It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
My files have been taken hostage...they want a ransom paid.
page: 2share:
how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.
it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.
reply to post by bellagirl
Ah, ransomware...
I caught one off of a game trainer once - my fault for downloading from an untrusted site and bypassing the AV alert, of course. (game trainers almost always set off AV, since they're designed to modify another program) It was really easy to get rid of, though. Restart in safe mode, sort everything by date modified, look for recent files you don't recognize and delete them. I realize that's easier said than done if you're not already familiar with what should be there, but the date should narrow it down a lot and you apparently have other means of internet access, so can look up any suspicious files. Hope that helps!
Ah, ransomware...
I caught one off of a game trainer once - my fault for downloading from an untrusted site and bypassing the AV alert, of course. (game trainers almost always set off AV, since they're designed to modify another program) It was really easy to get rid of, though. Restart in safe mode, sort everything by date modified, look for recent files you don't recognize and delete them. I realize that's easier said than done if you're not already familiar with what should be there, but the date should narrow it down a lot and you apparently have other means of internet access, so can look up any suspicious files. Hope that helps!
edit on 4/13/2014 by CretumOrbis because: bbcode
I have gone into "safemode" and deleted a suspect folder on the regedit ... sart/run/regedit/hkey current user/software/Microsoft/windows/current version/run/ and then delete the suspect file. that did nothing.
Uh, missed that part... Did you check just the registry or the entire file structure too?
CretumOrbis
reply to post by bellagirl
Ah, ransomware...
I caught one off of a game trainer once - my fault for downloading from an untrusted site and bypassing the AV alert, of course. (game trainers almost always set off AV, since they're designed to modify another program) It was really easy to get rid of, though. Restart in safe mode, sort everything by date modified, look for recent files you don't recognize and delete them. I realize that's easier said than done if you're not already familiar with what should be there, but the date should narrow it down a lot and you apparently have other means of internet access, so can look up any suspicious files. Hope that helps!edit on 4/13/2014 by CretumOrbis because: bbcode
thank you so much for trying to help.
I understand what you are saying...but this is the problem. that worked up until about a week ago. what people are not understanding is that this is a CURRENT EVENT. that's why I posted it in CURRENT EVENTS and not the computer forum. unfortunately many are not going to be warned as they have now moved this post from its original position.
as of a week ago this went from being a bad case of the flu to the black plague. you have no idea the amount of experts who are at a loss with what to do. I don't claim to know what I am doing...I don't really. I know a little but I have professional help. what I am trying to say is that I am one of the FIRST to get this bloody new thing. you wait for a couple of weeks....it will be rampant.
Rikku
how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.
it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.
lol...I must post the link for you to read the forum that is dealing with this. its full of people like you that are now eating humble pie. people who thought they knew it all and were safe....but you know what thought thought, he thought he farted but he # himself.
my dear, if you get hit with this and I don't wish it upon you, trust me....it will wipe that smile of your avatar face!
edit on 13-4-2014 by
bellagirl because: (no reason given)
reply to post by bellagirl
Hiya, off that information it looks like you could have a way out.
Bleepingcomputer - CryptorBit and HowDecryptorbit
Be careful which files you choose to recover. I'd still consider a DBAN and clean install if it works.
Hiya, off that information it looks like you could have a way out.
Bleepingcomputer - CryptorBit and HowDecryptorbit
How to fix files encrypted by CryptorBit using DecrypterFixer's Tools Nathan Scott, aka DecrypterFixer, has developed tools that can fix various types of files that have been encrypted by CryptorBit. Currently his tools can recover corrupted PST, JPG, PDF, MP3, DOC, and XLS files. In order to use his tool you must have Microsoft Net Framework 4.0 or higher installed on your computer. If you using Windows XP, you will need to have service pack 3 installed before you can install Net 4.0. If you find that his tools have helped you recover your files, please feel free to send him a tip using one of the methods below:
Be careful which files you choose to recover. I'd still consider a DBAN and clean install if it works.
Kandinsky
reply to post by bellagirl
Hiya, off that information it looks like you could have a way out.
Bleepingcomputer - CryptorBit and HowDecryptorbit
How to fix files encrypted by CryptorBit using DecrypterFixer's Tools Nathan Scott, aka DecrypterFixer, has developed tools that can fix various types of files that have been encrypted by CryptorBit. Currently his tools can recover corrupted PST, JPG, PDF, MP3, DOC, and XLS files. In order to use his tool you must have Microsoft Net Framework 4.0 or higher installed on your computer. If you using Windows XP, you will need to have service pack 3 installed before you can install Net 4.0. If you find that his tools have helped you recover your files, please feel free to send him a tip using one of the methods below:
Be careful which files you choose to recover. I'd still consider a DBAN and clean install if it works.
I thank you so much for trying to help. bleepingcomputer seems to be the leader on this. you may remember in an earlier reply I explained that yes there was a possible fix, but that door has now been slammed shut. for anyone infected in the last week...there is no solution.
reply to post by Mr Mask
I dunno why people think Mac's are invulnerable to hackers. The main reason why hackers don't target Mac users is because they are the minority compared to PC users, so if I were you I wouldn't suggest to anyone to switch over because you don't want your Mac numbers rising, do you?
I dunno why people think Mac's are invulnerable to hackers. The main reason why hackers don't target Mac users is because they are the minority compared to PC users, so if I were you I wouldn't suggest to anyone to switch over because you don't want your Mac numbers rising, do you?
reply to post by Kandinsky
experts from that site have been on top of this right from the start and its the original place that the first fix came from. there is a large thread there that makes for interesting reading.
I am from a medical background so the best I can describe is they are currently trying to pull the DNA apart to see if that offers a cure.
we think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.
experts from that site have been on top of this right from the start and its the original place that the first fix came from. there is a large thread there that makes for interesting reading.
I am from a medical background so the best I can describe is they are currently trying to pull the DNA apart to see if that offers a cure.
we think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.
reply to post by bellagirl
Sigh...
Maybe it's better to give up the ghost and wipe that drive. I've lost a couple of HDs in the past couple of years and it's a series of 'Oh man!' moments when you remember that mp3 album, photo or bookmark that's gone for good. It's also a learning curve in realising that most of the crap we store away just doesn't matter at all when it's gone.
Glass half full is the best way to look at it
Sigh...
Maybe it's better to give up the ghost and wipe that drive. I've lost a couple of HDs in the past couple of years and it's a series of 'Oh man!' moments when you remember that mp3 album, photo or bookmark that's gone for good. It's also a learning curve in realising that most of the crap we store away just doesn't matter at all when it's gone.
Glass half full is the best way to look at it
Rikku
how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security.
it doesnt sount like he's very good.
as for how wrong i am, my pc works , yours doesnt.
oh my god. I cant thank you enough.
after reading your post which was nothing but a cowards punch...I looked up from the computer to contemplate my response. and guess what I saw.....I saw the digital photo frame that my son bought me for Christmas. plugged into that is a beautiful USB that has a copy of every single photo from my files. and that my friend is the only thing I was worried about...losing my photos.
so intead of the slap I felt that I got from you, I now feel as though you gave me a hug.
ISNT LIFE GRAND
bellagirlwe think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.
How does your son feel about that? That's not generally how this malware is spread. There are variants now that can spread on their own but the most likely way to catch this bug is for someone to click on an executable file (.exe) while logged into the PC on an account that has administrative privileges, in other words who ever checks their email on that PC most likely infected the machine.
Kandinsky
reply to post by bellagirl
Sigh...
Maybe it's better to give up the ghost and wipe that drive. I've lost a couple of HDs in the past couple of years and it's a series of 'Oh man!' moments when you remember that mp3 album, photo or bookmark that's gone for good. It's also a learning curve in realising that most of the crap we store away just doesn't matter at all when it's gone.
Glass half full is the best way to look at it
If you read my last post, you will see I am feeling a little more chipper than what I was.
I am extremely lucky that its a personal laptop that I mainly go on social media and ats. any work stuff is all on a usb. looks like the only damage I will have is a few letters of correspondence, the majority of documents I have printed out anyway.
the main reason for my starting a thread was to warn others. and after the replies it does seem indeed that I am the "captain Phillips" of ATS. I put the thread in the "current events" thread as I thought it would get the message out better than the "computer help" thread...which I didn't even know existed and I have been on here for years. unfortunately it has been moved but I dare say over the next few weeks you will be seeing a lot more about this.
at least I can still use the laptop and in fact that's what I am on now. it seems that the intention is not to destroy your computer...you can still go on the internet etc. in fact I have had messages over the weekend from people who have paid and they have been given the key to unlock the encryption.
Goteborg
bellagirlwe think we have narrowed it down to the fact my son watched a popular movie called "the delivery man" staring vince Vaughan on a site that most teenagers think is safe.
How does your son feel about that? That's not generally how this malware is spread. There are variants now that can spread on their own but the most likely way to catch this bug is for someone to click on an executable file (.exe) while logged into the PC on an account that has administrative privileges, in other words who ever checks their email on that PC most likely infected the machine.
yep...you are right in what you say...up until about 2 weeks ago. with this you need to forget what previously has been the case with how the infection occurred and what it did. we are dealing with a whole new creature here my friend.
reply to post by bellagirl
what o/s was your laptop running at the time ? the only thing i can suggest is using a tdss killer from kasperky
Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.
it will clean up those good luck
what o/s was your laptop running at the time ? the only thing i can suggest is using a tdss killer from kasperky
Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.
it will clean up those good luck
reply to post by bellagirl
Getting hit with one of these things isn't fun, I've been there. I got hit with a worm back in the '90s and I felt violated, it was one of the reasons I ended up getting into IT. Part of my job is dealing with all kinds of cyber-nasties and yes, I have dealt with cryptolocker.
Some advice, take it or leave it. Instead of following forums on this topic and trying to lay blame for how it happened just call some computer shops in your area. Tell them what you know, not what you think you know. Make up your mind who you want to deal with and then take your computer to them and let a professional have direct access to your machine and deal with it. Make sure to keep the receipt and from then on, for the love of Pete, don't let anyone use the admin account unless it's absolutely necessary.
Getting hit with one of these things isn't fun, I've been there. I got hit with a worm back in the '90s and I felt violated, it was one of the reasons I ended up getting into IT. Part of my job is dealing with all kinds of cyber-nasties and yes, I have dealt with cryptolocker.
Some advice, take it or leave it. Instead of following forums on this topic and trying to lay blame for how it happened just call some computer shops in your area. Tell them what you know, not what you think you know. Make up your mind who you want to deal with and then take your computer to them and let a professional have direct access to your machine and deal with it. Make sure to keep the receipt and from then on, for the love of Pete, don't let anyone use the admin account unless it's absolutely necessary.
reply to post by Goteborg
thanks mate.
I am not trying to fix it myself....that would be way beyond me. I have spoken to someone and was told to wait a week to see if there is a fix that can recover the files.
the interesting this you mentioned was the thing about the admin. there is only 1 "user" on the laptop. so am I right in thinking that what I am on is always the admin account ???
thanks mate.
I am not trying to fix it myself....that would be way beyond me. I have spoken to someone and was told to wait a week to see if there is a fix that can recover the files.
the interesting this you mentioned was the thing about the admin. there is only 1 "user" on the laptop. so am I right in thinking that what I am on is always the admin account ???
Mr Mask
So far this virus is only affecting PCs with windows.
I suggest next computer you buy is a Mac. Or if you are tech savvy something running Linux.
Yes, this virus is being investigated by the FBI and has been ruining people's lives (like many viruses not hurting us Mac users).
MM
www.jsonline.com...edit on 13-4-2014 by Mr Mask because: (no reason given)
Yawn ...not true of course
FBI Ransomware Now Targeting Apple’s Mac OS X Users
there is someone en the comments section of that page who said its also infected their linux OS
edit on 13-4-2014 by PhoenixOD because: (no
reason given)
new topics
-
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 1 hours ago -
Bobiverse
Fantasy & Science Fiction: 3 hours ago -
Florida man's trip overseas ends in shock over $143,000 T-Mobile phone bill
Social Issues and Civil Unrest: 3 hours ago -
Former Labour minister Frank Field dies aged 81
People: 6 hours ago -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs: 7 hours ago -
This is our Story
General Entertainment: 10 hours ago
top topics
-
President BIDEN Vows to Make Americans Pay More Federal Taxes in 2025 - Political Suicide.
2024 Elections: 12 hours ago, 16 flags -
One Flame Throwing Robot Dog for Christmas Please!
Weaponry: 17 hours ago, 6 flags -
Florida man's trip overseas ends in shock over $143,000 T-Mobile phone bill
Social Issues and Civil Unrest: 3 hours ago, 6 flags -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs: 7 hours ago, 5 flags -
Don't take advantage of people just because it seems easy it will backfire
Rant: 17 hours ago, 4 flags -
Ditching physical money
History: 16 hours ago, 4 flags -
Former Labour minister Frank Field dies aged 81
People: 6 hours ago, 4 flags -
Bobiverse
Fantasy & Science Fiction: 3 hours ago, 3 flags -
This is our Story
General Entertainment: 10 hours ago, 3 flags -
Ode to Artemis
General Chit Chat: 13 hours ago, 3 flags
active topics
-
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 644 • : cherokeetroy -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 8 • : Astyanax -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 51 • : Ophiuchus1 -
The Reality of the Laser
Military Projects • 40 • : Zaphod58 -
President BIDEN Vows to Make Americans Pay More Federal Taxes in 2025 - Political Suicide.
2024 Elections • 67 • : UnderAether -
Windows tracking links to WEF and more:
New World Order • 21 • : milaganenogan -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 29 • : SchrodingersRat -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 274 • : YourFaceAgain -
Manly P. Hall says Freemasonry is a religion?
Secret Societies • 21 • : SchrodingersRat -
Florida man's trip overseas ends in shock over $143,000 T-Mobile phone bill
Social Issues and Civil Unrest • 4 • : VariedcodeSole