Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
01-18-2017, 07:37 PM
(This post was last modified: 01-18-2017, 07:39 PM by Britec.)
(01-18-2017, 03:36 PM)GuiltySpark Wrote: Brian in your video: https://www.youtube.com/watch?v=VAxGI4-uavg
You stated that the decryptor by Checkpoint security was a virus based on the VT analysis, but running it on a test machine didn't cause any infection leading me to believe it was a FP.
Any chance you can do a test on this to clarify one way or t'other?
Its been removed, I wonder why...
I uploaded it to virustotal and it come back as a ransom
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
01-18-2017, 10:31 PM
(This post was last modified: 01-18-2017, 10:44 PM by Britec.)
Have you uploaded it to virustotal? Maybe I was wrong and its a false positive, I thought the only decryptor tool was from the guy I got it from.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
Yea I did and it's still heavily filed as malware but when I ran it no infection happened. I think it may be a case of the way it's supposed to work, like a Nirsoft tool that gets marked as malicious when it's not.
But...as I say it didn't infect me so I'm at a loss at present.
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
Yeah looks like I made a mistake, because that site does good normally. I was under the impression that the guy who created the tool I used was the only one. We live and learn
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
Well it still to be confirmed if it works as the reason Gillespie kept his decryptor private is so malware writers can't adapt the ransomware, but this one however is out there for anyone to use.
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
I think I will edit that part out of the video. Its only right.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
Could not edit it out, so I put a note on the video.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
Ok mate. I hope the tool is still effective.