Hi James and kqly,

First, have you already removed the ransomware with an anti-malware program?

According security researchers, XRTN ransomware belongs to the family of Vaultcrypt ransomware, which was detected in March 2015.

XRTN ransomware uses RSA-1024 encryption in combination with the open source Gnu Privacy Guard (GnuPG) encryption. More information here: http://sensorstechforum.com/remove-xrtn-ransomware-from-your-machine/

Once infected, the victim will be shown a HTA document (with instructions) when Windows starts. The document also contains an email address to contact the cyber criminals – xrtnhelp@yande.ru.

Unfortunately, at this point recovering the decryption key is not possible. The ransomware is also designed to delete the Shadow Volume Copies, making restoring the encrypted data an impossible task. Unless, of course, you have regularly backed up your data.

Researchers also warn that the infection with XRTN Ransomware is triggered by opening a malicious email attachment.

If you have been attacked by the XRTN ransomware, please share your experience here.

Hi, Ehtesham Javed,

Unfortunately, if you don't have a clean backup of your files, nothing can be done. This particular encryption is quite strong and for now there's no solution on how to beat it...

Nonetheless, you should read more about the TeslaCrypt ransomware and its ways: http://sensorstechforum.com/remove-teslacrypt-rsa-4096-can-vvv-files-be-restored/

There are things you can do from now on to protect yourself from cyber threats, including backing up your data and improving your PC habits. In your current situation and without a decryption key you won't be able to restore the encrypted files. I am very sorry to be the one to tell you that!

Have you scanned your system with an anti-malware program to remove the leftovers of the ransomware? Do you have any suspicions about the way you got infected with it?

It's not a secret that MS and particularly Windows 10 are aiming at collecting as much user data as possible. Even MS employees don't deny the Windows core data collection.

Fortunately, unhappy users are constantly seeking ways to destroy the Windows built-in telemetry and get a bit further from the Big Brother.

There are two tools that can be applied to put an end to the tracking: GWX Control Panel, and a Script for Windows 7/8.

GWX will rid your Win7/8.1 from the 'Get Windows 10 icon' that pops up as a notification in the down right corner of the screen.

It will also not allowing a covert download of Win10 installation files, and will seek and destroy the hidden Win10 installation files, if such are present.

The second one is a script for Win 7/8 that blocks all the telemetry updates out there.

The Script:

    -Disables gwx/skydrive(a.k.a. onedrive)/spynet/telemetry/wifisense;
    -Disables/hides windows 10 download directory;
    -Uninstall/hides 29 KB updates;
    -Disables 31 scheduled tasks (optional components that ‘phone home’ to Microsoft);
    -Uninstalls diagtrack;
    -Disables remote registry;
    -Blocks 188 Microsoft hosts (221 IPs);
    -Changes Windows Update settings to ‘check/notify’ instead of ‘download/install’.

It’s not relevant which tool you will use first.

NOTE
You should note that after running the script, Windows Update may not work properly. The updates removed by the script may start reappearing aggressively, even when the 'Hide Update' option is applied. However, the script works just fine, but Microsoft will not give up on its Updates.

Read more: http://sensorstechforum.com/stop-windows-telemetry-and-remove-windows-10-upgrade-icon/

Have you witnessed this error when running Python3/3.4?


python3.4 ./decrypt.py test.bitcrypt
File “./decrypt.py”, line 99
print “usage: %s ” % sys.argv[0]
^
SyntaxError: Missing parentheses in call to ‘print’

The 'SyntaxError: Missing parentheses in call to ‘print’' error message you're witnessing could mean that you are trying to use Python 3 to run a program that uses the Python 2 print statement. In Python 3, printing values was changed from being a distinct statement to being an ordinary function call. That's why the statement File “./decrypt.py”, line 99 could need parentheses.

A possible solution could be to run the 'sudo apt-get update python' command or 'sudo apt-get install python2.7.8' to get your Python to work.

More information here: http://stackoverflow.com/questions/25445439/what-does-syntaxerror-missing-parentheses-in-call-to-print-mean-in-python

P.S: In case you're dealing with ransomware, please let us know which one it is.

If you're a Windows 10 user and you pay attention to what Microsoft is doing, you may have come to the conclusion that your core data is being collected and sent home. Such theories are no longer theories, since Microsoft’s Corporate Vice President Joe Belfiore recently made a statement that cleared out previous suspicions:

’In the cases where we’ve not provided options, we feel that those things have to do with the health of the system. In the case of knowing that our system that we’ve created is crashing, or is having serious performance problems, we view that as so helpful to the ecosystem and so not an issue of personal privacy, that today we collect that data so that we make that experience better for everyone.’

Well, not everyone, exactly, since it's now known that Microsoft doesn't treat equally enterprise and home users. More on the topic: http://sensorstechforum.com/microsoft-admits-to-windows-10-core-data-collection/

Logically, one may wonder why is it that Windows 10 is being pushed so persistently. It turns out that Microsoft has set the goal of at least 1 billion Win10 devices in the next couple of years! When you put 2 and 2 together, you may just find yourself in a loop of conspiracy-driven thoughts...

Decide for yourself: http://sensorstechforum.com/microsofts-master-plan-windows-10-on-1-billion-devices/

Is Windows 10 what you expected it to be?

KB 3105210's official description:

"This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory:

    KB3096448 MS15-107: Cumulative security update for Microsoft Edge: October 27, 2015
    KB3096441 MS15-106: Cumulative security update for Internet Explorer: October 27, 2015"

As with other cumulative updates, the description is not clear enough and doesn't provide enough information. You can refer to the article published on SensorsTech Blog about it: http://sensorstechforum.com/kb-3105210-yet-another-ghost-update-for-windows/

YouTube lyrics is described as a potentially unwanted program and ad-supported software. YouTube lyrics man also act as a browser hijacker and may change the browser's default home and search page.

WARNING


Please keep in mind that malware researchers have detected malware components in the program. It's removal is advisory.

Tell me - have you succeeded in removing the threat from your browser and system?