Jump to content

Ransomware problem


Moontanman

Recommended Posts

I am having a problem with ransomware, it doesn't lock up my computer every time I log in, in fact it only affects my wife when she logs in and only every few day. I have to go task manager and stop the computer but it goes away for a while before coming back. I have the web address of the ransomware. So far McAfee has been unable to find it or malwarebytes or spy bot search and destroy. Any chance you guys can help? 

Link to comment
Share on other sites

32 minutes ago, Moontanman said:

I am having a problem with ransomware, it doesn't lock up my computer every time I log in, in fact it only affects my wife when she logs in and only every few day. I have to go task manager and stop the computer but it goes away for a while before coming back. I have the web address of the ransomware. So far McAfee has been unable to find it or malwarebytes or spy bot search and destroy. Any chance you guys can help? 

Get personal firewall, check in logs, what is true IP of website with given name, and then add to blocked by firewall.

Alternatively if virus is asking for website by domain name, you can always replace local DNS in e.g. c:\WINDOWS\system32\drivers\etc\hosts

e.g. if you will place there line:

127.0.0.1 www.google.com

you should block Google to show up in your web browsers..

This way you should be able to prevent anything which is looking up true IP address by name (gethostbyname() in BSD socket library), by giving incorrect result. If virus is prepared for it, it will detect such thing, it'll try different domain name or/and will try by direct IP address.

 

Modern antivirus apps, are for idiots, which means its client does not have to have any knowledge about subject and still have to use it, which means client has no idea what he/she is doing and/or relying completely on authors of the app..

 

 

Edited by Sensei
Link to comment
Share on other sites

15 minutes ago, Sensei said:

Get personal firewall, check in logs, what is true IP of website with given name, and then add to blocked by firewall.

Alternatively if virus is asking for website by domain name, you can always replace local DNS in e.g. c:\WINDOWS\system32\drivers\etc\hosts

e.g. if you will place there line:

127.0.0.1 www.google.com

you should block Google to show up in your web browsers..

This way you should be able to prevent anything which is looking up true IP address by name (gethostbyname() in BSD socket library), by giving incorrect result. If virus is prepared for it, it will detect such thing, it'll try different domain name or/and will try by direct IP address.

 

Modern antivirus apps, are for idiots, which means its client does not have to have any knowledge about subject and still have to use it, which means client has no idea what he/she is doing and/or relying completely on authors of the app..

 

 

That includes 99+% of users, so what you say is about as much use as a chocolate fireguard.

Moon. save your stuff then reinstall your computer. It's the only way to have peace of mind and W10 makes it a lot easier now. It will save your stuff but it's best to do a separate save as well in casesomething goes wrong.

Link to comment
Share on other sites

I approve this message. Backing up data, and complete reinstall of operating system, is the wisest move (and the less bothering for you, as you won't have to become programmer-internet-hacker-guru in the mean time..).

(I would even urge to use full format on independent OS, to really flush everything which might appear in your boot sectors etc.)

 

20 minutes ago, StringJunky said:

That includes 99+% of users, so what you say is about as much use as a chocolate fireguard.

99+% people have no idea what do and how to use firewalls and antivirus..

Moontanman said "my antivirus etc. doesn't work.. what to do else?".. I just said to intercept and block inappropriate IP address(es)..

 

 

Edited by Sensei
Link to comment
Share on other sites

20 minutes ago, Sensei said:

I approve this message. Backing up data, and complete reinstall of operating system, is the wisest move (and the less bothering for you, as you won't have to become programmer-internet-hacker-guru in the mean time..).

(I would even urge to use full format on independent OS, to really flush everything which might appear in your boot sectors etc.)

 

99+% people have no idea what do and how to use firewalls and antivirus..

Moontanman said "my antivirus etc. doesn't work.. what to do else?".. I just said to intercept and block inappropriate IP address(es)..

 

 

At least we agree on the right course of action for him. I was taking exception to you calling computer-naive people 'idiots' when i wrote that.

Moon: to reset your pc, type 'reset' in the search box in the taskbar of of your pc. Click on the magnifying glass then type 'reset'. click on the 'Reset your pc' link then click on 'Get Started'. You will have the option to save your stuff. After it's done there will be updates to do but Windows should handle them.

Edited by StringJunky
Link to comment
Share on other sites

1 hour ago, StringJunky said:

I don't think it's ransomware, as it encrypts your PC. I would go to Bleeping Computer Here for assistance.

