Author

Topic: trojan extortioner (Read 443 times)

full member
Activity: 161
Merit: 100
May 13, 2017, 04:55:35 AM
#8
So I strongly doubt, that this is due to torrents.
I just explained the reason to you. Read my post:
Well, I replied another person
I did everything, that me advised on antivirus forums
I blocked ports 445, 135, 155 and installed updates MS17-010 from Microsoft
legendary
Activity: 2674
Merit: 2965
Terminated.
May 13, 2017, 04:43:46 AM
#7
So I strongly doubt, that this is due to torrents.
I just explained the reason to you. Read my post:

There is an exploit that was discovered and used by the NSA, which can infiltrate Windows systems via SMB: https://en.wikipedia.org/wiki/Server_Message_Block.
It affects most if not all versions of Windows. You don't need to download anything to get infected. Read more about said tools: https://wikileaks.org/ciav7p1/
full member
Activity: 161
Merit: 100
May 13, 2017, 04:42:06 AM
#6
Sir I think you got this malware on downloading torrent files? Did you download the movies in the piratebay.org?
No, I download torrent from Russian site.
I download more than a month from there and there were no problems
So I strongly doubt, that this is due to torrents.
legendary
Activity: 2674
Merit: 2965
Terminated.
May 13, 2017, 04:38:02 AM
#5
Sir I think you got this malware on downloading torrent files? Did you download the movies in the piratebay.org? If yes.. Then the malware really came from there.
No. You do not need to download anything to get this ransomware. There is an exploit that was discovered and used by the NSA, which can infiltrate Windows systems via SMB: https://en.wikipedia.org/wiki/Server_Message_Block.

I have experience twice downloading malware but not that strong.
malware is the general term and not specific enough for this.

The malware that I downloaded automatically installs Pop-up Advertisement even if your not using Internet browser, the  Pop-Up ads shows every 3 minutes.
That is adware.

I use Antivirus but still not working. So the only thing that I can do is to format my Desktop. I'm Glad that our country is not affected by that malware.
It looks like you are not experienced with IT and shouldn't post about this at all (hence:"Stop shit posting and do research first.").

Well, it's not only  UK
On the Russian-speaking kaspersky forum, I see messages from kazakhstan, Uzbekistan, Russia, and Ukraine.

According to data malwaretech, more than 110,000 computers worldwide are already infected.

detail: https://intel.malwaretech.com/botnet/wcrypt
I did not say that it was limited to the UK, I just linked one of the first and major articles about it. It looks like someone has managed to shut it down (or at least that's what some sources claim) by registering a domain which is actually a kill-switch built into the ransomware.
sr. member
Activity: 1162
Merit: 268
50% bonus on your First Topup
May 13, 2017, 04:29:31 AM
#4
full member
Activity: 161
Merit: 100
May 13, 2017, 04:12:00 AM
#3
This is ransomware, and you're not the only one who is infected by it:
http://hexus.net/tech/news/software/105655-ransomware-wanna-decryptor-causing-it-failures-across-nhs/

This just shows how bad the IT departments in the UK hospitals truly are.

Well, it's not only  UK
On the Russian-speaking kaspersky forum, I see messages from kazakhstan, Uzbekistan, Russia, and Ukraine.

According to data malwaretech, more than 110,000 computers worldwide are already infected.

detail: https://intel.malwaretech.com/botnet/wcrypt
legendary
Activity: 2674
Merit: 2965
Terminated.
May 12, 2017, 12:47:37 PM
#2
This is ransomware, and you're not the only one who is infected by it:
http://hexus.net/tech/news/software/105655-ransomware-wanna-decryptor-causing-it-failures-across-nhs/

This just shows how bad the IT departments in the UK hospitals truly are.
full member
Activity: 161
Merit: 100
May 12, 2017, 10:09:49 AM
#1
Today I got a trojan extortioner.
In the last two days I did not download, except movies on torrent and visited only to Poloniex and Bittrex.
I still do not understand, where the trojan came from.

Quickly worked my antivirus so it encoded about 20 files. So I was lucky.




It creates files in folder programdata and windows, including the .bat files






Here are the logs of NOD32
Code:
Bpeмя;Moдyль cкaниpoвaния;Tип oбъeктa;Oбъeкт;Bиpyc;Дeйcтвиe;Пoльзoвaтeль;Инфopмaция;Xэш;Пepвoe пoявлeниe здecь
12.05.2017 14:29:33;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(1956);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;D72F5B1B9684E1DE35C671910DF164DDECC3BE66;
12.05.2017 12:15:24;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(3624);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;FCBDE78741A8A55DA4C1AB279887E98A46D4FE33;
12.05.2017 12:14:22;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(3948);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;FF64313EF369D2E81837EEB54A18B27B6BC63E1E;
12.05.2017 12:13:20;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(5428);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;6DD3354CFA6CED93A1544DEDF5C52951A8B31D92;
12.05.2017 12:10:26;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(2500);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;122BD50502CD707B683BEF8D742CE863AF08432A;
12.05.2017 12:09:05;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(5572);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;450931A52738DA2210674B2B8E4F78AE51894754;
12.05.2017 12:08:02;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(4336);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;26BE43C87812A4B3DF29814C1950A060BBF37150;
12.05.2017 12:04:26;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(5872);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;B8E084A37CF2CA98D6F8B049DF8F4EF5FCD78B0B;
12.05.2017 12:03:26;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(3608);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;ADEADEAF183260627DAF0FD95C985C8E529E0F43;
12.05.2017 12:03:23;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(5768);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;D3C70F6C89E9018ED53BEC5508AFBD19CE051A74;
12.05.2017 12:02:29;Moдyль cкaниpoвaния пo тpeбoвaнию;фaйл;Oпepaтивнaя пaмять = tasksche.exe(4256);мoдифициpoвaнный Win32/Filecoder.WannaCryptor.C тpoянcкaя пpoгpaммa;oчищeн - coдepжит зapaжeнныe фaйлы;;;9636F73AFFA900B001E291E0BD63B4BE4F1216DA;
So be careful
Jump to: