chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Help im infected (locker v 4.94 ransomware) filter_list
Author
Message
RE: Help im infected (locker v 4.94 ransomware) #21
(05-29-2015, 01:08 AM)Reiko Wrote: WOW. Your attitude sure changed quick.

Yeah, well, you did the research, can't argue with that.

(05-29-2015, 01:06 AM)nothing.nobody Wrote: Yes, now please tell me how to crack a remote box's 4096-bit encrypted SSH RSA key by listening to your computer. Oh wait, you fucking can't.

Like Reiko said, side channel attacks don't count because they're simply useless unless you have physical access to the computer. Kill yourself.

LOL, u in a bad mood?
(This post was last modified: 05-29-2015, 01:09 AM by Hyper_.)

Reply

RE: Help im infected (locker v 4.94 ransomware) #22
(05-29-2015, 12:41 AM)Reiko Wrote: Side-channel attacks also don't count. You cannot do that to every implementation of RSA, or even a good implementation of RSA.

You also can't do that from more than a few meters away from someone actively decrypting or signing data with their RSA key.

Furthermore, an OTP is infeasible in most cases because of the sheer size of the key. It has to be as large as the plaintext to be entirely secure.


EDIT: He read this, then went to go Google something that makes me wrong. That's why he hasn't responded yet. Here, let me make it a little harder and quote something from your own link
GnuPG 1.* is basically dead. 2.0.27 is the current "stable" version, and this particular attack does not work on its implementation of RSA. Nor does it work on the "modern" GnuPG, or any smartcard implementation I'm aware of.

Even the "classic" version has been updated to defeat these side-channel attacks, as noted on gnupg.org

If I am wrong, put your money where your mouth is. Factor my RSA public key and decrypt this.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

hQEMA0Z7jvw97mgcAQf+KXA4PdwCarQKkQZOgicpQt0u/n9iAB/p2d0skfsqiyQp
pYWnMzgcAVYSXkRZFdnp0Q3TN8OnK9sToelqd8rnozPNZQAEu8xf8mUpeVMQqEnc
+g+nPfRjmU/om62iULQz3qnIYPNC2jQUl7DtGEfyuNWfPvj0ZSEEy6yB0oKhNN+L
k9JHnO5fzgiv7D7gFEkTbhOQ94sWIA1dxslO94NgoYyNuBMG08QPftEUKjtLNDfU
WEViB2y6Xfh9AsPiqgW0FI8d22nxaOi0rhX8gS9lZlinmfBdepPb0z7CHT9CmAP4
c4pyokO1EO4XYkM12Drg7TAbShs8DdzIb43XbZkuB9J5AUwJXnj9MKlES5PQuQwv
YM8vmbqeXTUjsw3gjBqOPDQH/Cq+bVczVSFYXbUClRb5ip8H9oUsV4VehaP6mHjg
sXmJKT2joTT09GxgP0PGfMnMb2QMMautZB7o9DEMoSUU0BX27aD+i70/MsU0E5QH
ZjNgcB5Kr2i7IA==
=FRAf
-----END PGP MESSAGE-----


[Image: srcstc.gif]
---
Click here to get started with Linux!

If I helped you, please +rep me, apparently we've started over on Rep and I'd like to break 100 again...

Inori Wrote: got clickbaited by roger

Reply

RE: Help im infected (locker v 4.94 ransomware) #23
Here's more info on it that I found http://www.bleepingcomputer.com/virus-re...tion#clean


Alright guys I have successfully and fully removed the ransomware and here's how in case anyone else gets it.

First, open msconfig, go to the services tab and find the service named IDR and disable it.

Download sysinternals suite and open the application called "PSkill" and kill the process named "rkcl.exe" (You wont be able to kill it normally because it has enabled by a "Zero Access Rootkit".

Open your file explorer and navigate to C:\ProgramData and delete the folder "Rkcl". This will remove the Locker executable and the service executable.

Next, download RogueKiller and run a scan with it. http://www.bleepingcomputer.com/download...er/dl/121/

It will detect any malicious registry keys (and there will be a few) and remove them along with the Zero Access Rootkit and any other malicious files it may have installed.

Next, download one of the few free decrypters made specifically for this purpose (google them, they will come up trust me.) and they will TRY to decrypt the files using their database of known keys. It may take awhile, but it works! (at least it did for me and it only took about 40 minutes)


Hopefully that helps anyone who gets infected in the future!

Reply

RE: Help im infected (locker v 4.94 ransomware) #24
(05-31-2015, 09:56 PM)loading... Wrote: Here's more info on it that I found http://www.bleepingcomputer.com/virus-re...tion#clean


Alright guys I have successfully and fully removed the ransomware and here's how in case anyone else gets it.

First, open msconfig, go to the services tab and find the service named IDR and disable it.

Download sysinternals suite and open the application called "PSkill" and kill the process named "rkcl.exe" (You wont be able to kill it normally because it has enabled by a "Zero Access Rootkit".

Open your file explorer and navigate to C:\ProgramData and delete the folder "Rkcl". This will remove the Locker executable and the service executable.

Next, download RogueKiller and run a scan with it. http://www.bleepingcomputer.com/download...er/dl/121/

It will detect any malicious registry keys (and there will be a few) and remove them along with the Zero Access Rootkit and any other malicious files it may have installed.

Next, download one of the few free decrypters made specifically for this purpose (google them, they will come up trust me.) and they will TRY to decrypt the files using their database of known keys. It may take awhile, but it works! (at least it did for me and it only took about 40 minutes)


Hopefully that helps anyone who gets infected in the future!

Good work @loading... and congrats on getting your data back. You've been very lucky in this instance.
---
Click here to get started with Linux!

If I helped you, please +rep me, apparently we've started over on Rep and I'd like to break 100 again...

Inori Wrote: got clickbaited by roger

Reply






Users browsing this thread: 1 Guest(s)