guru, but can the encrypting/decrypting program named Control3 help for unlocking some files??  ???
It is hosted on its official site at diskcleaners.com.

Well, that program uses its own algorithm, so it can decrypt files that itself encrypted. Mainly with the .scrp extension. That being said, I doubt that it will help in decrypting any files with the above-mentioned extensions, unfortunately.
Thanks for the idea, though! It's good to think of new ways to try and help with such a pressing issue as decryption!

375
That is an okay alternative, but it's not specifically made for video drivers, so a user must be careful in selecting only "nVidia" or "ATI" for video drivers. Also, I see no options for Intel or SurfacePro 3 which probably means it's an older program with older database for what file leftovers to search for.
From another perspective, it might be useful for the removal of other kinds of drivers, but then again older audio drivers might be difficult to find for some users if the new ones don't work. That's why I recommend making a system restore point beforehand:
  • Right click on “Computer”.
  • Select “Properties”.
  • Click on "System Protection".
  • In the new window, click on "System Restore".

Pages: 1 ... 23 24 [25] 26