It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

My files have been taken hostage...they want a ransom paid.

page: 2
12
<< 1    3 >>

log in

join
share:

posted on Apr, 13 2014 @ 04:38 PM
link   


how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.

it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.



posted on Apr, 13 2014 @ 04:43 PM
link   
reply to post by Mr Mask
 


Haven't Linux servers been compromised by the Heartbleed bug?



posted on Apr, 13 2014 @ 04:48 PM
link   
reply to post by bellagirl
 


Ah, ransomware...

I caught one off of a game trainer once - my fault for downloading from an untrusted site and bypassing the AV alert, of course. (game trainers almost always set off AV, since they're designed to modify another program) It was really easy to get rid of, though. Restart in safe mode, sort everything by date modified, look for recent files you don't recognize and delete them. I realize that's easier said than done if you're not already familiar with what should be there, but the date should narrow it down a lot and you apparently have other means of internet access, so can look up any suspicious files. Hope that helps!
edit on 4/13/2014 by CretumOrbis because: bbcode



posted on Apr, 13 2014 @ 04:54 PM
link   

I have gone into "safemode" and deleted a suspect folder on the regedit ... sart/run/regedit/hkey current user/software/Microsoft/windows/current version/run/ and then delete the suspect file. that did nothing.


Uh, missed that part... Did you check just the registry or the entire file structure too?



posted on Apr, 13 2014 @ 05:04 PM
link   

CretumOrbis
reply to post by bellagirl
 


Ah, ransomware...

I caught one off of a game trainer once - my fault for downloading from an untrusted site and bypassing the AV alert, of course. (game trainers almost always set off AV, since they're designed to modify another program) It was really easy to get rid of, though. Restart in safe mode, sort everything by date modified, look for recent files you don't recognize and delete them. I realize that's easier said than done if you're not already familiar with what should be there, but the date should narrow it down a lot and you apparently have other means of internet access, so can look up any suspicious files. Hope that helps!
edit on 4/13/2014 by CretumOrbis because: bbcode



thank you so much for trying to help.

I understand what you are saying...but this is the problem. that worked up until about a week ago. what people are not understanding is that this is a CURRENT EVENT. that's why I posted it in CURRENT EVENTS and not the computer forum. unfortunately many are not going to be warned as they have now moved this post from its original position.

as of a week ago this went from being a bad case of the flu to the black plague. you have no idea the amount of experts who are at a loss with what to do. I don't claim to know what I am doing...I don't really. I know a little but I have professional help. what I am trying to say is that I am one of the FIRST to get this bloody new thing. you wait for a couple of weeks....it will be rampant.



posted on Apr, 13 2014 @ 05:07 PM
link   

Rikku



how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.

it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.



lol...I must post the link for you to read the forum that is dealing with this. its full of people like you that are now eating humble pie. people who thought they knew it all and were safe....but you know what thought thought, he thought he farted but he # himself.

my dear, if you get hit with this and I don't wish it upon you, trust me....it will wipe that smile of your avatar face!
edit on 13-4-2014 by bellagirl because: (no reason given)



posted on Apr, 13 2014 @ 05:09 PM
link   
reply to post by bellagirl
 

Hiya, off that information it looks like you could have a way out.

Bleepingcomputer - CryptorBit and HowDecryptorbit


How to fix files encrypted by CryptorBit using DecrypterFixer's Tools Nathan Scott, aka DecrypterFixer, has developed tools that can fix various types of files that have been encrypted by CryptorBit. Currently his tools can recover corrupted PST, JPG, PDF, MP3, DOC, and XLS files. In order to use his tool you must have Microsoft Net Framework 4.0 or higher installed on your computer. If you using Windows XP, you will need to have service pack 3 installed before you can install Net 4.0. If you find that his tools have helped you recover your files, please feel free to send him a tip using one of the methods below:


Be careful which files you choose to recover. I'd still consider a DBAN and clean install if it works.



posted on Apr, 13 2014 @ 05:14 PM
link   

Kandinsky
reply to post by bellagirl
 

Hiya, off that information it looks like you could have a way out.

Bleepingcomputer - CryptorBit and HowDecryptorbit


How to fix files encrypted by CryptorBit using DecrypterFixer's Tools Nathan Scott, aka DecrypterFixer, has developed tools that can fix various types of files that have been encrypted by CryptorBit. Currently his tools can recover corrupted PST, JPG, PDF, MP3, DOC, and XLS files. In order to use his tool you must have Microsoft Net Framework 4.0 or higher installed on your computer. If you using Windows XP, you will need to have service pack 3 installed before you can install Net 4.0. If you find that his tools have helped you recover your files, please feel free to send him a tip using one of the methods below:


Be careful which files you choose to recover. I'd still consider a DBAN and clean install if it works.




I thank you so much for trying to help. bleepingcomputer seems to be the leader on this. you may remember in an earlier reply I explained that yes there was a possible fix, but that door has now been slammed shut. for anyone infected in the last week...there is no solution.



posted on Apr, 13 2014 @ 05:21 PM
link   
reply to post by Mr Mask
 


I dunno why people think Mac's are invulnerable to hackers. The main reason why hackers don't target Mac users is because they are the minority compared to PC users, so if I were you I wouldn't suggest to anyone to switch over because you don't want your Mac numbers rising, do you?



posted on Apr, 13 2014 @ 05:23 PM
link   
reply to post by Kandinsky
 


experts from that site have been on top of this right from the start and its the original place that the first fix came from. there is a large thread there that makes for interesting reading.

