Page 2 of 10 FirstFirst 1234 ... LastLast
  1.    27 Jun 2017 #11
    Join Date : Oct 2014
    Arnold, MD
    Posts : 29,071
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by COMPUTIAC View Post
    Whew!!!!!

    Zero-hour protection

    Malwarebytes detected this ransomware in the zero hour, meaning those that have Malwarebytes Premium or our standalone anti-ransomware technology have been protected from the instant this attack began. Both Malwarebytes business users and consumers users are protected if they are using the latest version of the above products.
      My ComputersSystem Spec
  2.    27 Jun 2017 #12
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,973
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:

    www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak

    Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.
      My ComputerSystem Spec
  3.    27 Jun 2017 #13
    Join Date : May 2015
    Posts : 425
    Redstone_Four

    Defender: 1.247.197.0/Petya


    We have been protected now since Jun 27,2017 10:23 PM UTC: 1.247.197.0

    What's New - Microsoft Malware Protection Technologies
    Attached Thumbnails Attached Thumbnails Petya.PNG  
      My ComputerSystem Spec
  4.    27 Jun 2017 #14
    Join Date : May 2015
    Central IL
    Posts : 4,254
    Mac OS Sierra

    I was checking out the Norse tracking map and Microsoft was sending out a lot of attacks to servers in Washington DC. It looks like DC is the main target right now. Norse Attack Map
      My ComputerSystem Spec
  5.    28 Jun 2017 #15
    Join Date : Jun 2015
    UK
    Posts : 2,105
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by AndreTen View Post
    There are some instructions how to create perfc file in C:/Windows folder over at BleepingComputers:

    www.bleepingcomputer.com | news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak

    Basically, copying the Notepad.exe and renaming it to "perfc", than giving it "read only" permission.
    Beware of using the batch file in that link. It creates some other files including perfc.dat which Kaspersky Total Security promptly deleted.
      My ComputersSystem Spec
  6.    28 Jun 2017 #16
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,973
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by Steve C View Post
    Beware of using the batch file in that link. It creates some other files including perfc.dat which Kaspersky Total Security promptly deleted.
    Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...

    Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..

    There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else
      My ComputerSystem Spec
  7.    28 Jun 2017 #17
    Join Date : Aug 2016
    Posts : 375
    Windows 10 64 bit, 1703

    I'm curious, how are these hackers able to get hold of NSA exploits?
    @bro67 Can you tell me what Norse tracking map is?
      My ComputerSystem Spec
  8.    28 Jun 2017 #18
    Join Date : Jul 2015
    Posts : 3,755
    10 Pro

    Quote Originally Posted by AndreTen View Post
    Disabling SMBv1 is smart move.
    but only if you don't use it to connect to you NAS or whatever of course...

    It was patched in march so if you run Windows update you should be OK.

    https://www.us-cert.gov/ncas/current...-Vulnerability
      My ComputerSystem Spec
  9.    28 Jun 2017 #19
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,973
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by lx07 View Post
    but only if you don't use it to connect to you NAS or whatever of course...

    It was patched in march so if you run Windows update you should be OK.

    https://www.us-cert.gov/ncas/current...-Vulnerability
    Not really..
    "Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
    System is patched for original Eternalblue (WannyCry), but not for other exploits.

    All major AV and Antimalware companies updated their software, so users are on the safe side by now. Industrial solutions are other story...
      My ComputerSystem Spec
  10.    28 Jun 2017 #20
    Join Date : Jul 2015
    Posts : 3,755
    10 Pro

    Quote Originally Posted by AndreTen View Post
    Not really..
    "Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.
    Ah interesting, I missed that bit. These only work if you are running Admin account (or with Admin rights) though correct?
      My ComputerSystem Spec

 
Page 2 of 10 FirstFirst 1234 ... LastLast


Similar Threads
Thread Forum
Prophetic BMJ letter - did this make NHS target for Ransomware attack?
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
Windows 10 News
Ransomware hits Chicago Med (TV drama series)
So tonight, on the American TV show Chicago Med, the show dealt with the issue of ransomware. In this episode, the hospitalís entire computer network was locked out by Ransomware thus crippling the entire hospital. For the record, Chicago Med...
Chillout Room
Watch Live from PAX EAST March 10-12th 2017
PAX (originally known as Penny Arcade Expo) is a series of gaming festivals held in Seattle, Boston, Melbourne, and San Antonio. PAX was created by Jerry Holkins and Mike Krahulik, the authors of the Penny Arcade webcomic, because they wanted to...
Windows 10 News
Solved Virus spreading over Wi-Fi!?
So, my Dad is going to purchase a new Windows Device for me (A bit late for XMas). My Dad also owns devices that have been infected be Viruses and other infections. If I connect to the Wi-Fi on my Windows Device, can Viruses and other infections...
AntiVirus, Firewalls and System Security
New Ransomware attack
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:07.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums