I'm So Angry! |
|
|
|
|
Dec 17 2015, 06:52 AM
|
|
Hey guys,
Yesterday has been a really bad day for me. Please check out this article: LINK If you've checked that article you will know about a global malware propagation. The bad news is that my computer has been one of the infected. I have lots of pictures, zips, mp4, pdfs, docx and more encrypted with the extension .vvvv . I've tried everything suggested (which is not too much) but I couldn't fix my files. I had different one disk for system and 3 other ones for documents and works. The malware reached each of them... If any of you knows how to fix this issue please let me know, but from what I've read, this is very new and it seems that there is not a way to fix it.  
This post has been edited by Gabriel Leopardi: Dec 17 2015, 06:53 AM -------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
 |
 
|
|
|
|
|
|
Dec 17 2015, 09:30 AM
|
|
Sorry to hear that Gab.
I'll keep an eye out for a fix. Hopefully someone will have one in the next few days. -------------------- SEE MY GMC CERTIFICATE  “Success is not obtained overnight. It comes in instalments; you get a little bit today, a little bit tomorrow until the whole package is given out. The day you procrastinate, you lose that day's success.” Israelmore Ayivor |
|
|
|
|
|
|
|
|
Dec 17 2015, 01:08 PM
|
|
Is THIS any help Gab?
Most other fixes I've found involve purchasing 'Spyhunter' program. It seems to be successful though. -------------------- I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
|
|
|
|
|
|
|
|
|
Dec 17 2015, 01:30 PM
|
|
I used to fix family and friend's computer often issues like this. Although I haven't done an in depth search on this virus, the article Sensible Jones provided the link for seems to be for removing the virus rather than files retrieval. Which means its too new and counter coders haven't developed a complete fix yet. It may take a while to break an encryption and will likely not be free.
You may have to wait for file recovery until a company, like the mentioned Spyhunter, writes a complete fix. It'll happen. It just may take more time as opposed to a program that identifies the virus before insertion. When you upgrade, consider a Mac, rather than money for other gear. Yeah I know their more expensive although used units can be gotten from MacSales.com ( http://eshop.macsales.com/shop/Apple_Syste...acs_and_Tablets ) if they ship to your location or find a used retailer in Europe. Generally companies will send/give you the Apple version of programs you use. Until hackers finally break into the Apple market, it's really one of the only solid big reason to switch systems. I haven't needed to fix a computer for family since I forcibly converted my parents and kids to Apple. Before that, I was fixing my daughter's computer every month. |
|
|
|
|
|
|
|
|
Dec 17 2015, 02:05 PM
|
|
I know how this can really get someone on the nerve and claim for war !!!
Laurent --------------------    |
|
|
|
|
|
|
|
|
Dec 17 2015, 02:46 PM
|
|
Hi Gab...
here is an detailed information about the virus and instruction to remove the virus... It is in german language but you can change the language at the end of the site... http://dieviren.de/vvv-virus/ Remove the virus: They especially advice "SpyHunter" with the newest update.... Decrypt the files (without engagement): They advice Photorec, R-Studio or Kaspersky Antiviren-Tools But the chance to decrypt the files is not very high...sorry I don't know if it works, but its a small chance..... |
|
|
|
|
|
|
|
|
|
Dec 17 2015, 04:29 PM
|
|
Thanks guys! Yes, I've been reading a lot and it seems that the decryption of the files is not possible at less at this moment. I'll continue alert to see if a solution appears. Knowing the fact that the malware had a 74% of reach in Japan, I assume that there is a lot of people interested in finding the way to fix the files...
-------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
|
|
|
|
|
|
|
|
Dec 17 2015, 06:55 PM
|
|
Did you open the zip file in the email? Thats the only way that the payload from the malware can be delivered. Never open zip files that you get in email btw
What anti malware/virus software are you using? It should have caught it. If you are not using any such software, I'd say it's time to install some. There is a FREEWARE software called AVAST that is very good.Also, if you use GMAIL for your email, it will try to scan every email and attachment for malicious things and delete or at least war you. What are you using for your email? QUOTE (Gabriel Leopardi @ Dec 17 2015, 01:52 AM)  Hey guys, Yesterday has been a really bad day for me. Please check out this article: LINK If you've checked that article you will know about a global malware propagation. The bad news is that my computer has been one of the infected. I have lots of pictures, zips, mp4, pdfs, docx and more encrypted with the extension .vvvv . I've tried everything suggested (which is not too much) but I couldn't fix my files. I had different one disk for system and 3 other ones for documents and works. The malware reached each of them... If any of you knows how to fix this issue please let me know, but from what I've read, this is very new and it seems that there is not a way to fix it. I wasn't going to say this but since someone else already did, I can only say, GOOD IDEA!!  Macs are not immune from everything of course, but as they are a small chunk of the market (less than 10 percent of computers are macs in the wild) so hackers see them as a smaller target. I use a Macintosh and run AVAST software for security and I've never had a malware or virus issue. Ever. Knock on wood Todd QUOTE (GeneT95 @ Dec 17 2015, 08:30 AM) Consiider a Mac, rather than money for other gear. Yeah I know their more expensive although used units can be gotten from MacSales.com ( http://eshop.macsales.com/shop/Apple_Syste...acs_and_Tablets ) if they ship to your location or find a used retailer in Europe. Generally companies will send/give you the Apple version of programs you use. Until hackers finally break into the Apple market, it's really one of the only solid big reason to switch systems. I haven't needed to fix a computer for family since I forcibly converted my parents and kids to Apple. Before that, I was fixing my daughter's computer every month.
|
|
|
|
|
|
|
|
|
|
Dec 17 2015, 08:08 PM
|
|
QUOTE (Todd Simpson @ Dec 17 2015, 02:55 PM) Did you open the zip file in the email? Thats the only way that the payload from the malware can be delivered. Never open zip files that you get in email btw What anti malware/virus software are you using? It should have caught it. If you are not using any such software, I'd say it's time to install some. There is a FREEWARE software called AVAST that is very good.Also, if you use GMAIL for your email, it will try to scan every email and attachment for malicious things and delete or at least war you. What are you using for your email? No, I never open attached files from unknown email accounts, and even when my contacts send me something that I'm not sure it's ok, I don't open it. It's weird to read that this is the only way to get the virus. I use Gmail and hotmail, why? I wonder if this could have been transmitted from my cellphone to my computer... I hope that some kind of soft to decode my documents appear... -------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
|
|
|
|
|
|
|
|
Dec 18 2015, 04:11 AM
|
|
Sorry to hear about your misfortune. I don't have any help to offer, but I just wanted to point out it's possible this did not happen by opening an attachment. While less common than deploying via email attachment, Teslacrypt can also be delivered via a "driveby" attack when you visit a website that is designed to deliver the malware by exploiting a vulnerability in Flash or Windows. Most browsers have a feature where you can block Flash, but this feature is generally disabled by default.
So, in addition to following Todd's advice about being careful about email attachments, It's also a good idea to block Flash and keep your Windows up to date. Also, frequent backups is a good idea so you can retrieve your files, whether due to an attack like this or loss due to any other cause. As for waiting for a decryption tool, Teslacrypt has been evolving rapidly this year, becoming tougher each time. Recent versions don't have any information on your drive that can be used for decryption, so if you're unlucky enough to have been attacked by a recent version, it is unlikely there will be decryption tool soon. One other piece of advice: if you think you might pay the ransom, I would suggest starting on getting bitcoin access sooner rather than later. It can take a while to get that set up and you only have a limited amount of time. But, hopefully you won't need to do this. -------------------- Cyber-industrial music and video animations:
https://vimeo.com/channels/thedignitymachine https://vimeo.com/channels/somewheretohide Facebook: https://www.facebook.com/RodrigoSpacecraft |
|
|
|
|
|
|
|
|
|
Dec 18 2015, 02:10 PM
|
|
Hi Ram, thanks for your words. From what I've been reading, the version that reached me is really new. .VVV extension seems to be very recent so all are bad news for me regarding this.
I have my computer working well again, with everything re installed, but still keep the files encrypted hoping for some kind of magic thing happens that lets me get back my files. Mostly those personal pictures full of beautiful moments that we've lost.
-------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
|
|
|
|
|
|
|
|
|
Dec 21 2015, 02:10 PM
|
|
Thanks for the suggestions guys! As I reinstalled everything, my computer is clean now. I'm now waiting for a solution to decode my encrypted my files.
Someones shared this link at my facebook: https://github.com/googulator/teslacrack It seems that it's a solution but I don't understand it and I'm now really scared of trying this kind of stuff... 
-------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
|
|
|
|
|
|
|
|
|
Dec 21 2015, 04:51 PM
|
|
Getting the public key is the easy part, and that's all that tool does. Doing the factorization is the hard part, and in practical terms, unless you're very lucky, is difficult. I'm skeptical about the claim it can be done in a few days on a powerful computer, but it might be worth a try.
This post has been edited by Rammikin: Dec 21 2015, 04:58 PM -------------------- Cyber-industrial music and video animations:
https://vimeo.com/channels/thedignitymachine https://vimeo.com/channels/somewheretohide Facebook: https://www.facebook.com/RodrigoSpacecraft |
|
|
|
|
|
|
|
|
|
Dec 21 2015, 07:50 PM
|
|
Which files of your got encrypted? Do you have any backups for these files?
QUOTE (Gabriel Leopardi @ Dec 21 2015, 09:10 AM) Thanks for the suggestions guys! As I reinstalled everything, my computer is clean now. I'm now waiting for a solution to decode my encrypted my files. Someones shared this link at my facebook: https://github.com/googulator/teslacrack It seems that it's a solution but I don't understand it and I'm now really scared of trying this kind of stuff... |
|
|
|
|
|
|
|
|
|
Dec 23 2015, 01:07 AM
|
|
QUOTE (Todd Simpson @ Dec 21 2015, 03:50 PM) Which files of your got encrypted? Do you have any backups for these files? There are lots of jpg files, family pictures that are encrypted and we don't have back-up. -------------------- My lessons
Do you need a Guitar Plan? Join Gab's Army Check my band:Cirse Check my soundcloud:Soundcloud Please subscribe to my:Youtube Channel |
|
|
|
|
|
|
|
|
Dec 23 2015, 02:57 PM
|
|
Gabriel, I don't think all hope is lost here. First, try just renaming a file back to .jpg and see if it opens. It's possible they aren't encrypted at all. If that doesn't work (kinda a longshot), then there are decrypter's available for this malware (if you have what I think you have). Try this first, the process is a bit technical, but if you need help just PM me. I think it should work, but be careful not to re-infect your now clean PC.
https://github.com/Googulator/TeslaCrack Here are some others to try if above doesn't work. http://blogs.cisco.com/security/talos/teslacrypt https://github.com/vrtadmin/TeslaDecrypt/tree/master/Windows http://www.talosintel.com/teslacrypt_tool/ This is probably a good moment to review your PC habits. I'd run AVG or Avast antivirus, use the Chrome browser and I usually install the Adblock Plus and Ghostery extensions. That should keep most everything out if you aren't running questionable attachments or .exe's. I'd also recommend regular backups, at least of your important files, to Dropbox or maybe Google Photos or something. Hope this works, fingers crossed. edit: Also, make sure to keep your Adobe Flash up-to-date with automatic updates and disable any Java extension in your browser. This post has been edited by yoncopin: Dec 23 2015, 03:03 PM --------------------  |
|
|
|
|
|
|
|
|
|
Dec 23 2015, 06:26 PM
|
|
+¹
After some research I was pretty much going to put what Brian said. The renaming of the for extension is a great idea, sometimes these virus' just create a red herring by changing the extension because that doesn't take as much coding as encryption. Very much worth a shot. Definitely look into Dropbox as a back up system. Not very much power month and the Dropbox is backed up for a month for any deleted files. All the best Gab -------------------- SEE MY GMC CERTIFICATE “Success is not obtained overnight. It comes in instalments; you get a little bit today, a little bit tomorrow until the whole package is given out. The day you procrastinate, you lose that day's success.” Israelmore Ayivor |
|
|
|
|
 
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
