楼主: 陪你去见鬼
收起左侧

[求助] 一个24小时运行的Win7中了勒索病毒!!!

  [复制链接]
wwwab
发表于 2022-5-24 12:17:52 | 显示全部楼层
以后发勒索信请给原图

不要翻译
不要翻译
不要翻译


还好后缀是mkp,一眼就能看出来是makop
Jirehlov1234
发表于 2022-5-24 12:26:09 | 显示全部楼层
wwwab 发表于 2022-5-24 12:17
以后发勒索信请给原图

不要翻译

单靠后缀还是证据不足。好在楼主这个例子可以通过邮箱和勒索信格式来判断是makop。
gbx972
发表于 2022-5-24 12:33:30 | 显示全部楼层
lvzhiwei 发表于 2022-5-24 10:52
卡巴斯基也防止不了所有病毒包括勒索,卡巴名气大会有人专门针对卡巴做免疫的。还是要和前面几楼说的那样 ...

直接用HIPS保护数据,别说病毒,就连ali的保护进程读取能防,还有什么防不了
gbx972
发表于 2022-5-24 12:42:15 | 显示全部楼层
不知道LZ的WIN7是不是SP1,有没有打到最新的补丁。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
xzykgc4mc3
发表于 2022-5-24 12:48:00 | 显示全部楼层
Hibike 发表于 2022-5-23 23:23
防勒索的话,智量/KART/HMPA吧

大佬,弱弱问一声,火绒跟Kaspersky Anti-Ransomware Tool能够搭配吗
00006666
发表于 2022-5-24 12:49:56 | 显示全部楼层
dongwenqi 发表于 2022-5-24 10:52
是的,我系统是win7,没打过系统补丁,没有中招勒索病毒

楼主那个是开公网IP,然后被扫描到给爆破了,一般家庭使用的都是内网IP。
陪你去见鬼
 楼主| 发表于 2022-5-24 12:53:09 来自手机 | 显示全部楼层
wwwab 发表于 2022-5-24 12:17
以后发勒索信请给原图

不要翻译

::: Greetings :::

Little FAQ:

.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.

.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.

.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.

.4.
Q: How to contact with you?
A: You can write us to our mailbox: hopeandhonest@smime.ninja

.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.

.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.



:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.


这是原文
dongwenqi
发表于 2022-5-24 12:53:33 | 显示全部楼层
00006666 发表于 2022-5-24 12:49
楼主那个是开公网IP,然后被扫描到给爆破了,一般家庭使用的都是内网IP。

说的也是
00006666
发表于 2022-5-24 12:55:17 | 显示全部楼层
陪你去见鬼 发表于 2022-5-24 12:53
::: Greetings :::

Little FAQ:

分享一个被加密的文档文件来判断比单独看这个勒索信要准确。
陪你去见鬼
 楼主| 发表于 2022-5-24 13:01:47 | 显示全部楼层
freeyang 发表于 2022-5-24 12:00
Win7做家庭小服务器真的安全性太差了,而且楼主还把它暴露公网,肯定都被扫描无数次了。没事整个linux做小 ...

下载机还是win方便啊,整个迅雷和百度云,就能远程控制下载了,而且还有个打印机是通过Win7共享给其他设备的,Linux不知道怎么驱动打印机并共享
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-6-16 22:43 , Processed in 0.137432 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表