Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ABOUT_FILES!.txt Ransomware Support Topic


  • Please log in to reply
21 replies to this topic

#1 Pinksoshistuff

Pinksoshistuff

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 02:39 AM

Hi there my company's pc had been hit by an unknown ransomware. i've tried malwarebyte but it is not detected and all our important files are encrypted. please help cause all our important files are in there and they are all encrypted. i'll attach one of the encrypted files as an example of the virus
 
bhm29v.jpg

Attached Files


Edited by quietman7, 12 March 2016 - 08:16 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 PM

Posted 16 June 2015 - 05:20 AM


The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 05:27 AM

The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

 

Thanks for your reply, i'm very thankful for your help.



#4 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:24 PM

Posted 16 June 2015 - 07:31 AM

 

The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

 

Thanks for your reply, i'm very thankful for your help.

 

 

If you could upload a sample of the malware file to a third party site like [url=http://mega.co.nz[/url] and PM me the download link, I could take a look at it.  I'm actually sitting next to one of my colleagues that specializes in reverse-engineering and intelligence gathering.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#5 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 07:47 AM


 


The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

 
Thanks for your reply, i'm very thankful for your help.
 
 
If you could upload a sample of the malware file to a third party site like http://mega.co.nz[/url] and PM me the download link, I could take a look at it.  I'm actually sitting next to one of my colleagues that specializes in reverse-engineering and intelligence gathering.
Ok sir, ill upload it to another place when i get to my pc. Im out at the moment

Edited by Pinksoshistuff, 16 June 2015 - 07:47 AM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 PM

Posted 16 June 2015 - 08:12 AM

Please upload the sample to http://www.bleepingcomputer.com/submit-malware.php?channel=3 as well. Thanks

#7 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 08:13 AM

Please upload the sample to http://www.bleepingcomputer.com/submit-malware.php?channel=3 as well. Thanks


I have already uploaded a copy there

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 PM

Posted 16 June 2015 - 08:30 AM

What was the name of the file you uploaded? Can't find it.

Also if you havn't already, can you submit the about files file as well.

Thanks

#9 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 10:26 AM

What was the name of the file you uploaded? Can't find it.

Also if you havn't already, can you submit the about files file as well.

Thanks

 

The name of the file is call  error_img-131008131950.pdf



#10 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:24 PM

Posted 16 June 2015 - 10:28 AM

 

What was the name of the file you uploaded? Can't find it.

Also if you havn't already, can you submit the about files file as well.

Thanks

 

The name of the file is call  error_img-131008131950.pdf

 

 

Do you have the actual malware file?  Usually an executable file with a .EXE extension, or .SCR, etc.  May also have dropped a .DLL file.  Can you search the following locations on your device for new(er) files with seemingly random names that may have been involved with the infection?

 

%ProgramData%
%AppData%
%LocalAppData%
%Temp%

Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#11 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 10:30 AM

 

 

What was the name of the file you uploaded? Can't find it.

Also if you havn't already, can you submit the about files file as well.

Thanks

 

The name of the file is call  error_img-131008131950.pdf

 

 

Do you have the actual malware file?  Usually an executable file with a .EXE extension, or .SCR, etc.  May also have dropped a .DLL file.  Can you search the following locations on your device for new(er) files with seemingly random names that may have been involved with the infection?

%ProgramData%
%AppData%
%LocalAppData%
%Temp%

i dont think so. but i'll try and have a look in the morning. but i can assure that nothing look suspicious in appdata and programdata



#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 PM

Posted 16 June 2015 - 12:58 PM

Please submit the About Files! file as well. thanks

#13 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:24 PM

Posted 16 June 2015 - 02:03 PM

The "error_" prepended to the file name makes me wonder if this is a new variant of PClock...


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#14 Pinksoshistuff

Pinksoshistuff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 16 June 2015 - 09:52 PM

Please submit the About Files! file as well. thanks

Hi there Grinler! I have checked the locations you have requested but nothing seems weird. anyway i have also uploaded the about file into the submit section. ill also leave a pic of the run and run once reg here since there is people requesting it

2egfbwy.jpg


Edited by Pinksoshistuff, 16 June 2015 - 09:52 PM.


#15 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:08:24 PM

Posted 16 June 2015 - 10:04 PM

The recent LastWrite time of the RunOnce key has me wondering a bit, but could always just be the result of a legitimate update running.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users