A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese looking symbol and a future date as late as 2046. They then become impossible to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals 'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese looking symbol and a future date as late as 2046. They then become impossible to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals 'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese looking symbol and a future date as late as 2046. They then become impossible to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals 'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
On 2023-01-29 18:31, Philip Herlihy wrote:
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese
looking symbol and a future date as late as 2046. They then become impossible
to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
If files on the host machine are not altered, then the malware is
probably not active, for some reason.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals
'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware
on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
In theory, as long as you do not execute anything in there, you should
be safe.
I do not remember if (standard) USB media can have autoexec capabilities.
Me, I would examine the disk from Linux first.
But non standard usb media can be perverted and do things. That means a
very bad guy is involved with "resources".
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese looking symbol and a future date as late as 2046. They then become impossible to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals 'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese looking symbol and a future date as late as 2046. They then become impossible to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals 'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
Philip Herlihy wrote:
A friend just sent me this:
Could be failing storage media, too.
Kaspersky makes a Linux based virus scanner that you can put on a
bootable USB stick or CD. It is simple to operate and use. https://www.kaspersky.com/downloads/free-rescue-disk
Trend Micro, and many of the others, can online scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html
Make the Linux boot USB on a clean comp then use it on her laptop.
Connect to Trend with her laptop.
If it is truly ransomware then the encrypted data is lost.
Philip Herlihy wrote on 1/29/2023 12:31 PM:
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese
looking symbol and a future date as late as 2046. They then become impossible
to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals
'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware
on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
It could also mean the external drives are corrupted, especially when a
woman was the owner of the laptop. It may sound sexist but I know many
women would just pull the external USB connector out at will without
telling windows to "eject" the drive.
The reason you see wrong file date and "Chinese looking characters" and
can't even open the file is because the file is corrupted. You can use Windows to scan the drive for errors.
Right-click on the drive icon. Choose "Properties". Choose "Tools".
Choose "Check".
Hope it helps.
On 1/29/2023 12:31 PM, Philip Herlihy wrote:
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be infected with an unknown trojan which resists both Norton and McAfee.... it replaces file names in Word and sometimes pdfs or Excel files with a Chinese
looking symbol and a future date as late as 2046. They then become impossible
to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals
'honouring' their offer) the affected files are simply gone. But how to attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to extract the disks and hook them up to a machine of my own, to run antimalware
on them, or do manual investigation with the likes of Autoruns and Process Explorer? Any advice welcomed!
Paste the Chinese character into
translate.google.com
and tell us what character that equates to.
We need that to search for a name for your pest.
Alternately, take a picture of the character with a
digital camera, to provide some isolation between
the pest materials and your functional computers.
*******
There are two possibilities:
ransomware
wiper
Also, be very careful as to what equipment you connect
the laptop to. These things are designed to spread over
networks, in order to decimate every computer in the room.
A wiper is a ransomware, where the objective is destruction
and not the payment of a ransom. It just ruins your files.
Paul
I could use a Windows 10 "Quick Assist" connection
without risking my own
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be >infected with an unknown trojan which resists both Norton and McAfee.... it >replaces file names in Word and sometimes pdfs or Excel files with a Chinese >looking symbol and a future date as late as 2046. They then become impossible >to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals >'honouring' their offer) the affected files are simply gone. But how to >attempt to 'treat' the devices, and host?
I'm out of touch with how things like this work these days. Is it safe to >extract the disks and hook them up to a machine of my own, to run antimalware >on them, or do manual investigation with the likes of Autoruns and Process >Explorer? Any advice welcomed!
On Sun, 29 Jan 2023 17:31:30 -0000, Philip Herlihy <PhillipHerlihy@SlashDevNull.invalid> wrote:
A friend just sent me this:
"I also have a portable hard disk and at least one USB stick which may be >infected with an unknown trojan which resists both Norton and McAfee.... it >replaces file names in Word and sometimes pdfs or Excel files with a Chinese
looking symbol and a future date as late as 2046. They then become impossible
to read."
I haven't managed to establish yet whether her laptop (presumably the host for
these devices) is also infected - but I'd guess it is.
Sounds like a ransomware virus to me? Though she hasn't mentioned any demands.
My assumption is that without paying for a decryption key (and the criminals >'honouring' their offer) the affected files are simply gone. But how to >attempt to 'treat' the devices, and host?
Can the renamed files be opened with Word, Excel, or a pdf reader?
I'm out of touch with how things like this work these days. Is it safe to >extract the disks and hook them up to a machine of my own, to run antimalware
on them, or do manual investigation with the likes of Autoruns and Process >Explorer? Any advice welcomed!
Philip Herlihy wrote:
I could use a Windows 10 "Quick Assist" connection
One niggle with quick assist, is that anything you do which raises a UAC doalig, will block you session until your friend enters their admin credentials (or just hits "yes" if they are an admin, if they are an
admin the potential damage done may be greater)
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 02:30:51 |
Calls: | 6,666 |
Calls today: | 4 |
Files: | 12,212 |
Messages: | 5,335,605 |