Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WNCRY - XP - signs that I am infected?


  • Please log in to reply
6 replies to this topic

#1 blop

blop

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 16 May 2017 - 06:06 AM

I'm still running XP.
 
Over the weekend, I imaged and deployed onto another disk and applied this update from MS.
 
Everything seemed fine.
 
I went back to my original disk and again applied the patch.  But last night, there were several occasions where the system would just hang with the HDD led busy - same again this morning.
 
Do you think I've been infected or would this be something else?
 
I assume I would only know if I get the encrypted files ransom notice?
 
Moved from Ransomware Help & Tech Support

NickAu

Edited by NickAu, 16 May 2017 - 06:10 AM.
Mod edit


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 PM

Posted 16 May 2017 - 06:23 AM


Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment and your data is not actually encrypted, then you most likely are dealing with something else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 blop

blop
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 16 May 2017 - 06:36 AM

Thanks Nick for moving and quietman for insight.

 

Hopefully something else at play!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 PM

Posted 16 May 2017 - 06:43 AM

Not a problem.

If you're not finding evidence of malware infection, you may want to try some of the suggestions in this guide:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 17 May 2017 - 02:26 AM

The exploit that WannaCry uses does not work for Windows XP (it wasn't designed for that). So a system with Windows XP should not be affected by this particular ransomware campaign.

That does not mean that your system is clean from malware, though. Windows XP is very prone to infections.


Edited by Struppigel, 17 May 2017 - 02:26 AM.


#6 blop

blop
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 17 May 2017 - 04:59 AM

Interesting.

 

I thought it was mainly XP system which were affected and Windows 10 not being targeted?

 

I am hoping my issue was just a loose connection to the hard drive but fingers-crossed that there's no corruption to the drive!


Edited by blop, 17 May 2017 - 05:00 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,935 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:06 PM

Posted 17 May 2017 - 09:37 AM

Microsoft releases WannaCrypt protection for out-of-support products...Windows XP, Windows 8, & Windows Server 2003

... we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Microsoft Customer Guidance for WannaCrypt attacks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users