2 Pages V   1 2 >  
Reply to this topicStart new topic
> I'm So Angry!
Gabriel Leopardi
post Dec 17 2015, 06:52 AM
Post #1


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



Hey guys,

Yesterday has been a really bad day for me. Please check out this article: LINK

If you've checked that article you will know about a global malware propagation. The bad news is that my computer has been one of the infected. I have lots of pictures, zips, mp4, pdfs, docx and more encrypted with the extension .vvvv . I've tried everything suggested (which is not too much) but I couldn't fix my files.

I had different one disk for system and 3 other ones for documents and works. The malware reached each of them...

If any of you knows how to fix this issue please let me know, but from what I've read, this is very new and it seems that there is not a way to fix it.

mad.gif sad.gif

This post has been edited by Gabriel Leopardi: Dec 17 2015, 06:53 AM


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
Phil66
post Dec 17 2015, 09:30 AM
Post #2


Learning Apprentice Player
*

Group: Members
Posts: 3.774
Joined: 5-July 14
From: The Black Country, England
Member No.: 19.975



Sorry to hear that Gab.
I'll keep an eye out for a fix. Hopefully someone will have one in the next few days.



--------------------

GMC CERTIFICATE

“Success is not obtained overnight. It comes in installments; you get a little bit today, a little bit tomorrow until the whole package is given out. The day you procrastinate, you lose that day's success.”
Israelmore Ayivor
Go to the top of the page
 
+Quote Post
Sensible Jones
post Dec 17 2015, 01:08 PM
Post #3


GMC:er
Group Icon

Group: GMC Senior
Posts: 6.233
Joined: 2-January 09
From: London-ish. UK.
Member No.: 6.517



Is THIS any help Gab?
Most other fixes I've found involve purchasing 'Spyhunter' program. It seems to be successful though.


--------------------
I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
Go to the top of the page
 
+Quote Post
GeneT95
post Dec 17 2015, 01:30 PM
Post #4


GMC:er
*

Group: Members
Posts: 144
Joined: 26-March 08
Member No.: 4.701



I used to fix family and friend's computer often issues like this. Although I haven't done an in depth search on this virus, the article Sensible Jones provided the link for seems to be for removing the virus rather than files retrieval. Which means its too new and counter coders haven't developed a complete fix yet. It may take a while to break an encryption and will likely not be free.

You may have to wait for file recovery until a company, like the mentioned Spyhunter, writes a complete fix. It'll happen. It just may take more time as opposed to a program that identifies the virus before insertion.

When you upgrade, consider a Mac, rather than money for other gear. Yeah I know their more expensive although used units can be gotten from MacSales.com ( http://eshop.macsales.com/shop/Apple_Syste...acs_and_Tablets ) if they ship to your location or find a used retailer in Europe. Generally companies will send/give you the Apple version of programs you use. Until hackers finally break into the Apple market, it's really one of the only solid big reason to switch systems. I haven't needed to fix a computer for family since I forcibly converted my parents and kids to Apple. Before that, I was fixing my daughter's computer every month.
Go to the top of the page
 
+Quote Post
fzalfa
post Dec 17 2015, 02:05 PM
Post #5


Learning Roadie
*

Group: Members
Posts: 1.662
Joined: 10-March 15
From: France, provence, vaucluse, carpentras
Member No.: 20.796



I know how this can really get someone on the nerve and claim for war !!!

Laurent


--------------------

Yes, i love badges.....
Go to the top of the page
 
+Quote Post
ChrisGLP
post Dec 17 2015, 02:46 PM
Post #6


Learning Apprentice Player
*

Group: Members
Posts: 172
Joined: 15-July 15
From: Germany
Member No.: 21.100



Hi Gab...

here is an detailed information about the virus and instruction to remove the virus... It is in german language but you can change the language at the end of the site...

http://dieviren.de/vvv-virus/

Remove the virus: They especially advice "SpyHunter" with the newest update....

Decrypt the files (without engagement): They advice Photorec, R-Studio or Kaspersky Antiviren-Tools

But the chance to decrypt the files is not very high...sorry


I don't know if it works, but its a small chance.....
Go to the top of the page
 
+Quote Post
Gabriel Leopardi
post Dec 17 2015, 04:29 PM
Post #7


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



Thanks guys! Yes, I've been reading a lot and it seems that the decryption of the files is not possible at less at this moment. I'll continue alert to see if a solution appears. Knowing the fact that the malware had a 74% of reach in Japan, I assume that there is a lot of people interested in finding the way to fix the files...


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
Todd Simpson
post Dec 17 2015, 06:55 PM
Post #8


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.129
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



Did you open the zip file in the email? Thats the only way that the payload from the malware can be delivered. Never open zip files that you get in email btw sad.gif What anti malware/virus software are you using? It should have caught it. If you are not using any such software, I'd say it's time to install some. There is a FREEWARE software called AVAST that is very good.

Also, if you use GMAIL for your email, it will try to scan every email and attachment for malicious things and delete or at least war you. What are you using for your email?




QUOTE (Gabriel Leopardi @ Dec 17 2015, 01:52 AM) *
Hey guys,

Yesterday has been a really bad day for me. Please check out this article: LINK

If you've checked that article you will know about a global malware propagation. The bad news is that my computer has been one of the infected. I have lots of pictures, zips, mp4, pdfs, docx and more encrypted with the extension .vvvv . I've tried everything suggested (which is not too much) but I couldn't fix my files.

I had different one disk for system and 3 other ones for documents and works. The malware reached each of them...

If any of you knows how to fix this issue please let me know, but from what I've read, this is very new and it seems that there is not a way to fix it.

mad.gif sad.gif


I wasn't going to say this but since someone else already did, I can only say, GOOD IDEA!! smile.gif Macs are not immune from everything of course, but as they are a small chunk of the market (less than 10 percent of computers are macs in the wild) so hackers see them as a smaller target. I use a Macintosh and run AVAST software for security and I've never had a malware or virus issue. Ever. Knock on wood smile.gif

Todd

QUOTE (GeneT95 @ Dec 17 2015, 08:30 AM) *
Consiider a Mac, rather than money for other gear. Yeah I know their more expensive although used units can be gotten from MacSales.com ( http://eshop.macsales.com/shop/Apple_Syste...acs_and_Tablets ) if they ship to your location or find a used retailer in Europe. Generally companies will send/give you the Apple version of programs you use. Until hackers finally break into the Apple market, it's really one of the only solid big reason to switch systems. I haven't needed to fix a computer for family since I forcibly converted my parents and kids to Apple. Before that, I was fixing my daughter's computer every month.


--------------------
Go to the top of the page
 
+Quote Post
Gabriel Leopardi
post Dec 17 2015, 08:08 PM
Post #9


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



QUOTE (Todd Simpson @ Dec 17 2015, 02:55 PM) *
Did you open the zip file in the email? Thats the only way that the payload from the malware can be delivered. Never open zip files that you get in email btw sad.gif What anti malware/virus software are you using? It should have caught it. If you are not using any such software, I'd say it's time to install some. There is a FREEWARE software called AVAST that is very good.

Also, if you use GMAIL for your email, it will try to scan every email and attachment for malicious things and delete or at least war you. What are you using for your email?



No, I never open attached files from unknown email accounts, and even when my contacts send me something that I'm not sure it's ok, I don't open it. It's weird to read that this is the only way to get the virus. I use Gmail and hotmail, why?

I wonder if this could have been transmitted from my cellphone to my computer...


I hope that some kind of soft to decode my documents appear...


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
Rammikin
post Dec 18 2015, 04:11 AM
Post #10


Experienced Rock Star
*

Group: Members
Posts: 729
Joined: 4-November 10
Member No.: 11.529



Sorry to hear about your misfortune. I don't have any help to offer, but I just wanted to point out it's possible this did not happen by opening an attachment. While less common than deploying via email attachment, Teslacrypt can also be delivered via a "driveby" attack when you visit a website that is designed to deliver the malware by exploiting a vulnerability in Flash or Windows. Most browsers have a feature where you can block Flash, but this feature is generally disabled by default.

So, in addition to following Todd's advice about being careful about email attachments, It's also a good idea to block Flash and keep your Windows up to date. Also, frequent backups is a good idea so you can retrieve your files, whether due to an attack like this or loss due to any other cause.

As for waiting for a decryption tool, Teslacrypt has been evolving rapidly this year, becoming tougher each time. Recent versions don't have any information on your drive that can be used for decryption, so if you're unlucky enough to have been attacked by a recent version, it is unlikely there will be decryption tool soon.

One other piece of advice: if you think you might pay the ransom, I would suggest starting on getting bitcoin access sooner rather than later. It can take a while to get that set up and you only have a limited amount of time. But, hopefully you won't need to do this.




--------------------
Go to the top of the page
 
+Quote Post
Gabriel Leopardi
post Dec 18 2015, 02:10 PM
Post #11


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



Hi Ram, thanks for your words. From what I've been reading, the version that reached me is really new. .VVV extension seems to be very recent so all are bad news for me regarding this.

I have my computer working well again, with everything re installed, but still keep the files encrypted hoping for some kind of magic thing happens that lets me get back my files. Mostly those personal pictures full of beautiful moments that we've lost. sad.gif


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
Todd Simpson
post Dec 19 2015, 12:46 AM
Post #12


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.129
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



Does ANYONE else have access to your computer? If so, then they could have been responsible for this, even by accident.

GMAIL has a virus scanner built in. It scans every attachment in EMAIL and if it can't scan the attachment it will warn you by saying "WE CAN"T SCAN THIS, ARE YOU SURE YOU WANT TO DOWNLOAD IT?" before you download which is handy! smile.gif That's what is great about gmail vs something like outlook.

The attachment is where the virus lives. You have to open the attachment before the virus can deliver it's payload typically. How did you come to find out that you had this virus/malware? Did you get notifications that your files won't be unlocked until you pay ransom money?

Cell to computer? Probably not. Unless you opened the attachment on your phone and this would assume your phone is connected to your gmail account. Still i'd say that's a remote chance.

as Rammikin pointed out, any web site can have malware on it so one can get infected just by browsing the web. The link you shared was a zip file delivery type of deal but certainly, just browsing can result in malware.

This brings me back to suggesting that EVERYONE INSTALL ANTI MALWARE on their machines. AVAST is free and quite good for PC and MAC. There are other free packages as well. Many of us use the same machine for music production and for web surfing so it's critical to protect ourselves. I'm very sad to see a brother in arms impacted by malware sad.gif


QUOTE (Gabriel Leopardi @ Dec 17 2015, 03:08 PM) *
No, I never open attached files from unknown email accounts, and even when my contacts send me something that I'm not sure it's ok, I don't open it. It's weird to read that this is the only way to get the virus. I use Gmail and hotmail, why?

I wonder if this could have been transmitted from my cellphone to my computer...


I hope that some kind of soft to decode my documents appear...


This post has been edited by Todd Simpson: Dec 19 2015, 09:49 AM


--------------------
Go to the top of the page
 
+Quote Post
Darius Wave
post Dec 19 2015, 11:47 AM
Post #13


Instructor
Group Icon

Group: GMC Instructor
Posts: 5.258
Joined: 29-November 12
From: Poland
Member No.: 17.069



Gabriel...have you tried "hijack" or "combo fix". They say there is a risk of something that could go wrong but I use those for years now and haven't had any issues by far and very often it helps. One of the very fisrt things I do when I have a virus is:

1. Uninstall your current antivirus
2. Download and install another one (even if only for this little case...you can alwasy go back to the one of your choice for long time usage). I recommend AVAST free. I has an option of virus scan at the point where system is not fully loaded so it won't block virus files from removing.
3. Work a few more days with new antivirus so it will capture some suspected activity and remove it
4. Go back to the anti-virus that ios most effeicient for your system


--------------------
Go to the top of the page
 
+Quote Post
Gabriel Leopardi
post Dec 21 2015, 02:10 PM
Post #14


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



Thanks for the suggestions guys! As I reinstalled everything, my computer is clean now. I'm now waiting for a solution to decode my encrypted my files.

Someones shared this link at my facebook: https://github.com/googulator/teslacrack

It seems that it's a solution but I don't understand it and I'm now really scared of trying this kind of stuff... blink.gif


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
Rammikin
post Dec 21 2015, 04:51 PM
Post #15


Experienced Rock Star
*

Group: Members
Posts: 729
Joined: 4-November 10
Member No.: 11.529



Getting the public key is the easy part, and that's all that tool does. Doing the factorization is the hard part, and in practical terms, unless you're very lucky, is difficult. I'm skeptical about the claim it can be done in a few days on a powerful computer, but it might be worth a try.

This post has been edited by Rammikin: Dec 21 2015, 04:58 PM


--------------------
Go to the top of the page
 
+Quote Post
Todd Simpson
post Dec 21 2015, 07:50 PM
Post #16


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.129
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



Which files of your got encrypted? Do you have any backups for these files?


QUOTE (Gabriel Leopardi @ Dec 21 2015, 09:10 AM) *
Thanks for the suggestions guys! As I reinstalled everything, my computer is clean now. I'm now waiting for a solution to decode my encrypted my files.

Someones shared this link at my facebook: https://github.com/googulator/teslacrack

It seems that it's a solution but I don't understand it and I'm now really scared of trying this kind of stuff... blink.gif



--------------------
Go to the top of the page
 
+Quote Post
Gabriel Leopardi
post Dec 23 2015, 01:07 AM
Post #17


Instructor
Group Icon

Group: GMC Instructor
Posts: 28.432
Joined: 3-March 07
From: Argentina
Member No.: 1.289



QUOTE (Todd Simpson @ Dec 21 2015, 03:50 PM) *
Which files of your got encrypted? Do you have any backups for these files?



There are lots of jpg files, family pictures that are encrypted and we don't have back-up.


--------------------
My lessons

Do you need a Guitar Plan?
Join Gab's Army

Check my band:Cirse
Check my soundcloud:Soundcloud

Please subscribe to my:Youtube Channel
Go to the top of the page
 
+Quote Post
yoncopin
post Dec 23 2015, 02:57 PM
Post #18


Learning Rock Star
*

Group: Members
Posts: 426
Joined: 26-September 09
From: USA
Member No.: 7.667



Gabriel, I don't think all hope is lost here. First, try just renaming a file back to .jpg and see if it opens. It's possible they aren't encrypted at all. If that doesn't work (kinda a longshot), then there are decrypter's available for this malware (if you have what I think you have). Try this first, the process is a bit technical, but if you need help just PM me. I think it should work, but be careful not to re-infect your now clean PC.

https://github.com/Googulator/TeslaCrack

Here are some others to try if above doesn't work.

http://blogs.cisco.com/security/talos/teslacrypt
https://github.com/vrtadmin/TeslaDecrypt/tree/master/Windows
http://www.talosintel.com/teslacrypt_tool/

This is probably a good moment to review your PC habits. I'd run AVG or Avast antivirus, use the Chrome browser and I usually install the Adblock Plus and Ghostery extensions. That should keep most everything out if you aren't running questionable attachments or .exe's. I'd also recommend regular backups, at least of your important files, to Dropbox or maybe Google Photos or something. Hope this works, fingers crossed.

edit: Also, make sure to keep your Adobe Flash up-to-date with automatic updates and disable any Java extension in your browser.

This post has been edited by yoncopin: Dec 23 2015, 03:03 PM


--------------------
Go to the top of the page
 
+Quote Post
Phil66
post Dec 23 2015, 06:26 PM
Post #19


Learning Apprentice Player
*

Group: Members
Posts: 3.774
Joined: 5-July 14
From: The Black Country, England
Member No.: 19.975




After some research I was pretty much going to put what Brian said. The renaming of the for extension is a great idea, sometimes these virus' just create a red herring by changing the extension because that doesn't take as much coding as encryption. Very much worth a shot.
Definitely look into Dropbox as a back up system. Not very much power month and the Dropbox is backed up for a month for any deleted files.
All the best Gab


--------------------

GMC CERTIFICATE

“Success is not obtained overnight. It comes in installments; you get a little bit today, a little bit tomorrow until the whole package is given out. The day you procrastinate, you lose that day's success.”
Israelmore Ayivor
Go to the top of the page
 
+Quote Post
Todd Simpson
post Dec 24 2015, 05:53 PM
Post #20


GMC:er
Group Icon

Group: GMC Instructor
Posts: 14.129
Joined: 23-December 09
From: Atlanta, Georgia, USA
Member No.: 8.794



If the renaming the file extension trick ( back to .jpg) works, then you can get a windows utility to rename wads of files automatically. smile.gif There are wads of free apps for this on mac and pc. Let us know!

QUOTE (Gabriel Leopardi @ Dec 22 2015, 08:07 PM) *
There are lots of jpg files, family pictures that are encrypted and we don't have back-up.



--------------------
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Lo-Fi Version Time is now: 26th March 2017 - 08:30 AM