Aura

Malware Hunter
  • Content Count

    598
  • Joined

  • Last visited

  • Days Won

    5

Posts posted by Aura


  1. Salut Vincent smile.png

    Les symptômes que tu décris peuvent être associés à une infection sur un système, mais aussi à un système en très mauvais état. Le plus simple serait de commencer par vérifier si le poste est vraiment infecté ou non. Pour ce faire, suit les instructions dans le sujet ci-dessous s'il-te-plait.

    https://support.emsisoft.com/topic/4596-instructions-pour-une-demande-dassistance-de-suppression-de-malware/

    Merci!


  2. should we consider to get rid of those apps and check instead for new drivers on the manufacturers site?

    This is what I would do. These applications are just bloating your system down, and can be annoying at time, and now they are even a security issue. The best way to proceed is to grab the drivers directly from the computer/laptop manufacturer's website. If you cannot find it, then you go on that hardware's manufacturer website and if you still can't find, you rely on Windows Update for WHQL drivers.

    • Upvote 1

  3. Je te confirmes que tu es infecté avec Locky (voir le lien plus bas). Le decrypteur d'Emsisoft est pour un autre Ransomware qui s'appel AutoLocky (voir le 2ème lien plus bas), et c'est pourquoi il n'est pas capable de trouver des clés sur ton poste, car il n'y en a simplement pas. Malheureusement, il n'est pas possible de décrypter les fichiers encryptés avec Locky gratuitement à ce jour. Peut-être dans le futur.

    FAQ Locky: http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help

    Article sur AutoLocky: http://www.bleepingcomputer.com/news/security/decrypted-the-new-autolocky-ransomware-fails-to-impersonate-locky/


  4. Salut giliathnc! smile.png

    Je vais demander à Fabian de jeter un coup d'oeil à ton problème, vu qu'il a crée le decrypter. Je ne pense pas que Fabian parles Français, donc je pourrais servir d'intermédiaire.

    Edit: Peux-tu me dire quelle extensions a été ajoutée au fichiers encryptés, et quel est le nom de la note de rançon? S'il y a plusieurs extensions différentes, donnes moi-en 4-5 s'il-te-plait.


  5. Thinking about the incident a bit more, I agree with you. Appears someone probably copied in the .vbs script code Cerber uses in a posting.

    It happened back then in another Ransomware thread on BleepingComputer. Someone had copy/pasted the JS code used by a Ransomware, and avast! was flagging the page as malicious and blocking access to it. Disabling the Web Protection module stopped that behavior, so it's as Fabian said:

    It's not uncommon that scanning engines who don't perform a proper emulation of HTML and JavaScript to get confused by code that is contained within an HTML document, but not executed. So if someone posts the content of a ransomnote or of a script they found on their system, it will trigger an alert by the AV even though the script code would never be executed.


  6. It looks to me like this detection was triggered because of some malicious code posted in the Cerber Ransomware thread. Nothing unsual, nor new. Many Antivirus products will give a warning when they detect malicious JavaScript (for instance) on a webpage, even if that code is copy/pasted and not actually used on the page.

    Did you get that warning when browsing the Ransomware section, or were you in the Cerber Ransomware thread directly?


  7. ReimagePlus is considered as a PUP/Adware by many security companies. Personally, I consider it as a PUP/useless PC Booster kind of program.

    "PC Booster/Tune Up" programs are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples:

    • Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (built-in);
    • Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry Editor (built-in);
    • Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware;
    • Registry Cleaner/Defragger: Completely useless and also dangerous;
    • Disk Defragging: Disk Defrag (built-in), O&O Disk Defrag (installed), Defraggler (installed);
    • Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller and GeekUninstaller are two good alternatives;
    • "Enhanced" Task Manager: ProcExp from Sysinternals Suite (standalone executable), Process Hacker (portable or installed);
    • "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such;
    • Repair bad sectors on a hard drive: Simple chkdsk /r command under Windows (built-in);
    Having such program installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it.

    Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:


  8. Salut jeanlouisdelay! smile.png

    Si tu as besoin d'aide pour désinfecter ton poste (un dnsapi.dll patcher est souvent dû à ShopperZ), il faut que tu suives les instructions dans le sujet ci-dessous et tu postes un nouveau sujet dans la section "Help, my PC is infected!".

    https://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

    L'assistance pour désinfection d'un poste est offerte seulement en Anglais et/ou Allemand, pas en Français. Si possible, je pourrais t'aider avec la traduction Anglais -> Français au besoin.