Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

Recent Posts

Pages: [1] 2 3 ... 10
1
Malware Removal Questions and Guides / Re: All Files Encrypted with .txt extension
« Last post by Execute on August 16, 2017, 10:28:33 am »
Hello @tayyab786ae,
we are aware of the ransomware and you are right - it is a GlobeImposter variant called A1Lock.
Unfortunately there is no decryption tool created for any version of A1Lock or the GlobeImposter variants (except maybe 1 old variant, but it doesn't work with the newer ones).

You can read more about the ransomware virus from the article here:
https://sensorstechforum.com/a1lock-ransomware-removal-restore-txt-files/

The article will be duly updated if a decrypter or Master unlock key is released.

Do not pay the ransom and it is also recommended not to re-install your operating system, as there might be a way to restore your data with Data Recovery Tools perhaps. The newer variants have a legitimately strong encryption so try to save the encrypted files you want to recover in the future (if at all possible).
2
Malware Removal Questions and Guides / All Files Encrypted with .txt extension
« Last post by tayyab786ae on August 15, 2017, 11:45:39 am »
Hi Everyone. My PC has been attacked on the 10th August and all of my D drive files has been encrypted with a .txt extension. After my research i found it is called A1 Lock Ransom ware which is a variant of the Globeimposter ransomware virus.

Can any one help to find a Decryptor for A1Lock ransomware?

Thanks a lot.

Taiyab
   
3
Gaming Malware / ABC Locker Virus encrypts your .DayZProfile files
« Last post by Execute on July 28, 2017, 03:18:12 pm »
The ABC Locker ransomware virus is not exactly a gaming related malware, but it does encrypt save games for the video game DayZ (a modification of an Arma game).
That could be a serious concern for people who have spent serious hours into the game and don't have backups or a cloud synchronization enabled for saves to be duplicated.

What is more, this ransomware also target a bit more than 240 different file extensions.
It asks for 250~275 euros or US dollars initially, but you shouldn't pay the ransom.
Find out more information in the article given below:

ABC Locker ransomware virus - Restore Your Data
4
Hi There

I was hit with the Cyrptowall 4_0 ransomware about 2 years back...

Hello, Gary.

Sadly, the Cryptowall 4 virus is not spreading like it used to and the Angler Exploit Kit is gone now. That means that the malware authors have probably made the money they wanted and stopped pushing it. Maybe you have a ransom note or a picture of it, from where you can check for an e-mail or a TOR network page, like in the example below:



As far as I remember on the .html page there wasn't any e-mails left, but just the payment system which is opened in TOR.
*Checking*

Ok, so if the ransom note looked as the one above, you should have only a URL address pointed out on the TOR network, which is an automated system for payment and I couldn't find a working one. You might find one if you look for ransom notes for CryptoWall 4 and previous variants...

As regarding to the other question - if you somehow find and contact the cybercriminals and write to them that you moved your files, regardless of payment or not, they might still not help you. Usually ransomware authors say that it is your fault for not paying in time and for moving the files. So, even then their decryptor might not work, unless some fies of the virus are on your PC.

I don't think you can recover your files now, but keep your hope alive as there might be a new version of the virus and the malware creators could release a MASTER decryption key for the older versions (you never know)...

Best of luck and I am sorry that I can't help you further. :(

Kind Regards,
Execute
5
Hi There

I was hit with the Cyrptowall 4_0 ransomware about 2 years back.
Back then I did not have the money to pay the ransom, and as such, I kept a backup of all my encrypted files (Plenty Family Photos and Videos of my Kids from their time of birth 12 yrs ago)
It was/is the only photos/videos I have of them during that period of their life, So it was as great blow needless to say.
Fast-Forward 2 years on, and my financial position has considerably increased somewhat to the point where I would be able/prepared to try this route of paying the ransom for the encryption codes.
Only problems I am faced with now is:

1) How do I go about to getting hold of the unsavoury characters again to attempt this? Would anyone maybe have a working url / link where I could try to get hold of these guys?
And
2) As I no longer have the laptop where the files were originally encrypted on (I copied all the encrypted files over to a external hdd to be used on my new laptop) would it even still be possible to decrypt them anymore as well?

Many Thanks,
Gary 
6
PC Tips & Tricks / Re: Helpful Tips about Ransomware
« Last post by Execute on July 20, 2017, 10:36:14 am »
Another useful tip is to disable some ports on your Windows system, that are not really used unless you are some sort of power user, who uses the Common Internet File System (CIFS), Client/Server Communication and NetBIOS for some reason. The famous WannaCry ransomware (and later Petya.A) have both used these ports as entry points for injecting their malicious file into computer systems.
It would be only wise to close these ports as ransomware viruse in the future might utilize them as well to infect PCs.

Here's what you should do:

Open the Command Prompt (cmd.exe) with Administrator privileges.
Then type the following command lines into the box to disable the ports:

netsh advfirewall set allprofile state on

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=138 name="Block_TCP-138"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=139 name="Block_TCP-139"


At the end of each command, the CMD should say "Ok." and that is it! Stay safe!
7
Off-Topic Discussions / Re: IT Jokes and Overall PC Stupidity
« Last post by Execute on July 04, 2017, 11:09:18 am »
And in this corner...

8
Yesterday, on the 27th of June, a new ransomware emerged crippling systems across the globe, called Petya.A.

The ransomware has a lot of its code copied from the original Petya ransomware, yet malware researchers say that it is a different ransomware and probably compiled by a different malware author.

Ukraine was one of the countries that was hit the hardest, because of a flaw in its MeDoc update system. Lots of its government computers were infected and encrypted, while the virus spread to other firms and organizations in the country. Spain, Russia and France are also countries that are among the first and most heavily infected.

Read more technical details about the Petya.A ransomware and information on what you could do to try and restore data on your PC here:

“Oops, Your Important Files Are Encrypted” (Petya.A WannaCry Ransom Virus)
9
Gaming Malware / Kryptonite Ransomware uses the game "Snake" as a disguise
« Last post by Execute on June 26, 2017, 03:15:08 pm »
Kryptonite is the name of a new ransomware cryptovirus,
that is quite cleverly masked as the popular game "Snake".
You can also play a Command Prompt variant of "Snake",
while the Kryptonite virus is encrypting your files...

...and then you are asked to pay $500 as ransom for your files.

This is how the game looks like:



You can read all about it, from the following article:

https://sensorstechforum.com/kryptonite-ransomware-remove-restore-files/
10
Malware Removal Questions and Guides / Re: Mole02 File?
« Last post by Execute on June 22, 2017, 06:04:03 pm »
Hello, @ZMan.

Yes, this is confirmed by malware researchers to be the new variant of MOLE ransomware and it appends the .MOLE02 extension like you have shown in the attached picture.

You can find a thorough analysis of the virus here: https://sensorstechforum.com/mole02-file-virus-remove-restore-data/

Best Regards,
Execute
Pages: [1] 2 3 ... 10