Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoMonitor question


  • Please log in to reply
8 replies to this topic

#1 USASAgencyman

USASAgencyman

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:09:38 AM

Posted 25 April 2015 - 07:58 AM

Edited to correct info pointing at this zip download as a problem.  It scanned as a threat, but it is a false positive.  (I can't alter the subject line.)
 
So I'm on the Bleepingcomputer Facebook page, downloaded and installed Cryptomonitor, Now I have these:  They don't yet mess with the file extensions, they won't open, and they scan negative.
 
I will have to decide what to do when I figure out exactly what I have, I searched this forum and didn't get a hit on the file name I downloaded. 
 
Any ideas will be appreciated.
 
Bruce Hinton
 
Gibberish_zpsoynwtfrd.jpg

Edited by quietman7, 25 April 2015 - 04:47 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 25 April 2015 - 08:16 AM

After installing CryptoMonitor, a randomly named folder (i.e. %klsjtmjklwkxeqzjbjrim) containing .bmp, .png. and .gif files is added to the Desktop and other locations. According to the developer, these folders are trap folders..."patterns of files, and hidden virtual files that Ransomware cannot resist."

You can ask the developer, Nathan (DecrypterFixer), a question, report an issue or suggestion in the CryptoMonitor Official Discussion & Support Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 USASAgencyman

USASAgencyman
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:09:38 AM

Posted 25 April 2015 - 08:23 AM

Quietman,

 

Thanks for the tip!  I'll go there.

 

Actually I found them all over the place, downloads docs etc.  Hope that's not a bad sign.  If they are effective, and not harmful, then I will happily let them hang out with me!

 

B.

 

I only quarantined that CT2015_Decryptor.zip file in case it turned out to be useful, it definitely came up glowing red...


Edited by USASAgencyman, 25 April 2015 - 08:25 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 25 April 2015 - 08:28 AM

I did too the first time I used CryptoMonitor so I checked with Nathan at that time and he confirmed their creation was deliberate as part of his tools functionality and protection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 25 April 2015 - 08:35 AM

BTW...this feature is explained more in by Nathan Scott, the creator of CryptoMonitor.

Entrapment Protection
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 USASAgencyman

USASAgencyman
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:09:38 AM

Posted 25 April 2015 - 08:37 AM

Case closed!  

 

Now I can put that zip back on one of my Thumb/SDs, for potential use on unfortunate clients' computers.

 

Appreciate the response, I was so tired I just caught some sleep, and found one of those folders this morning.

 

Going Pro immediately!

 

B.


Edited by USASAgencyman, 25 April 2015 - 08:37 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 25 April 2015 - 08:41 AM

You're welcome. :thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Nathan

Nathan

    DecrypterFixer


  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:38 AM

Posted 25 April 2015 - 09:20 AM

Thanks Quietman, for a quick response and wonderful explanation to entrapment protection :)

 

And also CT_2015 decrypter is a decryption application I made straight from the real infection. The infection happened to have the decryption functionalities included in the virus, so I patched out all the bad malicious stuff in the virus, and then made it start at the decryption function. Because I made it from the real infection, AV's go nuts about it, but don't worry, its harmless now and can only decrypt files.


Have you performed a routine backup today?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 25 April 2015 - 09:36 AM

Since this information is not related to an infection, I am moving it to a more appropriate forum to avoid Google searches bringing folks to AII.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users