Brian in your video:
https://www.youtube.com/watch?v=VAxGI4-uavg
You stated that the decryptor by Checkpoint security was a virus based on the VT analysis, but running it on a test machine didn't cause any infection leading me to believe it was a FP.
Any chance you can do a test on this to clarify one way or t'other?
(01-18-2017, 03:36 PM)GuiltySpark Wrote: [ -> ]Brian in your video: https://www.youtube.com/watch?v=VAxGI4-uavg
You stated that the decryptor by Checkpoint security was a virus based on the VT analysis, but running it on a test machine didn't cause any infection leading me to believe it was a FP.
Any chance you can do a test on this to clarify one way or t'other?
Its been removed, I wonder why...
[attachment=2379]
I uploaded it to virustotal and it come back as a ransom
Have you uploaded it to virustotal? Maybe I was wrong and its a false positive, I thought the only decryptor tool was from the guy I got it from.
Yea I did and it's still heavily filed as malware but when I ran it no infection happened. I think it may be a case of the way it's supposed to work, like a Nirsoft tool that gets marked as malicious when it's not.
But...as I say it didn't infect me so I'm at a loss at present.
Yeah looks like I made a mistake, because that site does good normally. I was under the impression that the guy who created the tool I used was the only one. We live and learn
Well it still to be confirmed if it works as the reason Gillespie kept his decryptor private is so malware writers can't adapt the ransomware, but this one however is out there for anyone to use.
I think I will edit that part out of the video. Its only right.
Could not edit it out, so I put a note on the video.
Ok mate. I hope the tool is still effective.