Yup, Combofix is terrific. I run it routinely (every few months) just to be sure something isn't lurking in the background.

No installation necessary, just run it and let it do it's thing. It posts a report at the end.

Link to comment
Share on other sites

1 hour ago, StringJunky said:

At least we agree on the right course of action for him. I was taking exception to you calling computer-naive people 'idiots' when i wrote that.

From definition of the word e.g. https://www.merriam-webster.com/dictionary/idiot

"Idiot Has Greek Roots

The Greek adjective idios means “one’s own” or “private.” The derivative noun idiōtēs means “private person.” A Greek idiōtēs was a person who was not in the public eye, who held no public office. From this came the sense “common man,” and later “ignorant person”—a natural extension, for the common people of ancient Greece were not, in general, particularly learned. The English idiot originally meant “ignorant person,” but the more usual reference now is to a person who lacks basic intelligence or common sense rather than education."

I always used it as alternative to "ignorant person"..

Programmers often (must!) use "idiot-proof" concept in designing software. Which means it should be resistant to any unexpected values entered, unexpected user movements in advance.. e.g. entering negative value when the only positive values are expected, entering value out-of-range, and so on, so on..

Somebody called 'ignorant' in some area of science, should learn, to fill gap in his/her knowledge, instead of (foolishly) feeling insulted (it's not constructive!)..

I was not calling Moontanman idiot. I said that currently produced antiviruses are for idiots. By which I meant that they don't allow user detailful (detail+full = precise) configuration, and you have to entirely rely on application authors. In the past antivirus and firewalls were much more detailful. Producers removed many options later, as there would be thousands of them, and now they're practically useless for professionals instead... So, I have no antivirus nor firewall at the moment, as none currently existing meets my expectations.. The most liked by me firewall doesn't run on my current operating system. I will have to write my own firewall instead.. WTF!

I hope so Moontanman will solve his and wife problems. Maybe they should seek for help on-line? Somebody more experienced who can remotely admin log-in to their computers, and take control of their machines, for a while, to clean up the all things.. (that requires extraordinary amount of trust!)

 

Edited by Sensei
Link to comment
Share on other sites

Years ago a friend had similar problems with an old laptop on Windows XP. The virus didn't encrypt anything but just displayed an impressive screen (all of the Australian state police badges and the Federal police) and totally blocked access to any programs after logging in.

As the laptop was so slow I repeatedly pressed CTRL+C while logging in (straight after typing my password).

When the message came up I quickly started up Task Manager (that's one of the options CTRL+C gives you) and stopped the process with the highest CPU usage at that time.

I must have picked the right one because Windows Defender popped up straight away and asked if I would like to remove the virus.

Hope that helps.

Edited by LaurieAG
typo
Link to comment
Share on other sites

12 hours ago, StringJunky said:

I don't think it's ransomware, as it encrypts your PC. I would go to Bleeping Computer Here for assistance.

 

12 hours ago, Sensei said:

Get personal firewall, check in logs, what is true IP of website with given name, and then add to blocked by firewall.

Alternatively if virus is asking for website by domain name, you can always replace local DNS in e.g. c:\WINDOWS\system32\drivers\etc\hosts

e.g. if you will place there line:

127.0.0.1 www.google.com

you should block Google to show up in your web browsers..

This way you should be able to prevent anything which is looking up true IP address by name (gethostbyname() in BSD socket library), by giving incorrect result. If virus is prepared for it, it will detect such thing, it'll try different domain name or/and will try by direct IP address.

 

Modern antivirus apps, are for idiots, which means its client does not have to have any knowledge about subject and still have to use it, which means client has no idea what he/she is doing and/or relying completely on authors of the app..

 

 

 

11 hours ago, rangerx said:

Yup, Combofix is terrific. I run it routinely (every few months) just to be sure something isn't lurking in the background.

No installation necessary, just run it and let it do it's thing. It posts a report at the end.

 

8 hours ago, MigL said:

Maybe before you do the OS re-install, you might try cleaning out cookies, trackers, etc.
Ccleaner does a decent job, and is free ( also cleans the registry ).

 

4 hours ago, LaurieAG said:

Years ago a friend had similar problems with an old laptop on Windows XP. The virus didn't encrypt anything but just displayed an impressive screen (all of the Australian state police badges and the Federal police) and totally blocked access to any programs after logging in.

