| Page 2 of 2 |
harry_theone
Posts: 11240
Location: The Land of Thread Reports
|
|
| Back to top |
|
 |
WaldoJ
VIP Member
Posts: 32678
|
 Posted: Sun, 29th Nov 2020 14:18 Post subject: |
|
|
I honestly cannot say how it happened or what happened. That machine only has steam for civ6, sonarr and radarr running. No kb or mouse connected until yesterday and only used in remote desktop sessions to maintain plex server/play civ 6 in steam link.
I don't even pirate games anymore since I just play on the switch.
So it's odd.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
harry_theone
Posts: 11240
Location: The Land of Thread Reports
|
| Posted: Sun, 29th Nov 2020 14:37 Post subject: |
|
|
Must have been the movie or the session was hijacked.
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 14:59 Post subject: |
|
|
Most likely session was hijacked.
I gotta read up on remote desktop, make is secure.
Only local network. But fuck me if I know how lol.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 15:10 Post subject: |
|
|
| Yondaime wrote: | Just as an idea, are you by any chance using Taiga (automatic anime tracking and 'borrowing' program)?
I had an anime episode downloaded using Taiga a few weeks ago that ended up being an .exe file. It never ran but after I submitted it to VirusTotal it was some kind of ransomware virus.
Taiga didn't detect it being an .exe file for some reason. |
I aint no weeb 
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 29th Nov 2020 15:42 Post subject: |
|
|
and its a well known ransom ware ? and windows defender didnt even pop up ? then yes one could assume someone had admin perms on your pc or something, change ur passwords
i once saw linus try to infect his pc on purpose, and it took him 2 hours of clicking and installing EVERYTHING shady adds were linking him, to even get infected
and honestly, i think its a faillure of windows to not being able to detect something as simple as massive HD activity and encrypting and not trow up a pop up to ask if u are sure u want to encrypt everything or that something is going on and asking if it should continue
This has such easy ways to detect such an abnormal activity by the OS on a standard users pc that i think its criminal neglect on microsoft part to not have a fail safe for it now a decade (two?) later. THe fucking ransomware is probably even using windows encrption tools itself ... and they should be sued for said neglect
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13523
|
| Posted: Sun, 29th Nov 2020 15:58 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 05:42; edited 3 times in total
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 29th Nov 2020 16:03 Post subject: |
|
|
the movie worked didnt it ? doesnt that mean the file was ok ?or can files just m agicly self execute after downloading these days ?
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 16:11 Post subject: |
|
|
| Nalo wrote: | | @WaldoJ Did it change the file extensions? |
Files renamed, added a contact info and extensions renamed as well.
.help extension.
[E6A45105-2275].[helprecover@foxmail.com] added to each file.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 29th Nov 2020 17:31 Post subject: |
|
|
so the movie file didnt work?
wonder if cutting the power the moment u clicked it when u heard ur drives all spinning up , could have helped
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 17:58 Post subject: |
|
|
Movie worked. I watched it the night before after work.
I found some remaining .help files. Appearantly the thing happened around 9am yesterday.
No idea what caused it. And since I don't browse shady sites on that pc. I use my phone for that even for forwarding any torrents.
If its possible to hijack a remote desktop, then that's the primary culprit.
One other system caught a virus a while back, like a few months or so ago, and somehow it automated mouse movements to approve it once defender recognized it. Trashed the whole system. Wiped and formated it. It was pretty much instantaneous. Pop up showed up, defender went all nuh uh. Then bunch of shit that I wasn't in control of opened up defender and allowed the Trojan to continue. Was impressive to watch, but the system was pretty bare so a wipe didn't hurt as much as years of media 
But that was my fault. I was checking some shady switch sites that were loaded with pop-ups that even brave browser couldn't stop.
This one is still a mystery to me.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
Nalo
nothing
Posts: 13523
|
| Posted: Sun, 29th Nov 2020 18:32 Post subject: |
|
|
Last edited by Nalo on Wed, 3rd Jul 2024 05:42; edited 3 times in total
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 19:51 Post subject: |
|
|
Eh.
