Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

Recent Posts

Pages: [1] 2 3 ... 10
Malware Removal Questions and Guides / Styx Ransomware - a new cryptovirus arises
« Last post by Execute on December 15, 2017, 12:23:16 pm »
The Styx ransomware is a new cryptovirus that will encrypt your files.
All of the locked files will get the .styx extension appended to them.
The encryption algorithm which is used is AES with 256-bit ciphers.

You can see the Remove Styx Ransomware Virus article for more information.

Malware Removal Questions and Guides / Re: .java Ransomware
« Last post by Execute on December 15, 2017, 12:09:25 pm »
Hello @luizconrado,

I am very sorry to hear about your passed mother.
I am also sorry to hear you got hit by that ransomware.

Currently, there is no working solution to getting your files back to normal,
but you can try the alternative decryptors from the .java Files Virus article,
and see if that yields any results. If not - backup the files you want to keep
and wait for a fix in the future (if a decryptor comes out, you will be notified!)

Kind Regards,
Malware Removal Questions and Guides / .java Ransomware
« Last post by luizconrado on December 14, 2017, 06:48:11 pm »

I have been infected with a ransomware that encrypted all my files to a .java extension.
The ransom not is called "FILES ENCRYPTED.txt"
The email for ransom are:
[email protected] or [email protected]

I have pictures of my recently passed mother there.
I would really appreciate some help.

All my files have been renamed to .arena and .nemesis Is there a way to restore files to the original state?

Hello, @faxmodem.
First of all, I have moved your question to the appropriate topic (so there is no confusion).
Second, it seems there is currently no solution to the Dharma (.arena files) ransomware.
Third, Nemesis has been spotted to roam around the Internet with new variants - do you mind sharing if there is a ransom note (or a ransom note picture) with it? With that there might be more to go on, although I believe previous variants of Nemesis were not decryptable.

Here is an article about Nemesis and its first variant: Remove Nemesis Ransomware and Restore Encrypted Files

See if it's of help and provide more information to try and help you!

Kind Regards,
All my files have been renamed to .arena and .nemesis Is there a way to restore files to the original state?
The current variant of the Locky virus spreads with multiple malware campaigns
that have reached thousands of users already.

Inside the e-mail, you will most commonly see it pretending to be an
email from DropBox to confirm your registration or something similar.

These are some of the payload download sites, that you should not open
and should close immediately if you see them open on your browser:

  • deltasec(.)net/iugftrs2?
  • shahanabiomedicals(.)com/iugftrs2?
  • henweekendsbirmingham(.)
  • ostiavolleyclub(.)it/iugftrs2?
  • agrourbis(.)com/iugftrs2?
  • dueeffepromotion(.)com/iugftrs2?
  • axtes(.)com/iugftrs2?
  • mastertenniscoach(.)com/iugftrs2?
  • likiihillschool(.)com/iugftrs2?
  • xploramail(.)com/iugftrs2?
  • nsaflow(.)info/p66/iugftrs2

You can read more beneath:
.Asasin File Virus (Locky) – Remove It and Restore Files
PC Tips & Tricks / What is VC_RED file in Windows? Should you remove it?
« Last post by Execute on November 08, 2017, 12:30:06 pm »
VC_RED is a file that is safe, legitimate and you shouldn't worry about.
Usually the file comes along with others, scattered across your main directory of disk drives.
Typically, those are the installation files for the Visual C++ Redistributable Package
(which VC_RED is like an abbreviation of, also found as vc_redistx86 or x64)
and are leftovers after the installation is complete. You can see how it looks like:

You can safely delete them if they are found on your disk drives without their own folder.
That package is related to how applications are run on your PC and is needed,
but it can be easily re-installed if you somehow uninstalled or removed it.

The tip is that you should remove the installation file scattered randomly,
but do not touch the files if they are inside a specific folder with a similar name.
Internet and Networking Security / What is “Deceptive Site Ahead” warning?
« Last post by Execute on November 08, 2017, 12:08:20 pm »
This post is to discuss what "Deceptive Site Ahead" means and why do you get that warning in your browser.

Google Safe Browsing services are the creators of the message and have introduced it to their Google Chrome browser and Chromium project. That means that you can see the message in other browsers based on the Chromium project, like Opera for example.

The messages reads:

"Deceptive site ahead.
Attackers on (URL) may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).

Most website domains that are not accessed right away, but show that message in your browser, are either filled with malware or are phishing and require you to enter your account details for a site that seems like a popular page (Facebook for instance).

Sometimes, the page is totally legitimate but not very well known and you can see the warning pop up without the site containing or leading to any malware. Remember that the message is for potential threats and not 100% accurate all the time, although you should consider researching that URL before removing the warning and going to such a site.
Internet and Networking Security / Re: Which Is the Most Secure Browser for 2017?
« Last post by esferasoft on October 27, 2017, 02:56:43 pm »
Google Chrome  :D
Yesterday, on the 25th of October, a new ransomware emerged crippling systems in a few countries, based on the Petya.A ransomware. Bad Rabbit is how the new ransomware string is dubbed.

The ransomware has a lot of its code copied from the previous Petya ransomware, and researchers confirmed their relation.

Ukraine, Turkey, Russia and Bulgaria were the countries that were the countries hit by the ransomware yesterday, and still recovering from the attack. More countries could be affected in the near future. Some government computers were infected, airports and others.

Read more technical details about the Bad Rabbit ransomware and information on what you could do to try and restore data on your computer here:

BAD RABBIT Ransomware Virus – How to Remove...
Pages: [1] 2 3 ... 10