As the laptop was so slow I repeatedly pressed CTRL+C while logging in (straight after typing my password).

When the message came up I quickly started up Task Manager (that's one of the options CTRL+C gives you) and stopped the process with the highest CPU usage at that time.

I must have picked the right one because Windows Defender popped up straight away and asked if I would like to remove the virus.

Hope that helps.

Thank you guys! It would seem this is some kind of ad to get you to down load more virus program gone wild! It is supposed to dupe you into buying the anti virus program. It doesn't do anything but bother people. 

It really pissed me off when I saw it was only showing up on my wife when she logged in. 

Link to comment
Share on other sites

Like, #String Junky, I'm not convinced it's encryption type ransomware.

Can you post a screenshot?

Have you found any documents now unavailable or gobbdegook?
If you look at the files in 'explorer' is there a proliferation of shortcuts?

If not then it is probably an old fashioned fake anti virus which can be salvaged without reinstallation.

This type of nusiance often acts as a gateway for spyware (e.g. Babylon) which follows shoppers around the net and therefore often targets women.
This type does not want to lock your computer, it want to sell your shopping and browsing habits to others, and although it seems clean on your own account, can monitor all accounts on the computer.

So, following cleaning, a search and destroy also need to be made for this rubbish.

Edited by studiot
Link to comment
Share on other sites

10 hours ago, MigL said:

Maybe before you do the OS re-install, you might try cleaning out cookies, trackers, etc.
Ccleaner does a decent job, and is free ( also cleans the registry ).

A bit careful about that. CCleaner had been compromised and replaced with a malicious version last year. Not sure whether it is still floating around.

Link to comment
Share on other sites

2 hours ago, Moontanman said:

 

 

 

 

Thank you guys! It would seem this is some kind of ad to get you to down load more virus program gone wild! It is supposed to dupe you into buying the anti virus program. It doesn't do anything but bother people. 

It really pissed me off when I saw it was only showing up on my wife when she logged in. 

Try adwcleaner. It's for getting rid of adware. Run it then follow the prompts then restart. It will give you a log after. Do it in your wife's account. https://www.malwarebytes.com/adwcleaner/

Link to comment
Share on other sites

2 hours ago, iNow said:

Rub some dirt on it

 

24 minutes ago, Moontanman said:

I will cut a roosters throat during the waning of the moon spread one half the blood over my monitor and have my wife drink what is left...

 

I am going to pursue this until it's gone thanks for all the iceas... 

Look Moon, that is some seriously bad advice you have been getting. A) Dirt does not help. The silica inside has to be blessed properly before you rub it in. If you already did that, I suggest powerwashing first and then try again.

So, the chicken approach is fairly common, so I get why you would want to try that. However, for PC purposes, you really want a Santeria ritual and offer up the blood to an orisha. However, if you really insist you could try possession by Maman Brigitte. Just remember to use a black rooster and have plenty of alcohol around and chili. Perhaps also bandages.

Link to comment
Share on other sites

18 minutes ago, Moontanman said:

I will cut a roosters throat during the waning of the moon spread one half the blood over my monitor and have my wife drink what is left...

That's for erasing your browsing history. You want the one with the mandrake, the pruning shears, and the photo of Lorena Bobbitt.

Link to comment
Share on other sites

41 minutes ago, Moontanman said:

I will cut a roosters throat during the waning of the moon spread one half the blood over my monitor and have my wife drink what is left...

 

I am going to pursue this until it's gone thanks for all the iceas... 

One other thing you can check is what she has starting up. Right-click taskbar > Click Task Manager > Select Startup Tab > Disable everything except Windows Defender > Restart.  This doesn't disable programs, it just prevents them from starting. 

 

tskmgr.PNG

Edited by StringJunky
Link to comment
Share on other sites

2 hours ago, CharonY said:

Dirt does not help. The silica inside has to be blessed properly before you rub it in. If you already did that, I suggest powerwashing first and then try again

I recommend healing crystals, and only perform the ceremony under Mercury rising and Jupiter in the 4th moon. Aquarius is showing signs of help, too.

Link to comment
Share on other sites

2 hours ago, iNow said:

and Jupiter in the 4th moon.

*Cough* I am pretty sure you mean 4th house, otherwise that would just be gibberish.

 

2 hours ago, MigL said:

I thought you said 'poster'.

Wat? Why would you invoke Chaac with a human sacrifice? It is not the PSU that is broken, is it?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.