You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - mcinn

Pages: 1 2 [3] 4
Software Reviews / Android Data Recovery Pro, Android backup needed
« on: February 22, 2016, 03:19:24 pm »
Android Data Recovery Pro is a program that serves to recover lost files or other data. The tool should scan your device from your computer and then restore the lost data. The price of Android Data Recovery Pro is 49,95$. Keep in mind that the license can be used on 1 to 3 PCs.

Android Data Recovery Pro pros:

Android Data Recovery Pro's cons:

  • The app that 'replaces' a cable is not available on Google PlayStore (it's available on the official website, though);
  • The CPU usage can be lower, especially when the program is idle;
  • The Wi-Fi app may have troubles while scanning the QR code;
  • No scanning capabilities for files with specific extensions such as .mp3.

So, it goes without saying that it would be cool if you leave your opinion regarding the program. If you've tried it and didn't liked it, what data recovery tool would you recommend for Android?

Software Reviews / Does Hidden Toolbox really protect my privacy?
« on: February 22, 2016, 12:39:45 pm »
Hidden Toolbox is a somehow unique program that allows users to browse privately. Basically, Hidden Toolbox is a concealed program that runs based on a quick key combination. When you start installing it, you will be displayed a tutorial that explains how the program works. If you want to learn more about Hidden Toolbox, make sure to check out its review:

Hidden Toolbox costs $39.95. It appears that the license is permanent. Please correct me if I'm wrong!

On the positive side, Hidden Toolbox has to offer:

  • Quick browsing process;
  • A panic button;
  • Simple, user-friendly interface;
  • 256-bit SSL encryption.

On the negative side, Hidden Toolbox seems to be missing the following features:

  • AdBlock-type of software to protect users during browsing;
  • A set of browser extensions;
  • A built-in VPN;
  • No information whatsoever on how to remove the program.[/;i]
Overall, Hidden Toolbox seems to be an interesting piece of code. Have you come across similar tools? What's your opinion on Hidden Toolbox (in case you've used it)?

Software Reviews / BullGuard Internet Security - Share your thoughts
« on: February 22, 2016, 11:21:46 am »
BullGuard is an anti-virus program that has been around since 2002. It offers a 60-day free trial. After the trial expires, the AV becomes available at the price of 59.95$ per year for 3 computers.

Let's see what its latest version is all about.

BullGuard's Pros:

  • Spam filtering;
  • PC optimization;
  • User-friendly;
  • 5 GB online backup, auto scheduling available;
  • Vulnerability scan;
  • Customer support at all times;
  • Quick at updating and scanning;
  • Easy to register.

BullGuard's Cons:

  • CPU usage could be less;
  • A bit expensive (nhowever, its license can be used on 3 machines).

More info:

As a user, what's your experience with BullGuard?

Software Reviews / SOS Online Backup Tool. Any Opinions?
« on: February 22, 2016, 10:44:54 am »
SOS Online Backup is a data backup and recovery utility. It is available at the price of $79.99 per year.

The tool provides two options of cloud backup:
  • Business - appropriate for servers and office computers;
  • Personal - good for a regular user who wants to back their system's files and mobile devices.

SOS Online Backup has several pretty awesome features:

  • Unlimited data storage;
  • Good speed during installation and backup;
  • Automatic backup feature;
  • File explorer for the backed up files;
  • Good security and excellent data encryption;
  • Good for both home and enterprise users.

So, the tool has lots of pros. What about its cons? Two (small?) shortcomings come to mind:

  • A tray icon providing the user with option to quickly access its features would have been nice;
  • A lower price to make it available to a larger range of users.

More info:
What do you think of SOS Online Backup? Is it worth it? If you use/have used it, please drop your opinion here and spare other users the hesitation :)

With the emergence of ransomware, the file encrypting threat that encrypts files and demands ransom for their decryption, many users are facing the need to backup and recover their data. That being sad, the abundance of ransomware pieces has led to the development of many data recovery tools.

eSupport UndeletePlus 3
is such a program. Overall, it is a good and light program.

Here's a list of some of eSupport UndeletePlus 3's features:

  • It is quite small and installs fast;
  • The file restoration process has a good quality;
  • It has diverse settings;
  • It provides deep and smart scan features;
  • It has fast scanning mechanisms.

On the other hand, eSupport UndeletePlus 3 could have been better, if:
  • it had an option to scan files via different algorithms to increase the number of recovered files;
  • a free trial;
  • an on-demand scan.

