Nova poruka

Kriptirani podaci - ransomware POMOĆ

poruka: 70
|
čitano: 16.654
|
moderatori: pirat, XXX-Man, vincimus
prethodna
1
2
3
+/- sve poruke
ravni prikaz
starije poruke gore
andi.cro 
15 godina
offline
sub 31.1.2015 17:38
Odgovori Citiraj
Kriptirani podaci - ransomware POMOĆ

Nađoh neš po tom pitanju @Djigi...

 

LINK

Some people are so poor... all they have is money!
Moj PC  
trajni link
0 0 hvala 0
djigibao 
17 godina
online
sub 31.1.2015 17:40
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
Sum_of_all_fears kaže...

Pogledaj u services.msc jel ima koji avirin servis. Ako ima, potraži u kojem je svchostu.

 

Sad vidim sa ima svoj .exe i nije u svchostu. To ti je to.

 

Znaci nema skrivenih procesa/servisa?

Ona tvoja tvrdnja (da ima skrivenih procesa) u ovom slucaju ne prolazi ili...?

 

 

Takodjer desnim klikom na bilo koji proces -> Properties -> Performance - dolazimo do uvida koliki je Peak (tj. max zauzece RAM-a i Virtual Memory) tog procesa.

 @Andi

Los ti je link

http://av-gurus.blogspot.com/ | http://www.facebook.com/antivirusna.ekipa | http://www.youtube.com/user/TheDjigibao/videos
Poruka je uređivana zadnji put sub 31.1.2015 17:41 (djigibao).
Moj PC  
trajni link nadporuka
0 0 hvala 0
Elles D. 
17 godina
online
sub 31.1.2015 17:58
Odgovori Citiraj
Kriptirani podaci - ransomware POMOĆ

Gdje ste vi raspravom otišli?

Always code as if the one ending up maintaining your code is a violent psychopath who knows where you live
Moj PC  
trajni link
1 0 hvala 0
djigibao 
17 godina
online
sub 31.1.2015 18:00
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
Kad smo vec poceli o tome da nesto i naucimo, zar ne?

Mene recimo to ful zanima, a i moze biti od koristi za svih.
http://av-gurus.blogspot.com/ | http://www.facebook.com/antivirusna.ekipa | http://www.youtube.com/user/TheDjigibao/videos
Moj PC  
trajni link nadporuka
3 0 hvala 0
phoenix2003 
15 godina
offline
sub 31.1.2015 18:28
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
buli kaže...

Kuzim ja to sve, ali on ne trazi nikakvu otkupninu. Da pokazuje platio bih i probao!!!

Ja bih te zamolio da digneš live Ubuntu i da pretražiš računalo.

Moj PC  
trajni link nadporuka
0 0 hvala 0
djigibao 
17 godina
online
sub 31.1.2015 18:35
Odgovori Citiraj
Kriptirani podaci - ransomware POMOĆ

Sad sam malo pogledao prvu sliku na kojoj se vidi da je dobio taj malware email s oznakom "HT email..."

 Moglo bi bit ovakvih slucajevo jos dosta...

http://av-gurus.blogspot.com/ | http://www.facebook.com/antivirusna.ekipa | http://www.youtube.com/user/TheDjigibao/videos
Moj PC  
trajni link
0 0 hvala 0
Sum_of_all_fears 
16 godina
odjavljen
offline
sub 31.1.2015 18:37
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
djigibao kaže...

 Znaci nema skrivenih procesa/servisa?

Ona tvoja tvrdnja (da ima skrivenih procesa) u ovom slucaju ne prolazi ili...?

A kome sam ja gore pričao o rootkitovima, driverima i kernel modulima...

My name is Legion... For we are many!
Moj PC  
trajni link nadporuka
0 0 hvala 0
ihush 
16 godina
online
sub 31.1.2015 18:39
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
djigibao kaže...

Sad sam malo pogledao prvu sliku na kojoj se vidi da je dobio taj malware email s oznakom "HT email..."

 Moglo bi bit ovakvih slucajevo jos dosta...

 -večini koji koriste poslovni mail s inozemstvom (ili im je zajednički poznanik-adresar kontakt) su takve poruke 'normalne' i 'Štefice' već znaju rutinu.. pa čak i običan spamfilter pomaže (mada poneki mail koji nije spam nestane..).

 

- pogotovo 'račun' npr Tcoma (from dojčland..)

C64/TurboModul-OpenSourceProject.org.cn.部分作品为网上收集整理,供开源爱好者学习使用
Poruka je uređivana zadnji put sub 31.1.2015 18:39 (ihush).
 
trajni link nadporuka
0 0 hvala 0
hjjura 
10 godina
neaktivan
offline
uto 3.2.2015 22:00
Odgovori Citiraj
Kriptirani podaci - ransomware POMOĆ

Danas sam dobio računalo na servis, prema nod32 riječ je o "Win32/Filecoder.DA i/ili Win32/Filecoder.DZ trojan". Nod32 ga prepoznaje tek od 5.1.2015.

Datoteke s ekstenzijama doc, tif, dbf i vjerojatno još neke su kriptirane i dodana im je još jedna random ekstenzija.

Prema informacijama s wikipedije riječ je o imitaciji CryptoLockera. Na webu se spominje ova stranica, ali ne pomaže jer je vezana uz originalnu verziju virusa i sadrži privatne ključeve korisnika koji su bili inficirani prije pola godine kada je zaplijenjen autorov server.

Enkripciju je vjerojatno nemoguće probiti bez super-računala i tima programera.

 

Neke datoteke sam uspio naći u kopiji (sent items u gmail npr.) i čudno je da su originalne datoteke veće od kriptiranih. U pravilu se kod fiksne duljine podatka koristi block cipher (algoritam za enkripciju) i kod njega je veličina kriptiranog podatka identična ili veća od originala. Postoji mogućnost da je podatke nemoguće dekriptirati čak i ako se uplati traženi iznos.

 

Podaci za kontakt s autorom virusa nalaze se u datoteci Decrypt-All-Files-xxxxxxx.txt koju je nod32 obrisao pa ih pokušajte vratiti iz karantene.

Slijedi sadržaj datoteke s obrisanim privatnim podacima:

 

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.

Open http://xxxxxxxxxxxxxxxx.onion.cab or http://xxxxxxxxxxxxxxxx.tor2web.org
in your browser. They are public gates to the secret server.

If you have problems with gates, use direct connection:

1. Download Tor Browser from http://torproject.org

2. In the Tor Browser open the http://xxxxxxxxxxxxxxxx.onion/
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.

Copy and paste the following public key in the input form on server. Avoid missprints.
xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx
xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx
xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx

Follow the instructions on the server.

 

Sadržaj web stranice koja se otvara na gornjim linkovima:

 

Payment required
Server accepts payment in Bitcoin (BTC) only.
If you have bitcoins:
1. Pay amount of 3 BTC to address: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
2. Transaction will take about 15-30 minutes to confirm.
If you do not have bitcoins:
1. Open one of the exchangers:
    https://en.bitcoin.it/wiki/Buying_bitcoins
    https://btcdirect.eu/
    https://www.bitboat.net/it/buy
    https://bitonic.nl/
and select exchange in your country and currency.
Or open https://localbitcoins.com/ and find person who sells bitcoins near you.

Buy 3 BTC (about of 750 USD) and make direct deposit to bitcoin address: xxxxxxxxxxxxxxxxxxxxxxxxx
   Exact payment amount can vary depending of exchange rates.
4. Transaction completion may take several days.


Reload this page in 15 minutes. After transaction completes you wiil be redirected to decryption page.
Don't worry if some errors occurs and connection was broken. Wait 15 minutes and press F5.

To make sure that decryption is possible you are allowed to decrypt one any file for free. File size is limited up to 1 Mbyte.

 

 

Ako namjerno pokušam dekriptirati datoteku koja nije kriptirana, dobijem poruku:

Error in uploaded file. File is not encrypted with your public key. File may be corrupted or encrypted on another computer. Navigate back and upload another file. Make sure that you upload file encrypted with CTB-Locker.

Poruka je uređivana zadnji put sri 4.2.2015 21:48 (hjjura).
 
trajni link
2 0 hvala 1
andi.cro 
15 godina
offline
uto 3.2.2015 22:30
Odgovori Citiraj
Re: Kriptirani podaci - ransomware POMOĆ
djigibao kaže...

 @Andi

Los ti je link

 Ups...

 

 

"Process explorer will show you individual memory usage within svchost.

Make sure to run the Process Explorer as administrator, click on the svchost you want to inspect, click the View DLLs button (or CTRL+D). Right click the headers in the DLLs window, Select Columns..., then check WS Total Bytes, and hit OK.

Now you can view and sort on the memory usage of individual services (implemented by dlls) within the svchost."

Some people are so poor... all they have is money!
Poruka je uređivana zadnji put uto 3.2.2015 22:37 (andi.cro).
Moj PC  
trajni link nadporuka
0 0 hvala 1
prethodna
1
2
3
Nova poruka
Pronađi
Prijava korisnika
E-mail:
Lozinka:
 
Aktivne teme
vrh stranice
Copyright © 2008 - 2025 Bug d.o.o. sva prava pridržana.