But it does have a guide for rdp \o/
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
M4trix
Posts: 9313
Location: Croatia, Adriatic coast (I can see ixi from here)
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sun, 29th Nov 2020 19:55 Post subject: |
|
|
Lol could be. Given how radarr is set to download highest possible filesize lol.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 29th Nov 2020 21:38 Post subject: |
|
|
| PickupArtist wrote: | and its a well known ransom ware ? and windows defender didnt even pop up ? then yes one could assume someone had admin perms on your pc or something, change ur passwords
i once saw linus try to infect his pc on purpose, and it took him 2 hours of clicking and installing EVERYTHING shady adds were linking him, to even get infected
and honestly, i think its a faillure of windows to not being able to detect something as simple as massive HD activity and encrypting and not trow up a pop up to ask if u are sure u want to encrypt everything or that something is going on and asking if it should continue
This has such easy ways to detect such an abnormal activity by the OS on a standard users pc that i think its criminal neglect on microsoft part to not have a fail safe for it now a decade (two?) later. THe fucking ransomware is probably even using windows encrption tools itself ... and they should be sued for said neglect |
Windows is lacklustre in a variety of ways. Someone can upload everything you have and you'd have no clue
|
|
| Back to top |
|
|
ixigia
[Moderator] Consigliere
Posts: 65099
Location: Italy
|
| Posted: Mon, 30th Nov 2020 04:08 Post subject: |
|
|
Damn Waldo that really sucks :<
If it happened to me it would take me months to redownload everything haha. I did have to deal with a very nasty ZeroAccess trojan some years back, but thankfully no damage was done and I could recover all the important stuff before cleaning up the drive. I still don't know what caused it either, though to be fair, between ghetto repacks, torrents and wild nipples my PC practically lives in shadyland 24/7 so it was bound to happen. 
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Frant
King's Bounty
Posts: 24656
Location: Your Mom
|
| Posted: Mon, 30th Nov 2020 11:30 Post subject: |
|
|
Whenever I've downloaded something that I'm the slightest uncertain about I check it with Virustotal.
@WaldoJ: I'd definitely secure your entire setup, Router, PC, NAS, Remote Desktop etc., use port-forwarding and turn off any services you don't need/use. With tools like remote desktop (or a trojan version of similar software) they can indeed take control of your mouse, record your keyboard presses, stream your display and get full access to everything that is connected to your PC.
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!
"The sky was the color of a TV tuned to a dead station" - Neuromancer
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 30th Nov 2020 13:38 Post subject: |
|
|
| Frant wrote: | Whenever I've downloaded something that I'm the slightest uncertain about I check it with Virustotal.
@WaldoJ: I'd definitely secure your entire setup, Router, PC, NAS, Remote Desktop etc., use port-forwarding and turn off any services you don't need/use. With tools like remote desktop (or a trojan version of similar software) they can indeed take control of your mouse, record your keyboard presses, stream your display and get full access to everything that is connected to your PC. |
I wish it was that easy. These virus softwares are pretty anti piracy nowadays and gives so much false positives
|
|
| Back to top |
|
|
couleur
[Moderator] Janitor
Posts: 14375
|
| Posted: Mon, 30th Nov 2020 13:41 Post subject: |
|
|
You can always whitelist your pirated game folders.
"Enlightenment is man's emergence from his self-imposed nonage. Nonage is the inability to use one's own understanding without another's guidance. This nonage is self-imposed if its cause lies not in lack of understanding but in indecision and lack of courage to use one's own mind without another's guidance. Dare to know! (Sapere aude.) "Have the courage to use your own understanding," is therefore the motto of the enlightenment."
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 30th Nov 2020 15:05 Post subject: |
|
|
isnt there also some nasty shit that embeds itself in your bios or in some bootsectors making it impossible to detect ?
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 2nd Dec 2020 06:35 Post subject: |
|
|
Last edited by Interinactive on Mon, 4th Oct 2021 08:36; edited 3 times in total
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 2nd Dec 2020 16:04 Post subject: |
|
|
Joke's on whoever ransomewares my drives it's all free useless shit I can wipe and reinstall easy as that.
If something is critical and will affect you, have the good habit of backing it up on an external drive you only plug in when you need it.
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 2nd Dec 2020 23:27 Post subject: |
|
|
Ufff, i have a couple of TBs in GoPro footage from all my racing history, buying a disk to copy and put it in a box, fuck that.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Tue, 22nd Dec 2020 15:58 Post subject: |
|
|
I'll check when I get home.
But again I only check basic torrent sites and radarr and sonarr do the rest on the main pc which is a plex server and sometimes steam link machine.
Sketchy sites I use my phone on and transfer magnet links if need be.
I don't even browse forums on that pc. Lol. But ill check today.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Tue, 22nd Dec 2020 15:59 Post subject: |
|
|
| FireMaster wrote: | Joke's on whoever ransomewares my drives it's all free useless shit I can wipe and reinstall easy as that.
If something is critical and will affect you, have the good habit of backing it up on an external drive you only plug in when you need it. |
Exactly. Family pictures , documents, all that shit is offline, local, and online backups. Piracy shit is local only and now offline only. Lol.
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 26th Dec 2020 14:30 Post subject: |
|
|
so, are u spectre and meltdown secure ?
|
|
| Back to top |
|
|
WaldoJ
VIP Member
Posts: 32678
|
| Posted: Sat, 26th Dec 2020 15:32 Post subject: |
|
|
According to the app inspectre
Protected for both
| Sin317 wrote: | | I win, you lose. Or Go fuck yourself. |
|
|
| Back to top |
|
|
| Page 2 of 2 |
All times are GMT + 1 Hour |