More details:

Despite these cons, it still appears to be a good tool. Have you tried it?

A new ransomware, dubbed Gomasom by researchers, has been just detected in the wild. Gomasom has features that differentiate it from other ransomware cases we have seen recently. What makes Gomasom distinguishable is its capability to encrypt both user data files and executables. By encrypting .exe files, Gomasom affects the performance of all user applications, making them unworkable. Thanks to this capability, the ransomware becomes even more disastrous.

Added extension to encrypted files: [filename]!__.crypt; an encrypted file would look something like that: [filename].jpg!__[symbols]@gmail.com_.crypt
Why Gomasom? The name derives from GOogle MAil ranSOM. The ransomware operates by infecting users and then encrypting their files, dropping Gmail address in the file’s name, hence its name.

Is decryption possible? Yes, it is. A decryptor has been released by Emsisoft, it is available here:

More information about Gomasom:

According security researchers, XRTN ransomware belongs to the family of Vaultcrypt ransomware, which was detected in March 2015.

XRTN ransomware uses RSA-1024 encryption in combination with the open source Gnu Privacy Guard (GnuPG) encryption. More information here:

Once infected, the victim will be shown a HTA document (with instructions) when Windows starts. The document also contains an email address to contact the cyber criminals –

Unfortunately, at this point recovering the decryption key is not possible. The ransomware is also designed to delete the Shadow Volume Copies, making restoring the encrypted data an impossible task. Unless, of course, you have regularly backed up your data.

Researchers also warn that the infection with XRTN Ransomware is triggered by opening a malicious email attachment.

If you have been attacked by the XRTN ransomware, please share your experience here.

Research indicates that a new ransomware or a new variant of a well-known ransomware is currently using RSA-4096 encryption algorithm. This is how the ransomware message file, dropped in all folders looks like:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here:
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.[...]

The infection process most likely follows the following mechanism:

The user receives a suspicious email containing an infected link ->The user is redirected to a page that hosts the Nuclear EK (or some other exploit kit)-> Trojan:Win32/Miuref:B, or another infostealer, harvests information about the system-> If the system ‘meets’ the requirements (e.g. the Trojan checks if the system is 32-bit), the ransomware payload is dropped onto it.

More information about the strong RSA-4096 encryption find here: Unfortunately, this encryption appears to be practically unbeatable.

If you have been affected by the ransomware employing the RSA-4096 encryption, share your experience. You can share the following details:
  • names of file extensions added to your files
  • the name of the Trojan that has dropped the ransomware (an AV program should detect it)
  • anything else you notice and find important to add here

We need to spread the word, so other users don't get attacked by the malicious threat.

It's not a secret that MS and particularly Windows 10 are aiming at collecting as much user data as possible. Even MS employees don't deny the Windows core data collection.

Fortunately, unhappy users are constantly seeking ways to destroy the Windows built-in telemetry and get a bit further from the Big Brother.

There are two tools that can be applied to put an end to the tracking: GWX Control Panel, and a Script for Windows 7/8.

GWX will rid your Win7/8.1 from the 'Get Windows 10 icon' that pops up as a notification in the down right corner of the screen.

It will also not allowing a covert download of Win10 installation files, and will seek and destroy the hidden Win10 installation files, if such are present.

The second one is a script for Win 7/8 that blocks all the telemetry updates out there.

The Script:

    -Disables gwx/skydrive(a.k.a. onedrive)/spynet/telemetry/wifisense;
    -Disables/hides windows 10 download directory;
    -Uninstall/hides 29 KB updates;
    -Disables 31 scheduled tasks (optional components that ‘phone home’ to Microsoft);
    -Uninstalls diagtrack;
    -Disables remote registry;
    -Blocks 188 Microsoft hosts (221 IPs);
    -Changes Windows Update settings to ‘check/notify’ instead of ‘download/install’.

It’s not relevant which tool you will use first.

You should note that after running the script, Windows Update may not work properly. The updates removed by the script may start reappearing aggressively, even when the 'Hide Update' option is applied. However, the script works just fine, but Microsoft will not give up on its Updates.

Read more:

Have you witnessed this error when running Python3/3.4?

python3.4 ./ test.bitcrypt
File “./”, line 99
print “usage: %s ” % sys.argv[0]
SyntaxError: Missing parentheses in call to ‘print’

The 'SyntaxError: Missing parentheses in call to ‘print’' error message you're witnessing could mean that you are trying to use Python 3 to run a program that uses the Python 2 print statement. In Python 3, printing values was changed from being a distinct statement to being an ordinary function call. That's why the statement File “./”, line 99 could need parentheses.

A possible solution could be to run the 'sudo apt-get update python' command or 'sudo apt-get install python2.7.8' to get your Python to work.

More information here:

P.S: In case you're dealing with ransomware, please let us know which one it is.

Windows 10 version 1511 is finally here. Also known as Fall Update and Treshold 2, the Windows-as-a-service upgrade has been reported by discontent users to cause some issues, some of them quite annoying.

Problems include:

- The update freezing at about 40%.
- The update deleting user's applications such as CPU-Z, speccy, 8gadgetpack, a Cisco VPN client, SATA drivers, SpyBot, RSAT, the F5 VPN, HWMonitor.
- Forced delays of the update.

To restore your programs, do the following:

- Go to System -> Default Apps and re-select them.

Are you happy with what Microsoft has achieved in its latest Version or are you a true supporter of Win7?

Fore more information, visit our articles:

Windows 10 / Is Windows 10 Spying on Us?
« on: November 04, 2015, 04:46:13 pm »
If you're a Windows 10 user and you pay attention to what Microsoft is doing, you may have come to the conclusion that your core data is being collected and sent home. Such theories are no longer theories, since Microsoft’s Corporate Vice President Joe Belfiore recently made a statement that cleared out previous suspicions:

’In the cases where we’ve not provided options, we feel that those things have to do with the health of the system. In the case of knowing that our system that we’ve created is crashing, or is having serious performance problems, we view that as so helpful to the ecosystem and so not an issue of personal privacy, that today we collect that data so that we make that experience better for everyone.’

Well, not everyone, exactly, since it's now known that Microsoft doesn't treat equally enterprise and home users. More on the topic:

Logically, one may wonder why is it that Windows 10 is being pushed so persistently. It turns out that Microsoft has set the goal of at least 1 billion Win10 devices in the next couple of years! When you put 2 and 2 together, you may just find yourself in a loop of conspiracy-driven thoughts...

Decide for yourself:

Is Windows 10 what you expected it to be?

If your files were all changed to the .CRYPT extension, we have bad news for you. You have been 'attacked' by a ransomware known as Chimera. It's currently active in Germany, but ransomware authors often like to switch their targets overnight.

Possible reasons for the ransomware intrusion are:
  • Opening corrupted emails posing as official establishments.
  • Exploit kits.

As a result of the infection, a ransom message was displayed to you. It may be written in your language.

This may be because the threat may be able to detect your location. The message usually says that a ransom should be paid via the Tor network. Some Chimera versions were also reported to demand 0.93002414 Bitcoins in exchange for the decryption of the users' files.

A brand new Chimera campaign can extort users in more ways than just asking for bitcoins. The authors may threaten victims to publish their personal files if the demanded amount is not paid within the given deadline. Read more about this particular case here:

Also, make sure to read how to deal with the Chimera malicious piece:

Windows Updates / KB 3105210
« on: November 03, 2015, 04:15:19 pm »
KB 3105210's official description:

"This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory:

    KB3096448 MS15-107: Cumulative security update for Microsoft Edge: October 27, 2015
    KB3096441 MS15-106: Cumulative security update for Internet Explorer: October 27, 2015

As with other cumulative updates, the description is not clear enough and doesn't provide enough information. You can refer to the article published on SensorsTech Blog about it:

If your personal files are unreachable and they have the .ccc extension added to them, you may have been infected by a variant of the TeslaCrypt ransomware.

Files affected by this particular malicious threat typically have the .exx, .xyz, .zzz, .aaa, .abcor appended to the end of the file. Users may think they've been targeted by Cryptowall, because some TeslaCrypt versions may pretend to be Cryptowall 3.0.

As we have already pointed out in the comments section of the Restore Files Encrypted via RSA Encryption, the Tesla decryptor tool can be tried. You can download it from here:

How to use it:

There are several cases of users reporting their files encrypted and having a .ccc extension. If you are one of them, don’t hesitate to comment here.

For more information about the TeslaCrypt ransomware, you can have a look at the following articles:

TeslaCrypt Removal

AlphaCrypt Removal

Pages: 1 2 [3] 4