petya(?) ransomewear - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > General Security Topics
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 07-14-2017, 11:46 PM   #1 (permalink)
Ultra Techie
 
XWrench3's Avatar
 
Join Date: Jan 2012
Location: W. MICHIGAN
Posts: 746
Default petya(?) ransomewear

so i got this wonderful pop up age tonight surfing around. it said that my computer had been infected and to call a phone number to talk to someone who could guide me thru the removal process. well, this isn't my first time around the block. and i had not heard of that particular infection. so in typical fashion, i dismissed it as yet another in a long line of hoaxes that plaster the web. i did for safety's sake, run Microsoft's malicious tool removal program. it did find one file that was infected. but it never did give me a report as to what or where it was. i went onto Major Geek to check about ransom wear removal utility, and the very first one mentioned this exact same one. so i downloaded it, and it is running at the moment. i am thinking that if i get this before i shut down the computer, i might be ok. but i have not had one before (and i am not really sure i have one now), so i really do not know what to expect.
__________________

__________________
Cooler Master HAF XB EVO, MSI B150m PRO-VHL, Intel i-5 6500, 16gb G.Skill DDR4, WD Blue 1TB, HGST Ultrastar 3 TB, HP Lightscribe DVDRW , LG WH14NS40 Blu-Ray burner, Thermaltake 500w PSU.
XWrench3 is offline   Reply With Quote
Old 07-14-2017, 11:51 PM   #2 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,479
Default Re: petya(?) ransomewear

If it is ransomware...hopefully you had a backup of your data.
__________________

__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 07-15-2017, 12:00 AM   #3 (permalink)
There and Back again
 
Nukem's Avatar
 
Join Date: Jan 2005
Location: Chattanooga, TN
Posts: 4,401
Default Re: petya(?) ransomewear

https://www.theguardian.com/technolo...o-what-why-how
__________________



Dell 4K S2817Q / Logitech Z-680 / Func MS3 Mouse / Corsair K70 LUX rgb
NZXT Source 530 / i5-7600K / Corsair H100i v2 / ASRock Z270 Extreme4
SM951 M2 256GB / 850 evo 1TB / Seagate 2TB / WD 2TB
2x16GB Vengeance LPX DDR4 3000 / evga Classified GTX 980 ti / Seasonic M12II 850W

Nukem is online now   Reply With Quote
Old 07-15-2017, 07:03 AM   #4 (permalink)
Ultra Techie
 
XWrench3's Avatar
 
Join Date: Jan 2012
Location: W. MICHIGAN
Posts: 746
Default Re: petya(?) ransomewear

well, apparently it was a hoax. my computer never shut down, and it continues to run even after a restart. i ran my anti virus, ran windows malicious software tool, downloaded a tool that was supposed to find "petya", and i just now ran chkdsk. noting comes up anywhere. i do have a recent back up of everything, as i just went thru a complete system restoration. i really do not keep much on my computer to ransom. but of course, they don;t know that. so it appears that my data is safe. i guess i thought ransom wear was pretty much a big business thing. maybe its changing?
__________________
Cooler Master HAF XB EVO, MSI B150m PRO-VHL, Intel i-5 6500, 16gb G.Skill DDR4, WD Blue 1TB, HGST Ultrastar 3 TB, HP Lightscribe DVDRW , LG WH14NS40 Blu-Ray burner, Thermaltake 500w PSU.
XWrench3 is offline   Reply With Quote
Old 07-15-2017, 02:20 PM   #5 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,479
Default Re: petya(?) ransomewear

I would also suggest running a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Then, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 07-15-2017, 10:09 PM   #6 (permalink)
Grandfather of Techist

¯\_(ツ)_/¯
 
Trotter's Avatar
 
Join Date: Jan 2005
Location: The South
Posts: 31,292
Default Re: petya(?) ransomewear

Quote:
Originally Posted by carnageX View Post
I would also suggest running a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Then, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download
Toss Zemana into the mix as well. After being hit a couple of times with AnonymizerGadget I have found that Zemana is pretty freaking powerful.

