Zašifrované soubory - virus??? Vyřešeno

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: memphisto, Mods_senior, Security team

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Zašifrované soubory - virus???  Vyřešeno

Příspěvekod maxixxx » 05 pro 2015 10:16

Dobrý den

dnes spustím PC a všechny soubory mám s příponou vvv a nejdou otevřít.
Na ploše přibyl soubor bmp zřejmě zpráva od pachatele.
(Myslím, že je v ní napsáno něco jako zaplat a dáme to do pořádku.

Co s tím?

Mám takto zakodované všechny fotky a videa za 15 let.

Díky za každou radu

Hlášku přikládám v příloze
Nemáte oprávnění prohlížet přiložené soubory.



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 38602
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod jaro3 » 05 pro 2015 11:04

http://www.bleepingcomputer.com/virus-r ... ion#ransom

zkusit metodu How to decrypt your files using Locker Unlocker
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 11:44

Pokud postupuji podle pokynů "hackerů"

viz. příloha

je mně z toho skoro špatně

díky všem za jakoukoli pomoc
Nemáte oprávnění prohlížet přiložené soubory.

Uživatelský avatar
faraon
Master Level 8
Master Level 8
Příspěvky: 6355
Registrován: prosinec 10
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod faraon » 05 pro 2015 11:55

Při troše štěstí by mohlo zabrat tohle i bez placení: https://www.csirt.cz/page/2261/

Screenshoty neukládej do zavirovatelného DOCX, ale v Malování je ulož jako JPG. Bude to bezpečnější a ten soubor vyjde menší.

Mimochodem. Jsou dva druhy lidí. Ti kteří zálohují, a ti kteří o nějaká data teprve přijdou.
Zálohování sice také stojí peníze, ale nakonec vyjde levněji, do budoucna... ;-)
"Pimonte, Pimonte, co jsi ty za pána, že za tebou padla ta majlandská brána, hop, hop, hop.
Ta majlandská brána a ty čtyři mosty, vystav si, Pi­monte, silnější forposty, hop, hop, hop!"

Píseň dobrého vojáka Švejka

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 12:17

Mimochodem. Jsou dva druhy lidí. Ti kteří zálohují, a ti kteří o nějaká data teprve přijdou.
Zálohování sice také stojí peníze, ale nakonec vyjde levněji, do budoucna... ;-)[/quote]

Vše mám zálohovaný na googledisku (platím skoro 300 měsíčně za 1TB), ale tam se přeneslo šifrování.

Uživatelský avatar
faraon
Master Level 8
Master Level 8
Příspěvky: 6355
Registrován: prosinec 10
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod faraon » 05 pro 2015 12:30

Tohle není záloha, cloud je stejně "bezpečný" jako kdybys "zálohoval" na flashku nebo SSD, tedy vůbec! Zvlášť pokud se ti tam automaticky uploadují všechny změněné soubory a ihned přepíšou ty původní...

Záloha jsou nejméně tři kopie, na třech odlišných druzích médií, uložených ve třech geograficky vzdálených lokalitách. Z toho nejméně jedna nepřepisovatelná.

Takže můžeš mít všechno vypálené na DVD nejnižší možnou rychlostí, nahrané na externím harddisku uloženém v uzamykatelné skříni nebo trezoru, a pro jistotu jednu pracovní kopii v tom cloudu, abys měl všechno po ruce když potřebuješ. Je potřeba čas od času kontrolovat stav těch záznamů, nebo pro jistotu všechno zkopírovat ještě jednou.

Vyzkoušel jsi ten csirt.cz?
"Pimonte, Pimonte, co jsi ty za pána, že za tebou padla ta majlandská brána, hop, hop, hop.
Ta majlandská brána a ty čtyři mosty, vystav si, Pi­monte, silnější forposty, hop, hop, hop!"

Píseň dobrého vojáka Švejka

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 12:39

faraon

Máš pravdu, na cloudu zálohuju jen pro případ, že mně kleknou disky v PC.
S tímto sem opravdu nepočítal.

S tím csirt.cz nějak nevím co mám dělat
Na tý stránce:

Uvolněn bezplatný nástroj umožňující dešifrovat soubory zašifrované ransomwarem CryptoLocker
07.08.2014 20:57
Bezpečnostní experti vytvořili online službu, kde mohou oběti, jejichž systém byl zašifrován ransomwarem CryptoLocker získat zdarma klíč pro dešifrování.

kliknu na odkaz a dál nevím

díky

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 13:18

Odměna 5t tomu kdo mně vrátí moje soubory

Díky všem

Uživatelský avatar
faraon
Master Level 8
Master Level 8
Příspěvky: 6355
Registrován: prosinec 10
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod faraon » 05 pro 2015 13:22

Koukám že online to už nefunguje, tak od nich musíš stáhnout Decryptolocker.exe a použít ho v příkazovém řádku. Parametr -h ti vypíše nápovědu. Víc ti k němu neřeknu, já ho v Linuxu nespustím ;-)
"Pimonte, Pimonte, co jsi ty za pána, že za tebou padla ta majlandská brána, hop, hop, hop.
Ta majlandská brána a ty čtyři mosty, vystav si, Pi­monte, silnější forposty, hop, hop, hop!"

Píseň dobrého vojáka Švejka

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 13:41

Spustím Decryptlocker
a stane se: viz. příloha

V příkazovém řádku Decryptlocker.exe -h
Nemáte oprávnění prohlížet přiložené soubory.

Uživatelský avatar
faraon
Master Level 8
Master Level 8
Příspěvky: 6355
Registrován: prosinec 10
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod faraon » 05 pro 2015 13:54

Zkopíruj k němu do adresáře nějakou zašifrovanou fotku a předhoď mu jí:

Kód: Vybrat vše

decryptolocker   fotka.jpg


A uvidíme jestli si s tím poradí nebo je to nějaká nová šifra.
"Pimonte, Pimonte, co jsi ty za pána, že za tebou padla ta majlandská brána, hop, hop, hop.
Ta majlandská brána a ty čtyři mosty, vystav si, Pi­monte, silnější forposty, hop, hop, hop!"

Píseň dobrého vojáka Švejka

maxixxx
Level 1.5
Level 1.5
Příspěvky: 123
Registrován: červen 13
Pohlaví: Muž

Re: Zašifrované soubory - virus???

Příspěvekod maxixxx » 05 pro 2015 14:08

Toto se stane

C:\>Decryptolocker fotka.jpg

crypto-un-locker
The MIT License (MIT)

Copyright (c) 2013 Kyrus Tech

Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of

the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS

FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.






END USER LICENSE AGREEMENT
For DECRYPTOLOCKER MATERIALS
LAST UPDATED ON AUGUST 5, 2014

THIS END USER LICENSE AGREEMENT (THE "AGREEMENT") IS A LEGAL AGREEMENT BETWEEN Y
OU AND FIREEYE, INC., WITH ITS PRINCIPAL OFFICES AT 1440 MCCARTHY BLVD., MILPITA
S, CA, 95035, USA ("FIREEYE"), IN ASSOCIATION WITH FOX IT, WITH ITS PRINCIPAL OF
FICES AT OLOF PALMESTRAAT 6, 2616 LM DELFT, THE NETHERLANDS ("FOX"), (TOGETHER,
THE "OWNERS", "WE" OR "US"). BY CLICKING "I AGREE", YOU ACCEPT ALL TERMS AND CO
NDITIONS OF THIS AGREEMENT. IF YOU DO NOT WISH TO ACCEPT THIS AGREEMENT, YOU SH
OULD CLICK "CANCEL" IN WHICH CASE YOU WILL NOT BE ABLE TO USE THE MATERIALS PROV
IDED HEREUNDER, INCLUDING EXECUTABLES, DECRYPTION KEYS, AND ANY OTHER MATERIALS
PROVIDED AS PART OF THE "DECRYPTOLOCKER" SERVICE (COLLECTIVELY, THE "MATERIALS")
. THIS AGREEMENT DESCRIBES THE TERMS AND CONDITIONS APPLICABLE TO YOUR USE OF T
HE MATERIALS.

IMPORTANT NOTE: These Terms contain provisions that disclaim and limit our liabi
lity to you and restrict class or representative actions. Please read sections 1
1 and 12 below for more information.

