Amigo-A

Visiting Expert
  • Content Count

    825
  • Joined

  • Last visited

  • Days Won

    15

Everything posted by Amigo-A

  1. And what you wrote above (about using a PC at home and in public places, in library or internet cafe etc.) - now not only computers and not only people who have computers can do this, now other smart devices can do it. Some people have learned to use these devices, but do not know how to use computers. And they no longer need them. The functionality of smart devices is almost unlimited. Smartphones, tablets also have pre-installed software, and people have learned how to determine which software is needed for them and which one needs to be removed forever.
  2. Yes. You said correctly, this is people who don't care how it works
  3. Reco - this is STOP Ransomware with .reco extension HildaCrypt - this is another ransomware. The decryptor for Hilda is made to decrypt files encrypted by HildaCrypt Ransomware. It did not spread massively and you could not get this infection.
  4. Jeremy You also once sat down at your computer for the first time.
  5. It seems that I already answered above at what you just wrote. Absolutely stupid people do not exist, and if they bought a PC and learned how to press some buttons and keys, then this is already a big progress. Then they learn more.
  6. For example, recently AdwCleaner learned to do this. I tested this for a month on my and other people's PCs and saw very good results.
  7. If you mean an "absolutely stupid user", then this user does not need to use up a computer and surf the Internet. If you have in mind a slightly smart user, then programs that can correctly delete pre-installed unnecessary software are suitable for him.
  8. What do you mean by a ordinary user? In advertising, some use the concept of “ordinary”, for example, "ordinary washing powder", but this does not exist.
  9. @JeremyNicoll Hello Here can add ... "... - delete all pre-installed programs without a doubt, which are not related to devices drivers and auxiliary software for these devices". So it will be more correct.
  10. @andrey Есть немало шифровальщиков, которые используют Windows PowerShell для атаки и успешно осуществляют её в массовом порядке. В том числе до сих пор живо целое их поколение, которое или так и называется PowerShell Locker Ransomware или приобретает новые имена (типа этого) и ЭТО до сих периодические распространяется, когда у криптонариков набрутенные баксы перестают им петь романсы. Если бы этой функции не было в составе Windows, то им пришлось бы внедрять что-то подобное, чтобы осуществить эту атаку, вот тут поведенческий анализ и дал бы им жару. Если вы сами никогда не пользуетесь Windows PowerShell то отключите эту горе-фичу от греха подальше.
  11. Buttons, keys for brightness control - this is on the side of drivers and software from manufacturers. We talked about software that does not belong to this area, but is obtrude oneself into the user. If Samsung cannot develop such software itself and takes it from others, then it must certify its partners. Quite a lot of preinstalled software is now installed by Microsoft itself. This does not apply to the OS Windows , but is also obtrude on users with the OS.
  12. На этот вопрос лучше ответить по-русски, т.к. некоторые словесные обороты будут неправильно переведены. Все софт-коммерсы жаждут продвинуться и развиться, поэтому наблюдение и отслеживание (в т.ч. шпионаж и слежка до кучи) у них стоят во главе угла. Эти действия, скорее всего, будут носить характер сбора информации о другом ПО и предпочтениях пользователя. Так повелось изначально, без этого им не выжить. Но у этого сбора инфы есть другая более опасная сторона. Скорее всего эти мелкие компашки будут кем-то взломаны и база данных о клиентах утечет со всеми вытекающими последствиями. Вам это надо? Нет, разумеется.
  13. Hello @andrey Your new computer must have the latest software and is trusted protected. This is the best solution. When done in parts is expensive, then buying a PC with a preinstalled OS manufacturer is more economical. At the same time, if us compare a PC with a house and a protected private territory, then you should know all the equipment that is used: for water supply, for electricity metering, reliable door locks, video surveillance, etc. It is unlikely that you will use for all this what is lying in the garbage dump. At the same time, you invite external specialists to whom you trust or do everything yourself to install the purchased equipment. You will not entrust this work to unknown people who have an unknown reputation and you will not leave a stranger in your house without observing him. Also should be with software. If the pre-installed programs were set by the PC manufacturer or its partners, then these are not your partners, these are completely alien people with their intentions and commercial purpose. You do not know what they set and what goals they pursued. Therefore, the verdict should be unambiguous - delete all pre-installed programs without a doubt. Your PC is your property, your fortress, your territory, there is no place for a strangers here! /// Ваш новый ПК должен иметь актуальное ПО и надежно защищен. Это наилучшее решение. Когда все по частям собирать дорого, то покупка ПК с предустановленной производителем ОС экономичнее. При этом, если сравнить ПК с домом и охраняемой частной территорией, то вы должны знать все оборудование, которое используется: для водоснабжения, для учета электричества, надежные замки на дверях, видеонаблюдение и прочее. Вряд ли вы будете использовать для всего этого то, что валяется на мусорной свалке. При этом вы приглашаете для установки купленного оборудования внешних специалистов, которым вы доверяете или делаете все самостоятельно. Вы не доверите эту работу неизвестным людям, у которых неизвестная репутация и вы не оставите чужого человека в вашем доме без наблюдения за ним. Также должно быть с программным обеспечением. Если предустановленные программы поставил производитель ПК или его партнеры, то это не ваши партнеры, это совершенно чужие люди со своими намерениями и коммерческой целью. Вы не знаете, что они установили и какие цели они преследовали. Поэтому, вердикт должен быть однозначен — удалять все предустановленные программы без сомнения. Ваш ПК - ваша собственность, ваша крепость, ваша территория, чужим здесь не место!
  14. @GT500 From the information provided, it can be seen that this applies to Estemani Ransomware, which I discovered and described back in August. Several updates are known, but not all published. Here are a few samples... https://www.virustotal.com/gui/file/c2203c894ed7f4daa70a40ceefb4a3a05f16baed2f7a7fbd4d1f922bd6b859aa/detection https://www.virustotal.com/gui/file/c2203c894ed7f4daa70a40ceefb4a3a05f16baed2f7a7fbd4d1f922bd6b859aa/detection https://www.virustotal.com/gui/file/3d60014bcc1e20033ade8dcd41336b2a8c353104e474b6e27bb9f05d31cce485/detection https://www.virustotal.com/gui/file/97f15370088409941f8e7fcf2fe80364ee244874a98151e58c0d273ebcf9397a/detection
  15. DataKeeper Ransomware description + Translation into English Unfortunately, Emsisoft do not have a decryptor for files after this encryptor.
  16. Yes, I probably know which encryptor did this, but I need confirmation. Attach the original file of ransom note and several encrypted files to your message.
  17. Yes, I probably know which encryptor did this, but I need confirmation. Attach the original file of ransom note and several encrypted files to your message.
  18. In newer versions, the number of characters in the identifier may be the same for 'online' and 'offline' encrypted files. But at the end should be t1 But nothing prevents the extortionists from changing something so that it does not correspond to what we know. A lot of time has already passed to do this. There are no good news, so new versions may remain not decrypted.' We can not influence this in any way. Also, you will not find anything better than those decrypters, because the extortionists has changed the encryption process for the better for them.
  19. Hello .bora - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. The only tool that is available so far does still not support this variant. Details >>
  20. .reco - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. Currently not decryptable. The only tool that is available so far does still not support this variant. Details >>
  21. .kuub - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. If encryption was done using an offline key, you can use the decryptor - link
  22. Yes. This is Ranion Ransomware We know about this ransomware and its iterations from the beginning of 2017. Unfortunately, Emsisoft do not have a decryptor for files after this encryptor. https://www.emsisoft.com/ransomware-decryption-tools/free-download I also have not heard anyone release a decryptor for this problem. As a results of the Internet search, you can find sites that report decryption. All this is a fraud and a lie.
  23. .meds - this is variant of STOP Ransomware The ability to decrypt depends on how the files were encrypted. If encryption was done using an offline key, you can use the decryptor - link # 1, link # 2.
  24. I can’t know for sure. We always hope that the files can be returned, if not now, then in the future.