Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI ransom malware


  • This topic is locked This topic is locked
160 replies to this topic

#16 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 09:55 PM

Mandiant U.S.A Cyber Security

 

Here is the one that you have just listed (Hitman Pro version)

 

You can see there are about 20 or 30 "Face pages" used for similar scam infections.

If you get stuck on this type of thing, along the top line.

 

BleepingComputer.com - Forums - Members - Tutorials - Startup List - More

More is a link to Infections where I used Copy / Paste of Mandiant in the Search box there.

You can see the result in the top link -

 

Thanks -



BC AdBot (Login to Remove)

 


#17 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 10:02 PM

My Fault of not thinking ...

Sorry I thought you knew 32 or 64bit versions -

http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
 

From Bleep Comp Tutorials -



#18 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 10:03 PM

Thank you..



#19 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 10:09 PM

No problems -

Just keep asking and I will help where I can -

 

Back in 1 hour, unless you have something now .......



#20 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 10:31 PM

Ok so I downloaded 32bit Hitman to the desktop of my laptop.  Insert the flashdrive, double click on the desktop icon, and lo and behold, my laptop is 64bit and wont run.   I assume I am to click on the desk top icon when it says in the instructions to "double-click on the file named HitmanPro.exe.  If I am not supposed to click on the icon, where is the HitmanPro.exe file to click on?



#21 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 10:41 PM

Let me ask one of the others, just for a minute -



#22 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 10:42 PM

brb



#23 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 11:00 PM

No other 32bit laptop that you can borrow for 10 minutes ?

 

I've got one of the experts checking if you can "swap versions" some way.



#24 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 11:09 PM

No, its the only other computer in the house.  :(



#25 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 11:28 PM

No, its the only other computer in the house <= Mates next door ?? (just an idea)

 

They are still testing the versions. We may be able to "swap" coded versions -

Some can work on both systems, but some are specific only ....



#26 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 11:35 PM

Its too late 11:30 for me to go next door and borrow a PC tonight.

I can prolly find a PC tomorrow that is 32bit, but who knows. 

This PC is a relative dinosaur running Windows XP running Service pack 2, lol

 

Let them know I appreciate them "testing" coding to help me out. 



#27 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 22 November 2013 - 11:52 PM

No problem, but it may be 5 minutes or 1 hour to get a decent reply.

 

The only other idea was, to try and download in Safe Mode with Networking on the sick unit ?

 

Still waiting on a better reply -



#28 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 22 November 2013 - 11:57 PM

Im here now in safe mode with networking.

I ran Rkill then malwarebytes, which found and removed 3 files.

FYI, I had to run the Rkill and malwarebytes in safe mode, then I had to restart in safe mode with networking.

If I start straight off in safe mode with networking I believe the infection takes over.



#29 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:33 PM

Posted 23 November 2013 - 12:04 AM

Got an Expert looking at it now.

If you get any posts from someone else, please take note of them -



#30 MadHatter63

MadHatter63
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 23 November 2013 - 12:06 AM

yes I see ddeerrff in the room with us.

Thank you ddeerrff.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users