1. OTHER APPLICABLE TERMS. This Agreement refers to the following additional te
rms, which also apply to your use of the DecryptCryptoLocker.com website (the "W
ebsite") and decryption services procured via the Website ("Services", which are
described below): Privacy Policy, and Website Terms of Use.
2. CHANGES OF TERMS. We may revise this Agreement at any time by posting the re
vised Agreement on the Website, and you agree that your use of the Materials aft
er such changes will constitute your acceptance of such changes. For your conven
ience, the date of last revision is included at the top of this page; this is th
e effective date for such revisions. Changes to this Agreement will not be appli
ed retrospectively unless We are legally required to do so. We may make changes
to the Website, Materials and/or Service at any time.
3. PROPRIETARY RIGHTS. The Materials and Website are the sole and exclusive pro
perty of Owners and/or its licensors. You agree not to reproduce, duplicate, cop
y, sell, resell or exploit for any commercial purpose, any portion of the Materi
als or the Website other than as expressly authorized by us in writing.
4. PERMITTED USES. We invite you to download a single copy of the Materials for
your own use; provided, however, that you may not duplicate, publish, modify, d
istribute, perform or create derivative works from any part of the Materials or
Website unless expressly authorized by us in writing. You agree that you will no
t remove or modify any acknowledgments, credits or legal notices contained on th
e Website or in the Materials.
5. ADDITIONAL RESTRICTIONS. You may not sell the Materials or bundle them for r
edistribution with other products, including software products. You may not make
or distribute copies of the Materials for commercial use, whether in conjunctio
n with any third party software or otherwise. Any copy that you make of the Mate
rials, in whole or in part, is the property of Owners. You agree to reproduce an
d include in their entirety all copyright, trademark and other proprietary right
s notices on any copy or any portion thereof of the Materials you receive under
this Agreement. Owners reserve all rights not expressly granted pursuant to this
Agreement. This Agreement is not a sale of the Materials, any copies or part th
ereof, or any other software, and you shall have no title to or ownership in the
Materials, or any copies or part thereof, regardless of the form on which the o
riginal and any copies may exist. Owners reserve the right to offer upgrades to
the Materials at Owners' sole discretion. Any such upgrades may be subject to t
heir own End-User License Agreements, and may not be copied and distributed exce
pt by the terms of those agreements, if applicable. You agree not to use the Ma
terials for rental or as a part of a commercial time-sharing or service bureau o
peration. You may not use the Materials for any illegal purpose, and you may no
t use the Materials to decrypt or examine any file, system, computer, or data fr
om any computer, that you do not have the unequivocal legal right to decrypt or
examine.
6. INTELLECTUAL PROPERTY. The Materials are protected by United States and inte
rnational copyright laws. The names, marks, brands, logos, designs, trade dress
and other designations Owners use in connection with the Materials are proprieta
ry to Owners.
7. SERVICES. The Services are provided free of charge. They allow you to uploa
d an encrypted CryptoLocker file to the relevant web page on the Website. Once u
ploaded, if our software is able to provide a decryption key to the encrypted Cr
yptoLocker file, then We will email you the decryption and provide you with an o
ption to download an executable file used to decrypt the affected files. If We a
re able to provide you with a decryption key, We will use reasonable endeavours
to provide you with the key and an executable file to download as soon as possib
le and usually this will be within one (1) to twenty-four (24) hours of you uplo
ading the encrypted CryptoLocker file. When you execute this file on your comput
er with the provided decryption key, it will decrypt the encrypted CryptoLocker
file. Delivery will be by means of your downloading the executable file only fro
m the Website. We make no guarantee and do not warrant that the executable file
or decryption key will be able to decrypt your encrypted files. Once you have do
wnloaded the executable file, you acknowledge that We will have completed our ob
ligations to you in providing the Decryption Services in respect of the particul
ar file you uploaded and you acknowledge that you will not be permitted to cance
l the supply of the Decryption Services.
8. EXPORT COMPLIANCE. You agree that you will not, directly or indirectly, ship
, transfer, transmit, export or re-export, or knowingly permit any of the forego
ing with respect to the Materials, or any technical information about the Materi
als, to any country for which the United States Export Administration Act, any r
egulation thereunder, or any similar United States law or regulation, requires a
n export license or other United States Government approval, unless the appropri
ate export license or approval has been obtained. Delivery of Materials does no
t imply third-party authority to import, distribute, or use encryption. Importer
s, distributors, customers and users are responsible for compliance with all loc
al country laws. The Owners strongly recommend that importers, distributors, and
users investigate such regulations prior to encryption product deployment.
9. TERMINATION. You may terminate this Agreement at any time by deleting all co
pies of the Materials from your systems, networks and devices. Owners may termin
