F***kin WannaCry
-
https://www.cyphort.com/eternalblue-exploit-actively-used-deliver-remote-access-trojans/
According to this site:
It creates a job file “Mysa” that would download a file a.exe via FTP from BAD SITE Then it will execute c.bat and execute another DLL file item.dat: rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa 2nd Stage Payload: Item.dat We were not able to capture item.dat from our own server. This file is saved as C:\Windows\debug\item.dat and the [cmd] command expects it to be there. We believe that this is the second stage payload.It appears that the Virus is not reaching the second state, but it advertising my machine, cause the filte item.dat and ok.dat are not found in my:
C:\Windows\debug
It seems the UK guy that purchased the domain of Wannacry might saved my ass.
but this is good info for people that wants to fight this, but I wonder how did those tasks got re-created, I ran :
schtasks /delete /tn * /f
Last time... -
@EddieJennings said in F***kin WannaCry:
Sometimes for malware, you have to nuke and start over.
Maybe its time to format and move to Windows 10, I feel like I am the last of the
Windows 7 folks around here.But atleast I have the LGBT version of 10, cause I am gay and I get attacked with stupid Viruses, cause I dont like to have realtime AV scanner install slowing down my system and I thought I much smarter to get infected... Oh i meant Windows 10 LTSB version
-
@msff-amman-Itofficer said in F***kin WannaCry:
@EddieJennings said in F***kin WannaCry:
Sometimes for malware, you have to nuke and start over.
Maybe its time to format and move to Windows 10, I feel like I am the last of the
Windows 7 folks around here.But atleast I have the LGBT version of 10, cause I am gay and I get attacked with stupid Viruses, cause I dont like to have realtime AV scanner install slowing down my system and I thought I much smarter to get infected... Oh i meant Windows 10 LTSB version
I would definitely nuke and move on.
I am not sure what you meant by the last part. I am confused?
-
@IRJ said in F***kin WannaCry:
I would definitely nuke and move on.
I am not sure what you meant by the last part. I am confused?
Same
-
@msff-amman-Itofficer said in F***kin WannaCry:
@EddieJennings said in F***kin WannaCry:
Sometimes for malware, you have to nuke and start over.
Maybe its time to format and move to Windows 10, I feel like I am the last of the
Windows 7 folks around here.But atleast I have the LGBT version of 10, cause I am gay and I get attacked with stupid Viruses, cause I dont like to have realtime AV scanner install slowing down my system and I thought I much smarter to get infected... Oh i meant Windows 10 LTSB version
Or install Korora :D. Not sure what you mean by LGBT version of 10, but I do know Korora installs the same regardless of sexual orientation.
-
@msff-amman-Itofficer WTF does sexual proclivity have to do with malware??? I don't know about anyone else, but I don't take kindly to homophobes.
-
@RojoLoco said in F***kin WannaCry:
@msff-amman-Itofficer WTF does sexual proclivity have to do with malware??? I don't know about anyone else, but I don't take kindly to homophobes.
how do you feel about people that get all sensitive for nothing ?
its joke man its just goes LSTB looks close to LGBT
-
@msff-amman-Itofficer said in F***kin WannaCry:
@RojoLoco said in F***kin WannaCry:
@msff-amman-Itofficer WTF does sexual proclivity have to do with malware??? I don't know about anyone else, but I don't take kindly to homophobes.
how do you feel about people that get all sensitive for nothing ?
its joke man its just goes LSTB looks close to LGBT
It sounds like a really shitty HIV/AIDS joke, makes you look like a dick if intended or not.
-
@EddieJennings said in F***kin WannaCry:
Sometimes for malware, you have to nuke and start over.
No. Always for malware. There really is no exception.
-
@msff-amman-Itofficer said in F***kin WannaCry:
@EddieJennings said in F***kin WannaCry:
Sometimes for malware, you have to nuke and start over.
Maybe its time to format and move to Windows 10, I feel like I am the last of the
Windows 7 folks around here.It is and you are. Even far more trivial malware I would considered the machine lost. For something like WannaCry, keeping the machine should never be considered.
And yes, Windows 7 is ancient.
-
@msff-amman-Itofficer said in F***kin WannaCry:
its joke man its just goes LSTB looks close to LGBT
LTSB... Long Term Support Build.
Should have just been LTS, the industry standard term. Why they added the B to the end, no one knows.
-
@scottalanmiller said in F***kin WannaCry:
@msff-amman-Itofficer said in F***kin WannaCry:
its joke man its just goes LSTB looks close to LGBT
LTSB... Long Term Support Build.
Should have just been LTS, the industry standard term. Why they added the B to the end, no one knows.
Thought it was Long Term Servicing Branch?
I agree with Scott - if you think your computer is ever infected, you can't really ever trust it again. Format and reinstall - or restore to an old backup, whatever.. get to a known clean state.
-
@Dashrender said in F***kin WannaCry:
@scottalanmiller said in F***kin WannaCry:
@msff-amman-Itofficer said in F***kin WannaCry:
its joke man its just goes LSTB looks close to LGBT
LTSB... Long Term Support Build.
Should have just been LTS, the industry standard term. Why they added the B to the end, no one knows.
Thought it was Long Term Servicing Branch?
I agree with Scott - if you think your computer is ever infected, you can't really ever trust it again. Format and reinstall - or restore to an old backup, whatever.. get to a known clean state.
In other words, scorched earth.
-
@msff-amman-Itofficer
It stalking me, I disabled task scheduler service just to give me some extra few days ...
![1_1498938549022_2017-07-01 22_45_40-Process Hacker [MeDo-PC_MeDo]+.png](https://i.imgur.com/JGVTLDO.png)
![0_1498938549020_2017-07-01 22_45_29-Process Hacker [MeDo-PC_MeDo]+.png](https://i.imgur.com/JLrWV7h.png)
-
@msff-amman-Itofficer