I am from a medical background so the best I can describe is they are currently trying to pull the DNA apart to see if that offers a cure.

we think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.



posted on Apr, 13 2014 @ 05:29 PM
link   
reply to post by bellagirl
 

Sigh...

Maybe it's better to give up the ghost and wipe that drive. I've lost a couple of HDs in the past couple of years and it's a series of 'Oh man!' moments when you remember that mp3 album, photo or bookmark that's gone for good. It's also a learning curve in realising that most of the crap we store away just doesn't matter at all when it's gone.

Glass half full is the best way to look at it



posted on Apr, 13 2014 @ 05:34 PM
link   

Rikku



how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.

it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.



oh my god. I cant thank you enough.

after reading your post which was nothing but a cowards punch...I looked up from the computer to contemplate my response. and guess what I saw.....I saw the digital photo frame that my son bought me for Christmas. plugged into that is a beautiful USB that has a copy of every single photo from my files. and that my friend is the only thing I was worried about...losing my photos.

so intead of the slap I felt that I got from you, I now feel as though you gave me a hug.

ISNT LIFE GRAND



posted on Apr, 13 2014 @ 05:37 PM
link   

bellagirlwe think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.


How does your son feel about that? That's not generally how this malware is spread. There are variants now that can spread on their own but the most likely way to catch this bug is for someone to click on an executable file (.exe) while logged into the PC on an account that has administrative privileges, in other words who ever checks their email on that PC most likely infected the machine.



posted on Apr, 13 2014 @ 05:49 PM
link   

Kandinsky
reply to post by bellagirl
 

Sigh...

Maybe it's better to give up the ghost and wipe that drive. I've lost a couple of HDs in the past couple of years and it's a series of 'Oh man!' moments when you remember that mp3 album, photo or bookmark that's gone for good. It's also a learning curve in realising that most of the crap we store away just doesn't matter at all when it's gone.

Glass half full is the best way to look at it





If you read my last post, you will see I am feeling a little more chipper than what I was.

I am extremely lucky that its a personal laptop that I mainly go on social media and ats. any work stuff is all on a usb. looks like the only damage I will have is a few letters of correspondence, the majority of documents I have printed out anyway.

the main reason for my starting a thread was to warn others. and after the replies it does seem indeed that I am the "captain Phillips" of ATS. I put the thread in the "current events" thread as I thought it would get the message out better than the "computer help" thread...which I didn't even know existed and I have been on here for years. unfortunately it has been moved but I dare say over the next few weeks you will be seeing a lot more about this.

at least I can still use the laptop and in fact that's what I am on now. it seems that the intention is not to destroy your computer...you can still go on the internet etc. in fact I have had messages over the weekend from people who have paid and they have been given the key to unlock the encryption.



posted on Apr, 13 2014 @ 05:52 PM
link   

Goteborg

bellagirlwe think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.


How does your son feel about that? That's not generally how this malware is spread. There are variants now that can spread on their own but the most likely way to catch this bug is for someone to click on an executable file (.exe) while logged into the PC on an account that has administrative privileges, in other words who ever checks their email on that PC most likely infected the machine.



yep...you are right in what you say...up until about 2 weeks ago. with this you need to forget what previously has been the case with how the infection occurred and what it did. we are dealing with a whole new creature here my friend.



posted on Apr, 13 2014 @ 05:54 PM
link   
reply to post by bellagirl
 


what o/s was your laptop running at the time ? the only thing i can suggest is using a tdss killer from kasperky

Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.


it will clean up those good luck



posted on Apr, 13 2014 @ 05:57 PM
link   

edit on 13-4-2014 by Rikku because: (no reason given)



posted on Apr, 13 2014 @ 06:38 PM
link   
reply to post by bellagirl
 


Getting hit with one of these things isn't fun, I've been there. I got hit with a worm back in the '90s and I felt violated, it was one of the reasons I ended up getting into IT. Part of my job is dealing with all kinds of cyber-nasties and yes, I have dealt with cryptolocker.

Some advice, take it or leave it. Instead of following forums on this topic and trying to lay blame for how it happened just call some computer shops in your area. Tell them what you know, not what you think you know. Make up your mind who you want to deal with and then take your computer to them and let a professional have direct access to your machine and deal with it. Make sure to keep the receipt and from then on, for the love of Pete, don't let anyone use the admin account unless it's absolutely necessary.



posted on Apr, 13 2014 @ 08:00 PM
link   
reply to post by Goteborg
 


thanks mate.

I am not trying to fix it myself....that would be way beyond me. I have spoken to someone and was told to wait a week to see if there is a fix that can recover the files.

the interesting this you mentioned was the thing about the admin. there is only 1 "user" on the laptop. so am I right in thinking that what I am on is always the admin account ???



posted on Apr, 13 2014 @ 08:07 PM
link   

Mr Mask
So far this virus is only affecting PCs with windows.

I suggest next computer you buy is a Mac. Or if you are tech savvy something running Linux.

Yes, this virus is being investigated by the FBI and has been ruining people's lives (like many viruses not hurting us Mac users).

MM

www.jsonline.com...
edit on 13-4-2014 by Mr Mask because: (no reason given)


Yawn ...not true of course

FBI Ransomware Now Targeting Apple’s Mac OS X Users

there is someone en the comments section of that page who said its also infected their linux OS
edit on 13-4-2014 by PhoenixOD because: (no reason given)




top topics



 
12
<< 1    3 >>

log in

join