ate this Agreement at any time by providing you with individual notice, or by po
sting a notice on the Website. When this Agreement terminates or expires, all ri
ghts granted to you will cease, and you must immediately destroy or purge from y
our computer system the Materials and all copies in your possession.
10. TRADEMARKS. Unauthorized use of any of our trademarks, service marks or logo
s are prohibited, and may constitute a violation of applicable law, including wi
thout limitation federal and state trademark laws.
11. DISCLAIMERS AND LIMITATION OF LIABILITY. THE MATERIALS ARE PROVIDED TO YOU O
N AN "AS IS" "AS AVAILABLE" BASIS WITHOUT WARRANTY OR CONDITION OF ANY KIND EITH
ER EXPRESS OR IMPLIED. We specifically disclaim all warranties and conditions of
any kind including without limitation all implied warranties and conditions of
merchantability, fitness for a particular purpose, title, freedom from defects,
accuracy, uninterrupted use, non-infringement and all warranties implied from an
y course of dealing or usage of trade. We make no warranty that (a) the Material
s will meet your requirements, (b) use of the Materials will be uninterrupted or
virus- or error-free; (c) errors will be corrected; or (d) as to the accuracy,
completeness or reliability of the Materials. You are responsible for verifying
any information before relying on it. Use of the Materials is at your sole risk.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES WHICH MEANS
THAT SOME OR ALL OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU, DEPENDING ON WHE
RE YOU RESIDE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL LIABILITY, WHETHER BASED
IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND FU
RTHER DISCLAIM ALL LOSSES, INCLUDING WITHOUT LIMITATION INDIRECT, INCIDENTAL, CO
NSEQUENTIAL, OR SPECIAL DAMAGES (INCLUDING WITHOUT LIMITATION, PROCUREMENT OF SU
BSTITTUE GOODS OR SERVICES, LOSS OF USE, DATA OR PROFITS OR BUSINESS INTERRUPTIO
N) ARISING OUT OF OR IN ANY WAY CONNECTED WITH ACCESS TO OR USE OF THE MATERIALS
, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT
OWNERS ARE HELD LIABLE FOR ANY CLAIM ARISING FROM THIS AGREEMENT OR THE USE OF
THE MATERIALS, THE OWNERS' MAXIMUM AGGREGATE LIABILITY HEREUNDER FOR ALL SUCH CL
AIMS WILL NOT EXCEED FIFTY DOLLARS ($50).
12. INDEMNITY. You agree to indemnify, defend and hold us, our subsidiaries, and
affiliates, and their respective officers, agents, partners and employees, harm
less from any loss, liability, claim, or demand, including reasonable attorneys'
fees due to or arising out of your use of the Materials and/or breach of this A
greement.
13. CHOICE OF LAW/FORUM. This Agreement shall be governed by, and will be constr
ued under, the laws of the State of California, without regard to choice of law
principles. You irrevocably agree to the exclusive jurisdiction by the federal a
nd state courts located in San Jose, California to settle any dispute which may
arise out of, under, or in connection with this Agreement, the Materials or the
Website. YOU AGREE THAT NO CLAIM ARISING OUT OF THIS AGREEMENT OR YOUR USE OF TH
E MATERIALS OR THE WEBSITE MAY BE BROUGHT AS A CLASS ACTION.
14. MISCELLANEOUS. If any provision of this Agreement is held to be invalid or u
nenforceable, such provision shall be struck and the remaining provisions shall
be enforced. Headings are for reference purposes only and in no way define, limi
t, construe or describe the scope or extent of such section. Our delay or failur
e to act with respect to any failure by you or others to comply with these Terms
does not waive such failure or any subsequent or similar failures or waive our
right to act with respect to such failure or any subsequent or similar failures.
Nothing contained in this Agreement will be deemed to constitute Owners or you
as the agent or representative of the other or as joint venturers or partners. T
his Agreement sets forth the entire understanding and agreement between us with
respect to the Materials, and supersedes and extinguishes all previous agreement
s, promises, assurances, warranties, representations and understandings between
us relating to the Materials. You agree that you shall not have any remedies in
respect of any statement, representation, assurance or warranty (whether made in
nocently or negligently) from us that is not set out in this Agreement. ANY CAUS
E OF ACTION OR CLAIM YOU MAY HAVE WITH RESPECT TO THIS AGREEMENT OR THE MATERIAL
S MUST BE COMMENCED WITHIN SIX (6) MONTHS AFTER THE CLAIM OR CAUSE OF ACTION ARI
SES OR SUCH CLAIM OR CAUSE OF ACTION SHALL BE BARRED. You may not assign or tran
sfer your rights or obligations under this Agreement without our prior written c
onsent, and any assignment or transfer in violation of this provision shall be n
ull and void. We reserve the right to seek all remedies available at law and in
equity for violations of this Agreement and/or the rules and regulations set for
th on the Website, including without limitation the right to block or terminate
access from a particular internet address without notice.
16. CONTACT. If you have any questions, concerns, complaints or suggestions rega
rding this Agreement, please contact us by email at decryptcryptolocker@FireEye.
com.
YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND UNDERSTAND IT. BY DOWNLOAD
ING OR USING ANY OF THE MATERIALS, YOU CONSENT TO BE BOUND BY THIS AGREEMENT.

Type 'Yes' to agree to the above terms or 'No' to exit: Yes
usage: Decryptolocker.exe [-h] (--key RAWKEY | --find) [-r] [-v] [-o DESTDIR]
[--csv CSVFILE]
encrypted_filenames [encrypted_filenames ...]
Decryptolocker.exe: error: one of the arguments --key --find is required

C:\>


Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 0 hostů