Jump to content

LUPike

Member
  • Content Count

    21
  • Joined

  • Last visited

Community Reputation

0 Neutral

About LUPike

  • Rank
    Member
  • Birthday 08/22/1970

Contact Methods

  • Website URL
    http://techsol-tx.com

Profile Information

  • Gender
    Male
  • Location
    Texas

Recent Profile Visitors

1920 profile views
  1. I stand corrected (beat you to it)... the owner of cock.li and rape.lol is Vincent Canfield. He lived in Maine, but apparently is now living in Romania... so, not surprising this stuff came from there. Apparently his services have already made main stream news.
  2. Files attached. My post was "LITERALLY" the first on Emsisoft for rapid. This variant hasn't been out very long, and very few outlets have any information on it. Let's try to capture as much info as possible. FYI... the website the email and DNS is hosted through (rape.lol) is through a hosting company in Romania. A side-bar (has been reported as an alternate email address for the ransom) is 'cock.li'. That domain is registered through an individual (?) in Maine. ...someone please find me an address to these SOB's... I want to pay them a visit. Analog Clock-Google.gg.rapid
  3. I have a PC (and data on a couple of network shares) that have been encrypted by Rapid/Paymeme. The ransomware set VSS to a limit of 0, then restarted the volsnap service and then stopped VSS (resulting in no previous versions on the local PC). It targeted a long list of typical file extensions, including image files (png, jpg, etc...), document files (txt, xls, xlsx, doc, etc...), data storage files (dbf, mdb, pst, etc...), and application files (exe, dll, etc...). The information I have discovered so far shows that the encryption is performed by a process (named either rapid.exe or info.exe,
  4. I wanted to note that I did uninstall EAM, and perform a fresh reinstall (after a reboot). With in a few minutes of the installation completing, the EAM interface went non-responsive... and less than 3 minutes later nothing was working. I only tried this on a single PC. I was not able to draw a direct corollary to Emsisoft update engine, but in the logs on two separate PC's, I did see that the EAM updater had updated 'Core' files prior to those particular systems being affected. As a note, these are different than the standard 'Scheduler' updates, which appear to be threat definitions.
  5. At least one of the PCs in the affected office is running an AMD chipset, so a Microsoft released intel update is not applicable on that PC (there may be two other AMD systems, but I have not confirmed). I have numerous other offices that are running EAM without issue (including my own office and my wife's workplace). This issue is going to be specific to the applications being used at the office, but it is clear that EAM (and possibly EEC) is(are) the application(s) causing the lockups. After removing EAM on all systems, I have not had a single reported issue.
  6. JeremyNicoll, In my case, no. The first issue appeared on a single PC a little over a week ago. The subsequence machines in that office all began exhibiting the problem on Wednesday, about noon... ALL of the computers with EAM on them. Rebooting into safe mode, disabling all EAM related services and startup options (using MSCONFIG) and rebooting into normal mode resolved the issue... but now they are in an 'unprotected' mode.
  7. GT500, The user with the affected machine has been busy with end of month reporting. I have ran the Service Control command to remove the EPP service, but have not had an opportunity to uninstall all drivers and reinstall them... The reason for this update is that, today about noon, all of the remaining PC's at this office (13 systems) began doing the same thing. Several of the system logs I reviewed (eventvwr -> System Log) shows a2service.exe crashes numerous times, and at some point, the system stops responding completely. The desktop and open applications are still visible, som
  8. Thanks GT500... I will do that as soon as possible, and update the results. -Ronnie
  9. Peter2150, I have EAM running on many computers... the office this is in alone has 13 seats, and almost all of them are Win7Pro x64. Regardless, this is a new problem that just began today on this PC, after a reboot. It was working without issue for the last several months. I have attached a list of the software installed on the system below (SoftwareList.txt). I installed Enterprise Console at this site earlier this month to simplify EAM configuration, specifically for numerous exclusions required for a software upgrade at the end of this month. I can try installing EAM without EC tomo
  10. Specs: Emsisoft Anti-Malware v17.12.1.8340 Windows 7 Professional - SP1 64bit Intel i5 w/16GB RAM System has been running fine for several weeks, and after rebooting this morning, the system freezes up (stops responding) after logon. Booting into safe mode and using MSConfig to Disable Emsisoft (Services and Startup) allowed the PC to boot and be usable. The software was showing it was up to date. I uninstalled the software and reinstalled with the Emsisoft Web Installer. When prompted, I entered the license key, and then joined the system to the Emsisoft Enterprise
  11. Thanks Kevin! I ran the reports on the 31st... no changes to PC since then to my knowledge. I am attaching the logs... if you need newer ones, I completely understand and can run fresh reports. Thanks again, -Ronnie a2scan_150131-164300.txt FRST.txt
  12. Thanks Kevin, I re-ran RogueKiller and selected and deleted the items you had listed above. The log is attached. Once that process completed, I rebooted the PC and attempted to load several webpages using both Chrome and Internet Explorer. Neither experienced any unusual pop-ups, redirects, nor ad insertions. I will watch it for the next few days and report any issues... but i think that took care of it. Thanks again. -Ronnie RKreport_DEL_01272015_180906.log
  13. Thanks Kevin. I ran the scan today... the report is attached. -Ronnie RKreport_SCN_01272015_113959.txt
×
×
  • Create New...