https://www.zemana.com/Antimalware
__________________


My Rig: SABLE
Antec 300 Illusion / Antec EarthWatts EA650 650W / ASUS GeForce GTX 960 GTX960-DC2OC-2GD5
AMD FX 8320 x8 Black Edition / Gelid Tranquillo / MSI 970A-G43
Sandisk Ultra Plus 128GB / Samsung 840 120GB / WD Black 750GB / WD Green 1TB
2x4GB DDR3 1600 - 2x2GB DDR3 1600
Win10 Ent 64-bit - Mionix Naos 7000 Mouse - CM Storm QuickFire Rapid Mech Keyboard


R.I.P. Danny L. Trotter ... 14 Nov 1945 - 4 Sept 2009
Trotter is offline   Reply With Quote
Old 07-16-2017, 10:52 PM   #7 (permalink)
Ultra Techie
 
XWrench3's Avatar
 
Join Date: Jan 2012
Location: W. MICHIGAN
Posts: 746
Default Re: petya(?) ransomewear

i got a clean bill of health from all three programs. and the computer seems to be functioning fine. but i hate having that little bit of doubt sitting on my shoulder all the time. why do people do crap like this?
__________________
Cooler Master HAF XB EVO, MSI B150m PRO-VHL, Intel i-5 6500, 16gb G.Skill DDR4, WD Blue 1TB, HGST Ultrastar 3 TB, HP Lightscribe DVDRW , LG WH14NS40 Blu-Ray burner, Thermaltake 500w PSU.
XWrench3 is offline   Reply With Quote
Old 07-16-2017, 10:58 PM   #8 (permalink)
Ultra Techie
 
XWrench3's Avatar
 
Join Date: Jan 2012
Location: W. MICHIGAN
Posts: 746
Default Re: petya(?) ransomewear

its been quite a while, what is a good rootkit detection tool?
__________________
Cooler Master HAF XB EVO, MSI B150m PRO-VHL, Intel i-5 6500, 16gb G.Skill DDR4, WD Blue 1TB, HGST Ultrastar 3 TB, HP Lightscribe DVDRW , LG WH14NS40 Blu-Ray burner, Thermaltake 500w PSU.
XWrench3 is offline   Reply With Quote
Old 07-16-2017, 11:02 PM   #9 (permalink)
Private Joker
 
carnageX's Avatar
 
Join Date: Feb 2007
Location: South Dakota
Posts: 24,479
Default Re: petya(?) ransomewear

Quote:
Originally Posted by XWrench3 View Post
i got a clean bill of health from all three programs. and the computer seems to be functioning fine. but i hate having that little bit of doubt sitting on my shoulder all the time. why do people do crap like this?
$$$$$

Quote:
Originally Posted by XWrench3 View Post
its been quite a while, what is a good rootkit detection tool?
Panda Anti Rootkit and TDSSKiller have served me well in the past.
__________________
Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5


If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline   Reply With Quote
Old 07-17-2017, 07:26 AM   #10 (permalink)
Ultra Techie
 
XWrench3's Avatar
 
Join Date: Jan 2012
Location: W. MICHIGAN
Posts: 746
Default Re: petya(?) ransomewear

how do they make money spreading junk like that? i certainly understand the need to make cash, but that to me is like taking money from terrorists . its just going to turn around and bite you in the backside when you least expect it. and your not going to like the bite! // thanks for the rootkit, i will run it as well. though i am not expecting to find anything. its one less pest sitting on my shoulder.
__________________

__________________
Cooler Master HAF XB EVO, MSI B150m PRO-VHL, Intel i-5 6500, 16gb G.Skill DDR4, WD Blue 1TB, HGST Ultrastar 3 TB, HP Lightscribe DVDRW , LG WH14NS40 Blu-Ray burner, Thermaltake 500w PSU.
XWrench3 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Petya Ransomware MidnightShadow Viruses, Spyware and Malware 15 04-13-2016 03:24 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:05 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.