Page 3 of 10 FirstFirst 12345 ... LastLast
  1.    28 Jun 2017 #21
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,971
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by lx07 View Post
    Ah interesting, I missed that bit. These only work if you are running Admin account (or with Admin rights) though correct?
    Correct.
      My ComputerSystem Spec
  2.    28 Jun 2017 #22
    Join Date : Oct 2014
    Posts : 2,467
    W10 Pro + W10 Preview

    This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
    This has already been shut down.....so financial gain was not the motive.
      My ComputersSystem Spec
  3.    28 Jun 2017 #23
    Join Date : Jun 2015
    UK
    Posts : 2,101
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by AndreTen View Post
    Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...

    Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..

    There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used a manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.

    I just ran Notepad as Admin, saved the empty file as c:\windows\perfc, then made two further copies of perfc and renamed them perfc.dll and perfc.dat. Finally I set them to be read only. Kaspersky antivirus doesn't object when you do it this way.
      My ComputersSystem Spec
  4.    28 Jun 2017 #24
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,971
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by Steve C View Post
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used the manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.
    I have no idea... It was mentioned somewhere, that this vaccine isn't futureproof. Malware makers could easily change its behavior. Perhaps it's something in that direction...

    Once more: all major AV and antimalware suites are updated and are blocking it (including Windows defender)
      My ComputerSystem Spec
  5.    28 Jun 2017 #25
    Join Date : Oct 2014
    Arnold, MD
    Posts : 29,056
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by dencal View Post
    This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
    This has already been shut down.....so financial gain was not the motive.
    Muscle flexing and diversion.....what's the real target?
      My ComputersSystem Spec
  6.    28 Jun 2017 #26
    Join Date : Jul 2015
    Posts : 3,755
    10 Pro

    Quote Originally Posted by Steve C View Post
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used the manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.
    If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.
      My ComputerSystem Spec
  7.    28 Jun 2017 #27
    Join Date : Oct 2014
    Posts : 2,467
    W10 Pro + W10 Preview

    Quote Originally Posted by f14tomcat View Post
    Muscle flexing and diversion.....what's the real target?
    Either some curious kid in a back room seeing how clever he is.....or more worryingly a nation seeking superiority by paralysing vital industries, bringing countries to a standstill......most modern warfare is conducted using computerised technology, ie- aeroplanes, ships, missiles, orbiting space satellites etc.....all could be rendered completely ineffective......frightening isn't it.
      My ComputersSystem Spec
  8.    28 Jun 2017 #28
    Join Date : Jun 2015
    UK
    Posts : 2,101
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by lx07 View Post
    If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.
    Thanks - I just created the 3 files manually as Post 23.
      My ComputersSystem Spec
  9.    28 Jun 2017 #29
    Join Date : Apr 2016
    Posts : 62
    Windows 10

    Forgive me if this is a silly question, but how does the malware get into one's computer? Infected executable attachment, drive-by download, download via malicious link in an email..?
      My ComputerSystem Spec
  10.    28 Jun 2017 #30
    Join Date : Oct 2014
    Posts : 2,467
    W10 Pro + W10 Preview

    Quote Originally Posted by Smiley1 View Post
    Forgive me if this is a silly question, but how does the malware get into one's computer? Infected executable attachment, drive-by download, download via malicious link in an email..?
    In this particular case it appears to have infiltrated a software update.
      My ComputersSystem Spec

 
Page 3 of 10 FirstFirst 12345 ... LastLast


Similar Threads
Thread Forum
Prophetic BMJ letter - did this make NHS target for Ransomware attack?
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
Windows 10 News
Ransomware hits Chicago Med (TV drama series)
So tonight, on the American TV show Chicago Med, the show dealt with the issue of ransomware. In this episode, the hospitalís entire computer network was locked out by Ransomware thus crippling the entire hospital. For the record, Chicago Med...
Chillout Room
Watch Live from PAX EAST March 10-12th 2017
PAX (originally known as Penny Arcade Expo) is a series of gaming festivals held in Seattle, Boston, Melbourne, and San Antonio. PAX was created by Jerry Holkins and Mike Krahulik, the authors of the Penny Arcade webcomic, because they wanted to...
Windows 10 News
Solved Virus spreading over Wi-Fi!?
So, my Dad is going to purchase a new Windows Device for me (A bit late for XMas). My Dad also owns devices that have been infected be Viruses and other infections. If I connect to the Wi-Fi on my Windows Device, can Viruses and other infections...
AntiVirus, Firewalls and System Security
New Ransomware attack
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:49.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums