Windows 10: New global ransomware attack hits East Europe and spreading

Page 3 of 10 FirstFirst 12345 ... LastLast
  1. AndreTen's Avatar
    Posts : 14,111
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       28 Jun 2017 #21

    lx07 said: View Post
    Ah interesting, I missed that bit. These only work if you are running Admin account (or with Admin rights) though correct?
    Correct.
      My ComputerSystem Spec

  2. dencal's Avatar
    Posts : 2,801
    W10 Pro + W10 Preview
       28 Jun 2017 #22

    This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
    This has already been shut down.....so financial gain was not the motive.
      My ComputersSystem Spec

  3.    28 Jun 2017 #23

    AndreTen said: View Post
    Thanks for warning Steve. One can usually trust the guys at Bleeping Computers. Will check it out. Kaspersky could react to changes in Windows dir...

    Edit: can't imagine what would trigger Kaspersky, except that it just reacts to creating files in C:\Windows..

    There are just 3 files, filled with some text (don't delete this.. is a vaccine ...) named perfc, perfc.dll and perfc.somtething else
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used a manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.

    I just ran Notepad as Admin, saved the empty file as c:\windows\perfc, then made two further copies of perfc and renamed them perfc.dll and perfc.dat. Finally I set them to be read only. Kaspersky antivirus doesn't object when you do it this way.
      My ComputersSystem Spec

  4. AndreTen's Avatar
    Posts : 14,111
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       28 Jun 2017 #24

    Steve C said: View Post
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used the manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.
    I have no idea... It was mentioned somewhere, that this vaccine isn't futureproof. Malware makers could easily change its behavior. Perhaps it's something in that direction...

    Once more: all major AV and antimalware suites are updated and are blocking it (including Windows defender)
      My ComputerSystem Spec

  5. f14tomcat's Avatar
    Posts : 36,161
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)
       28 Jun 2017 #25

    dencal said: View Post
    This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
    This has already been shut down.....so financial gain was not the motive.
    Muscle flexing and diversion.....what's the real target?
      My ComputersSystem Spec

  6.    28 Jun 2017 #26

    Steve C said: View Post
    Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used the manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.
    If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.
      My ComputerSystem Spec

  7. dencal's Avatar
    Posts : 2,801
    W10 Pro + W10 Preview
       28 Jun 2017 #27

    f14tomcat said: View Post
    Muscle flexing and diversion.....what's the real target?
    Either some curious kid in a back room seeing how clever he is.....or more worryingly a nation seeking superiority by paralysing vital industries, bringing countries to a standstill......most modern warfare is conducted using computerised technology, ie- aeroplanes, ships, missiles, orbiting space satellites etc.....all could be rendered completely ineffective......frightening isn't it.
      My ComputersSystem Spec

  8.    28 Jun 2017 #28

    lx07 said: View Post
    If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.
    Thanks - I just created the 3 files manually as Post 23.
      My ComputersSystem Spec

  9.    28 Jun 2017 #29

    Forgive me if this is a silly question, but how does the malware get into one's computer? Infected executable attachment, drive-by download, download via malicious link in an email..?
      My ComputerSystem Spec

  10. dencal's Avatar
    Posts : 2,801
    W10 Pro + W10 Preview
       28 Jun 2017 #30

    Smiley1 said: View Post
    Forgive me if this is a silly question, but how does the malware get into one's computer? Infected executable attachment, drive-by download, download via malicious link in an email..?
    In this particular case it appears to have infiltrated a software update.
      My ComputersSystem Spec


 
Page 3 of 10 FirstFirst 12345 ... LastLast

Related Threads
It seems possible that this prophetic British Medical Journal letter from May 10 edition (online May 11, the day before the WannaCry Exploit hit the world) may have focussed the current ransomware attack on UK NHS hospitals: 135086 The...
So tonight, on the American TV show Chicago Med, the show dealt with the issue of ransomware. In this episode, the hospitalís entire computer network was locked out by Ransomware thus crippling the entire hospital. For the record, Chicago Med...
PAX (originally known as Penny Arcade Expo) is a series of gaming festivals held in Seattle, Boston, Melbourne, and San Antonio. PAX was created by Jerry Holkins and Mike Krahulik, the authors of the Penny Arcade webcomic, because they wanted to...
Solved Virus spreading over Wi-Fi!? in AntiVirus, Firewalls and System Security
So, my Dad is going to purchase a new Windows Device for me (A bit late for XMas). My Dad also owns devices that have been infected be Viruses and other infections. If I connect to the Wi-Fi on my Windows Device, can Viruses and other infections...
New Ransomware attack in AntiVirus, Firewalls and System Security
Only 5 days out and Win10 being screwed with. This link was in an E-Mail today: New Windows 10 scam will encrypt your files for ransom | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:38.
Find Us