Guru3D.com Forums

Go Back   Guru3D.com Forums > General > Operating Systems
Operating Systems Is Windows 8.1 giving you a hard time ? Wanna try out Windows 10 ?



Reply
 
Thread Tools Display Modes
This Ransomware Virus
Old
  (#1)
Rich_Guy
Ancient Guru
 
Rich_Guy's Avatar
 
Videocard: Sapphire Fury Tri-X OC x2
Processor: i7 5930K
Mainboard: ASUS X99-A
Memory: 16GB Corsair DDR4@2800MHz
Soundcard: Xonar U7 (USB)
PSU: Corsair AX860w
Question This Ransomware Virus - 05-13-2017, 16:35 | posts: 11,479 | Location: UK

Ive updated Defender, but ive not had any updates for my Win 7, since they changed em to the Win 10s way, so downloaded this one from the catalogue :- March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212), which i got from here :- https://technet.microsoft.com/en-us/.../ms17-010.aspx, via the Win 7 64bit SP1 (4012212)
Security Only
link down in the 'Affected Software' list.

Is that the right one i need to install ? (as theres another one underneath it called March, 2017 Security Only Quality Update for Windows 7 (KB4012212), which is only 18.8mb, but im guessing thats for 32bit).

Thanks.
   
Reply With Quote
 
Old
  (#2)
Extraordinary
Ancient Guru
 
Extraordinary's Avatar
 
Videocard: GTX980 SLI
Processor: FX-8350 @ 4.8GHz / H100i
Mainboard: ASUS Crosshair V Formula
Memory: 12GB 2133 G.Skill
Soundcard: Creative SB1040 7.1
PSU: Corsair RM1000
Default 05-13-2017, 16:42 | posts: 17,542 | Location: 127.0.0.1

According to one of the comments about the new WanaCry ransomware, yes

"Ex for win7 sp1 you should have KB4012212 or KB4012215"

https://gist.github.com/rain-1/98942...93ee6efbc0b168
   
Reply With Quote
Old
  (#3)
Rich_Guy
Ancient Guru
 
Rich_Guy's Avatar
 
Videocard: Sapphire Fury Tri-X OC x2
Processor: i7 5930K
Mainboard: ASUS X99-A
Memory: 16GB Corsair DDR4@2800MHz
Soundcard: Xonar U7 (USB)
PSU: Corsair AX860w
Default 05-13-2017, 16:44 | posts: 11,479 | Location: UK

Ive got the right one then, cheers Extraordinary, ill get it installed!
   
Reply With Quote
Old
  (#4)
Extraordinary
Ancient Guru
 
Extraordinary's Avatar
 
Videocard: GTX980 SLI
Processor: FX-8350 @ 4.8GHz / H100i
Mainboard: ASUS Crosshair V Formula
Memory: 12GB 2133 G.Skill
Soundcard: Creative SB1040 7.1
PSU: Corsair RM1000
Default 05-13-2017, 16:45 | posts: 17,542 | Location: 127.0.0.1

Found this on reddit too

Donwload link for security update of Windows 7 (to protect against WanaCry)

https://www.reddit.com/r/microsoft/c..._windows_7_to/
   
Reply With Quote
 
Old
  (#5)
Rich_Guy
Ancient Guru
 
Rich_Guy's Avatar
 
Videocard: Sapphire Fury Tri-X OC x2
Processor: i7 5930K
Mainboard: ASUS X99-A
Memory: 16GB Corsair DDR4@2800MHz
Soundcard: Xonar U7 (USB)
PSU: Corsair AX860w
Default 05-13-2017, 16:47 | posts: 11,479 | Location: UK

Yeah not got the Monthly Rollup, thanks again

EDIT! and Shes In!

Last edited by Rich_Guy; 05-13-2017 at 17:04.
   
Reply With Quote
Old
  (#6)
Extraordinary
Ancient Guru
 
Extraordinary's Avatar
 
Videocard: GTX980 SLI
Processor: FX-8350 @ 4.8GHz / H100i
Mainboard: ASUS Crosshair V Formula
Memory: 12GB 2133 G.Skill
Soundcard: Creative SB1040 7.1
PSU: Corsair RM1000
Default 05-13-2017, 17:22 | posts: 17,542 | Location: 127.0.0.1

At the bottom of the reddit comments was the same KB

You can go click random exes to your hearts content now
   
Reply With Quote
Old
  (#7)
Rich_Guy
Ancient Guru
 
Rich_Guy's Avatar
 
Videocard: Sapphire Fury Tri-X OC x2
Processor: i7 5930K
Mainboard: ASUS X99-A
Memory: 16GB Corsair DDR4@2800MHz
Soundcard: Xonar U7 (USB)
PSU: Corsair AX860w
Default 05-13-2017, 18:32 | posts: 11,479 | Location: UK

Yay!
   
Reply With Quote
Old
  (#8)
seahateme
Newbie
 
Videocard: RipjawsZ 4x4GB
Processor: Intel Core i
Mainboard:
Memory:
Soundcard:
PSU: Corsair HX650
Default 05-25-2017, 11:35 | posts: 1

I encountered the same problem several days too.
   
Reply With Quote
Old
  (#9)
Ghosty
Ancient Guru
 
Ghosty's Avatar
 
Videocard: GT 840M
Processor: I5 4210M 3.2GHz
Mainboard: -
Memory: DD3L 8G
Soundcard: Creative Sound Blaster
PSU: -
Default 05-25-2017, 12:56 | posts: 4,846

Disable Defender in group policy? Problem solved.
   
Reply With Quote
Old
  (#10)
AsiJu
Ancient Guru
 
AsiJu's Avatar
 
Videocard: EVGA 980Ti SC+/Xtreme IV
Processor: Ryzen5 1600
Mainboard: ASRock X370 Killer SLI
Memory: G.Skill TridentZ 3000/C14
Soundcard: X-Fi Titanium + Z906
PSU: Tt. Toughpower XT 875 W
Default 05-25-2017, 19:48 | posts: 3,457 | Location: Finland

On a related matter I've now got the "Edge redirect" malware twice!

It will randomly open a new tab when clicking a link, redirecting usually to an ad site. Neither Defender nor MalwareBytes, AdCleaner etc. have been able to remove it!

Only way was to delete my user account and re-create it to make sure all Edge related files were gone. Sheesh...
   
Reply With Quote
Old
  (#11)
KissSh0t
Ancient Guru
 
KissSh0t's Avatar
 
Videocard: ASUS RX 470 Strix Gaming
Processor: AMD FX 8320
Mainboard: ASUS M5A97 R2.0
Memory: G.Skill Ripjaws X F3 8GB
Soundcard: X-Fi XtremeMusic
PSU: Corsair HX650W
Default 05-26-2017, 01:22 | posts: 4,975 | Location: 0.0.0.0

Quote:
Originally Posted by AsiJu View Post
On a related matter I've now got the "Edge redirect" malware twice!

It will randomly open a new tab when clicking a link, redirecting usually to an ad site. Neither Defender nor MalwareBytes, AdCleaner etc. have been able to remove it!

Only way was to delete my user account and re-create it to make sure all Edge related files were gone. Sheesh...
Are there any unusual running services?
   
Reply With Quote
Old
  (#12)
Clouseau
Maha Guru
 
Clouseau's Avatar
 
Videocard: MSI RX 480 Gamming
Processor: Ryzen 1700X
Mainboard: ASUS Prime X370-Pro
Memory: GSkill Trident (2x8) 3200
Soundcard:
PSU: Seasonic SSR-1200PD
Default 05-26-2017, 01:54 | posts: 1,692

Did you try resetting Edge / deleting and re-installing?

https://www.howtogeek.com/237527/how...in-windows-10/
   
Reply With Quote
Old
  (#13)
AsiJu
Ancient Guru
 
AsiJu's Avatar
 
Videocard: EVGA 980Ti SC+/Xtreme IV
Processor: Ryzen5 1600
Mainboard: ASRock X370 Killer SLI
Memory: G.Skill TridentZ 3000/C14
Soundcard: X-Fi Titanium + Z906
PSU: Tt. Toughpower XT 875 W
Default 05-26-2017, 15:51 | posts: 3,457 | Location: Finland

Quote:
Originally Posted by KissSh0t View Post
Are there any unusual running services?
Nope, services and processes as usual, as were scheduled tasks.

Quote:
Originally Posted by Clouseau View Post
Did you try resetting Edge / deleting and re-installing?

https://www.howtogeek.com/237527/how...in-windows-10/
Tried that and didn't help, the issue recurred after restoring Edge. Guess it's some small file hidden deep within Edge libraries that don't get removed.

Deleting user account has worked both times. Takes a while to resetup everything but thankfully installed programs remain as there's another account on the pc (from within which I deleted my account).

And yes, before you ask I was searching for a crack... hint: do not mount and run any .iso files claiming to be something even if AV scan shows them as clean

So I do know very well how I got the malware and can avoid it. Just a bit worrysome no AV or AM seem to detect it.

It seems these .iso files contain an installer which claims to install a download searcher but in fact installs the adware.
I knew the files were fishy but tried anyway. Thinking Defender or Malwarebytes will intercept possible malware. Nope.
   
Reply With Quote
Old
  (#14)
CrazY_Milojko
Maha Guru
 
CrazY_Milojko's Avatar
 
Videocard: GTX760, R9 270X, GTX970..
Processor: i7-920C0 i7-2600K X5670/5
Mainboard: Asus & GB X58 /Asus Z68
Memory: 24 / 16 / 24 DDR3 1866
Soundcard: int.RealtekHD on all rigs
PSU: Seasonic 620W, Recom 750W
Default 05-26-2017, 15:58 | posts: 1,644 | Location: Serbia, Indjija

Quote:
Originally Posted by AsiJu View Post
Nope, services and processes as usual, as were scheduled tasks.



Tried that and didn't help, the issue recurred after restoring Edge. Guess it's some small file hidden deep within Edge libraries that don't get removed.

Deleting user account has worked both times. Takes a while to resetup everything but thankfully installed programs remain as there's another account on the pc (from within which I deleted my account).

And yes, before you ask I was searching for a crack... hint: do not mount and run any .iso files claiming to be something even if AV scan shows them as clean

So I do know very well how I got the malware and can avoid it. Just a bit worrysome no AV or AM seem to detect it.

It seems these .iso files contain an installer which claims to install a download searcher but in fact installs the adware.
I knew the files were fishy but tried anyway. Thinking Defender or Malwarebytes will intercept possible malware. Nope.
Did you tried HitmanPro ? Upon start choose: One time use... (something like that) and register via mail (real or fake, doesn't matter). Great all-around malware cleaner, even in free version.
   
Reply With Quote
Old
  (#15)
AsiJu
Ancient Guru
 
AsiJu's Avatar
 
Videocard: EVGA 980Ti SC+/Xtreme IV
Processor: Ryzen5 1600
Mainboard: ASRock X370 Killer SLI
Memory: G.Skill TridentZ 3000/C14
Soundcard: X-Fi Titanium + Z906
PSU: Tt. Toughpower XT 875 W
Default 05-26-2017, 17:37 | posts: 3,457 | Location: Finland

^ that too and a fourth one. They did find something but apparently failed to delete the bugger.

Lesson learned, I wanted the crack temporarily as the trial for said software had expired. I can access a legit version via my work laptop via VPN for home work.

The software just runs so much faster on my desktop so installed the trial version.

In theory I should be able to install a local copy on my desktop and borrow a license, but that depends on how the license server is configured and are the work IT guys willing to allow my pc remote access to license server.
   
