NnitehawkK-fb

Member
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

1 Neutral

About NnitehawkK-fb

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You accepted Rebeatus's request. Mike who sent ya? Rebeatus I look all over to assist people Mike cry36 lost everything dont see getting it back question being how do you know i got hit? i keep my circle small i run anti govt site and radio sattion so only straight up criminals would have targeted me anyway Mike m sure you can understand my suspicion if you are a whitehat Rebeatus Go search .onion on Facebook and you will see your post among all Mike so is there a decryption solution? so far not https://support.emsisoft.com/topic/27231-cry9-invalid-crypton-file-pair/?page=3 Rebeatus so you tried it all Mike yep 36 is a very badly formed piece of crap and you cant even con tact the criminals that do it becasu eit was built so badly id never pay em but id like to get a few of the files back mostly just music library the rest of the stuff was usless replacable or backed up i use linux for the importent stuff if your whte hat jump in and assist i guess https://support.emsisoft.com/topic/27231-cry9-invalid-crypton-file-pair/?page=4 the two systems that got hit already went thru the grinder and i tool the encrypted files a put em away in case a key comes up
  2. i get the impression decryption is never gonna happen - i dont care about photos just my wav and mp3 files album masters ectera
  3. https://www.bleepingcomputer.com/forums/t/632389/dharma-ransomware-filenameemaildharmawalletzzzzz-support-topic/page-46#entry4190880
  4. http://borncity.com/win/2017/05/25/wannacry-co-eternalblue-vulnerability-checker-und-crysis-ransomware-decryptor/ anyone wanna try this?
  5. does anyone know the exact name of this variation would it make it easier to search
  6. i retired the system have it sitting waiting for a decyption all the removal stuff does not fully work yet either gotta go dig in your registeray and dump all the onion and wcry entries after running several different removal tools it just simply cam back or tried to and ill never trust that box again anyway- so its in the corner being called bad dog i really needed to update this bussiness interface anyway just been putting it off due to all the automation required for a radio stations switchboard if i had not lost my email i wouldnt even give a crap plus i just did'nt wanna join the NSA or all the yea i got a tin hat - BS that comes along with windows 10
  7. http://sensorstechforum.com/wana-decrypt0r-decrypt-files-for-free/ way out of my skill set
  8. i block 445 in the firewall and peer block now kill drive sharing but i dont use it all that much anyway http://www.backup-utility.com/anti-ransomware/how-to-block-port-445-in-windows-3889.html UPDATE - found wcry exception in my firewal
  9. after removing the virus itself i have a service starting up this happens in a command window after i close the sandboxed service that eats 50% cpu resources C:\WINDOWS\system32>ping 127.0.0.1 -n 10 Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=8ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Reply from 127.0.0.1: bytes=32 time<1ms TTL=64 Ping statistics for 127.0.0.1: Packets: Sent = 10, Received = 10, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 8ms, Average = 0ms C:\WINDOWS\system32>net1 user IISUSER$ /del & net1 user IUSR_Servs /del System error 1722 has occurred. The RPC server is unavailable. System error 1722 has occurred. The RPC server is unavailable. C:\WINDOWS\system32>sc config MpsSvc start= auto & net start MpsSvc [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. System error 123 has occurred. The filename, directory name, or volume label syntax is incorrect. C:\WINDOWS\system32>netsh advfirewall set allprofiles state on WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: advfirewall set allprofiles state on. C:\WINDOWS\system32>netsh advfirewall firewall add rule name="tcp all" dir=in pr otocol=tcp localport=0-65535 action=allow WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: advfirewall firewall add rule "name=tcp all " dir=in protocol=tcp localport=0-65535 action=allow. C:\WINDOWS\system32>netsh advfirewall firewall add rule name="deny tcp 445" dir= in protocol=tcp localport=445 action=block WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: advfirewall firewall add rule "name=deny tc p 445" dir=in protocol=tcp localport=445 action=block. C:\WINDOWS\system32>netsh advfirewall firewall add rule name="tcpall" dir=out pr otocol=tcp localport=0-65535 action=allow WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: advfirewall firewall add rule name=tcpall d ir=out protocol=tcp localport=0-65535 action=allow. C:\WINDOWS\system32>netsh ipsec static add policy name=win WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add policy name=win. C:\WINDOWS\system32>netsh ipsec static add filterlist name=Allowlist WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filterlist name=Allowlist. C:\WINDOWS\system32>netsh ipsec static add filterlist name=denylist WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filterlist name=denylist. C:\WINDOWS\system32>netsh ipsec static add filter filterlist=denylist srcaddr=an y dstaddr=me description=not protocol=tcp mirrored=yes dstport=135 WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=135. C:\WINDOWS\system32>netsh ipsec static add filter filterlist=denylist srcaddr=an y dstaddr=me description=not protocol=tcp mirrored=yes dstport=137 WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=137. C:\WINDOWS\system32>netsh ipsec static add filter filterlist=denylist srcaddr=an y dstaddr=me description=not protocol=tcp mirrored=yes dstport=138 WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=138. C:\WINDOWS\system32>netsh ipsec static add filter filterlist=denylist srcaddr=an y dstaddr=me description=not protocol=tcp mirrored=yes dstport=139 WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=139. C:\WINDOWS\system32>netsh ipsec static add filter filterlist=denylist srcaddr=an y dstaddr=me description=not protocol=tcp mirrored=yes dstport=445 WARNING: Could not obtain host information from machine: [STUDIO]. Some commands may not be available. The specified service does not exist as an installed service. The following command was not found: ipsec static add filter filterlist=denylist srcaddr=any dstaddr=me description=not protocol=tcp mirrored=yes dstport=445. C:\WINDOWS\system32>netsh ipsec static add filteraction name=Allow action=permit
  10. this thing also infected/encrypted all my backups and the ones it didnt went missing even on my local cloud drive i had mapped