chevron_left chevron_right
Login Register invert_colors photo_library
Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Help im infected (locker v 4.94 ransomware) filter_list
Author
Message
Help im infected (locker v 4.94 ransomware) #1
I was just infected by something called "Locker v4.94" that has encrypted some of my files. It shows a list of the encrypted files and none of them are important (actually they're all useless lululululul) and it gave me a 70 hour time limit to pay them or it will "delete the encryption key off their server leaving my files encrypted forever". Good for them.


Anyway i'm just worried it might encrypt more or somehow get more malware installed and was wondering if anyone has had this before and how exactly they got rid of it? I'm running a virus scan as we speak but it is only windows defender. I have Malwarebytes but whenever I run a scan with it, my computer freezes up and I get a "security option dialog" things that has nothing to do with the malware as its always happened.


Anyway it shows a screen with every startup with the time limit and some details and I want to get rid of it and the software itself. Any help appreciated thanks!


And dont just tell me to run a virus scan....

Reply

RE: Help im infected (locker v 4.94 ransomware) #2
To remove this, you'll have to wait for your malware defs to update, or learn how Windows works in depth and remove it manually.


Even if you did run a virus scan, it won't decrypt your files.
These types of malware are the equivalent of "GO AHEAD CALL THE COPS THEY CANT UNRAPE YOU"
Should've kept a backup.
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47

Reply

RE: Help im infected (locker v 4.94 ransomware) #3
Given you've said most of your files aren't Important, simply hit a clean Installation of Windows and be done with It. Be sure to delete all existing partitions and Install on the unallocated space.

By the time you perform scans, analyze log files, apply removal methodologies etc, you'll be up and running with a clean Install "days" prior.
[Image: AD83g1A.png]

Reply

RE: Help im infected (locker v 4.94 ransomware) #4
(05-25-2015, 01:20 PM)Reiko Wrote: To remove this, you'll have to wait for your malware defs to update, or learn how Windows works in depth and remove it manually.


Even if you did run a virus scan, it won't decrypt your files.
These types of malware are the equivalent of "GO AHEAD CALL THE COPS THEY CANT UNRAPE YOU"
Should've kept a backup.

Pretty much this. A clean install is probably your best option, @loading....
[Image: 7ajmN5P.jpg]

Skype: oni_sl (Add)
Steam: Oni | SL (Add)

Reply

RE: Help im infected (locker v 4.94 ransomware) #5
Did you, by any chance, get this by downloading any GTA: V mods?
[Image: 8536321abf.jpg]Me and Lux are the realest users here.
[STAFF DETERMINED SIGNATURE AS LEWD]
JDM>USDM

Reply

RE: Help im infected (locker v 4.94 ransomware) #6
As @Reiko pointed out, you're basically SOL on the files that were encrypted. You can check out Kaspersky's database and see if you're lucky enough to have a decryption key available https://noransom.kaspersky.com/

Otherwise, if you don't have anything important on the machine, scrub the drive and start fresh.
---
Click here to get started with Linux!

If I helped you, please +rep me, apparently we've started over on Rep and I'd like to break 100 again...

Inori Wrote: got clickbaited by roger

Reply

RE: Help im infected (locker v 4.94 ransomware) #7
Try decrypting them by reversing the program to get the stored keys, it is obviously communicating with a different server that stores them, or restore your system.

Shouldn't have downloaded that random program without running it sandboxed or anaylizing it, learn from your mistakes.

Reply

RE: Help im infected (locker v 4.94 ransomware) #8
(05-27-2015, 10:09 PM)Hyper_ Wrote: Try decrypting them by reversing the program to get the stored keys, it is obviously communicating with a different server that stores them, or restore your system.

Shouldn't have downloaded that random program without running it sandboxed or anaylizing it, learn from your mistakes.

This is why RSA was invented. You cannot break RSA without solving a pretty difficult math problem. You'd make more money by solving it than you would by breaking everybody's RSA keys.
I would be amazed if any cryptolocker-style malware was dumb enough to use symmetric crypto.
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47

Reply

RE: Help im infected (locker v 4.94 ransomware) #9
(05-28-2015, 02:01 PM)Reiko Wrote: This is why RSA was invented. You cannot break RSA without solving a pretty difficult math problem. You'd make more money by solving it than you would by breaking everybody's RSA keys.
I would be amazed if any cryptolocker-style malware was dumb enough to use symmetric crypto.

Yes, that's what I thought too. However, there are quite a few "newbie" ones, which use encryption, such as RSA, but fail to store keys appropriately (or make some stupid mistake).

OP's cryptolocker seems like some cheap knock-off (I think they ask for like $25), which MAY make things recoverable, but that would depend analysing the malware itself, and how it generates/stores keys. If it was CryptoWall though, gg.

Reply

RE: Help im infected (locker v 4.94 ransomware) #10
(05-28-2015, 02:01 PM)Reiko Wrote: This is why RSA was invented. You cannot break RSA without solving a pretty difficult math problem. You'd make more money by solving it than you would by breaking everybody's RSA keys.
I would be amazed if any cryptolocker-style malware was dumb enough to use symmetric crypto.

Maybe if it is one-time pad. RSA has already been cracked.

http://www.extremetech.com/extreme/17310...puters-cpu

Reply






Users browsing this thread: 1 Guest(s)