Reply With Quote
Old
  (#16)
CrazY_Milojko
Maha Guru
 
CrazY_Milojko's Avatar
 
Videocard: GTX760, R9 270X, GTX970..
Processor: i7-920C0 i7-2600K X5670/5
Mainboard: Asus & GB X58 /Asus Z68
Memory: 24 / 16 / 24 DDR3 1866
Soundcard: int.RealtekHD on all rigs
PSU: Seasonic 620W, Recom 750W
Default 05-26-2017, 18:20 | posts: 1,644 | Location: Serbia, Indjija

^^^^ Probably malware you've got integrated himself deeply into OS, saw that few times, for tough mofos like that one great solution is to use Kaspersky Rescue Disk 10, bootable Linux-like Kasperky anti-malware tool for search & destroy of all kinds of malwares who are deeply integrated into main OS located on HDD. This great piece of software more than few times has saved asses of my friends when dozens of AV and other anti-malware tools were completely unuseful against few agressive malwares. With Kaspersky Rescue Disk 10 malwares can't defend themselfs, no way to mask or hide... And it's free.
   
Reply With Quote
Old
  (#17)
AsiJu
Ancient Guru
 
AsiJu's Avatar
 
Videocard: EVGA 980Ti SC+/Xtreme IV
Processor: Ryzen5 1600
Mainboard: ASRock X370 Killer SLI
Memory: G.Skill TridentZ 3000/C14
Soundcard: X-Fi Titanium + Z906
PSU: Tt. Toughpower XT 875 W
Default 05-26-2017, 18:50 | posts: 3,457 | Location: Finland

^ thanks! Think I'll give it a shot now just to be sure.
   
Reply With Quote
Old
  (#18)
CrazY_Milojko
Maha Guru
 
CrazY_Milojko's Avatar
 
Videocard: GTX760, R9 270X, GTX970..
Processor: i7-920C0 i7-2600K X5670/5
Mainboard: Asus & GB X58 /Asus Z68
Memory: 24 / 16 / 24 DDR3 1866
Soundcard: int.RealtekHD on all rigs
PSU: Seasonic 620W, Recom 750W
Default 05-26-2017, 20:12 | posts: 1,644 | Location: Serbia, Indjija

Right after the boot make sure to update KRD10's malware definitions base first, online of course, when it's done check every single HDD/SSD partition on infected machine and do a full scan. Without latest malware ddfinition base itt's not much useful against latest malwares.

I saw few times KRD10 couldn't make a use of integrated LAN card so I had to use PCI LAN card or to move infected HDD to some older generation PC, boot KRD10 on that rig where LAN card is rwcognized by KRD10, update it's base and kill the f**ker using that older rig.

My two cents..
   
Reply With Quote
Old
  (#19)
toronto699
Newbie
 
Videocard: asus GTX660
Processor: i7-4770k
Mainboard:
Memory:
Soundcard:
PSU: asus 700 watt
Default 05-26-2017, 20:47 | posts: 43

I use this free software for ransomware , I hope its usefull {WanaCry protected}
https://www.cybereason.com/?utm_sour...ansomware-tool

Last edited by toronto699; 05-26-2017 at 20:51.
   
Reply With Quote
Old
  (#20)
Sabbath
Maha Guru
 
Sabbath's Avatar
 
Videocard: Gigabyte WF3 GTX670 2GB
Processor: Intel Core i7-3770K/H80i
Mainboard: ASRock Z77 Extreme 3
Memory: G.SKILL RipjawsX 16GB
Soundcard: Xonar STX /Corsair SP2500
PSU: Cooler Master 850W~66A
Lightbulb 05-27-2017, 19:17 | posts: 894 | Location: Ontario, CAN

Are you guy's talking about this fix. https://answers.microsoft.com/en-us/...2-53398d21ed07 and don't for get to download the SMB2 Tools Disable. Note i manually turned it off but it was still enable so download the tools all is fine now.
   
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.