Friday, 13 February 2015

Yet another ransomware variant


The blog post of today is a bit different than usual, as you can read the full post on the Panda Security blog. Read it here: Yet another ransomware variant

In this post I'm simply adding some additional information and repeating the most important points.

So, there's yet another ransomware variant on the loose. You may call this one Chuingam (chewing gum?) ransomware or Xwin ransomware - pointing to respectively the file with this string 'Chuingam' dropped, or in the latter case the folder on C:\ it creates. Or just another (skiddie) Generic Ransomware.

In the blog post above, I discuss the methodology to encrypt files it uses and how it creates your own personal key, as well as the ransom message and how to recover files (if you're lucky & fast enough).

pgp.exe (PGP) is used to generate the public RSA key. Since pgp.exe requires the RAR password, this is temporarily stored in the file "filepas.tmp" - which is overwritten and deleted, so no chance to recover this file.
 

process flow graph of pgp.exe (made using procDOT)





















As a note; it will (try to) encrypt any and all files with the following extensions:
jpg, jpeg, doc, txt, pdf, tif, dbf, eps, psd, cdr, tst,  MBD, xml,  xls, dwg, mdf, mdb, zip, rar, cdx, docx, wps, rtf, 1CD, 4db, 4dd, adp, ADP, xld, wdb, str, pdm, itdb, pst, ptx, dxg, ppt, pptx

If you've been infected with this ransomware, best thing to do is to either restore from a backup or try to restore previous files (also known as shadow copies).

For additional information in regards to this specific ransomware, refer to:
Yet another ransomware variant

For any further background information on ransomware or further prevention & disinfection advice, I refer to my Q&A on ransomware.





IOCs
Hashes (SHA1)
88039ecb68749ea7d713e4cf9950ffb2947f7683
7e1dd704684f01530307f81bbdc15fe266ffd8db

Domains/IPs
corplawersp.com
5.63.154.90

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , ,

Wednesday, 11 February 2015

SEOtools for Excel: solutions for loosing installation folder and disappeared ribbon

My installation of SEOTools for Excel on Windows7 x64 / Excel x32 didn't want to cooperate with me from the first step. As first Excel refuses to open seotools.xll properly - it thought always it would be a text file. Then, after try to install SEOTools x64 version as addin, it wasn't not visible in the ribbon at all, but doesn't want to be deinstalled. I was forced to delete it on the hard way. Then, on trying to install SEOTools x32 version, i was pretty near success: i got the strat splash screen from SEOTools, but then an error alert raised, The Ribbon/COM Add-in helper required by add-in SeoTools could not be registered. This is an unexpected error. Error message: Exception has been thrown by the target of an invocation. And nothing more.

After some investigations it becomes clear, that the problem is in the not corresponding versions of the machine (x64), Win7 (x64) and Excel 15 (x32). BTW. if you need to get to know, what is installed on your machine - here are all the places listed, where you get needful information about your hardware, OS and Excel.
Read full article »
By at No comments:
Labels:forex, iqoption, pubg Hacked

Sunday, 8 February 2015

AUD/USD Forex Report 9th February 2015

AUD Primary & Weekly cycles

AUD followed the Weekly break and extend pattern into the Weekly lows, and is now likely to follow the pattern down into the February lows @ .7563 and a MAJOR SUPPORT Zone, that also aligns with a number of other timeframe Support zones.

Primary Support, Quarterly Support, Monthly Support, & Weekly lows

Therefore Support resides around .7555-7567

By at No comments:

Monday, 2 February 2015

How To Hack and Bypass Windows Login [GUIDE]












How To Hack and Bypass Windows Login
Have you forgot your Win XP, Vista, 7, 8 or 8.1 logon password ? Do you want to access your friend’s or relative’s computer 
In this guide, we will show you how to bypass a Windows XP,  Windows Vista, Windows 7, Windows 8 and Windows 8.1 logon password
We’ll use a Tool named Kon-Boot….It is paid software but allmost all softwares are crackable ans so is for Kon-Boot
Cracked Software Link given below 
Features of Kon-Boot
  • It Can Bypass Windows XP,  Windows Vista, Windows 7, Windows 8 and Windows 8.1
  • Kon-Boot is now able to bypass online account authorization on Windows 8/8.1
  • It will not overwrite your old password …it means that you can easily access you Friend’s or relative’s PC without getting caught 
  • Fast, tiny and gets your job done !
Steps To Bypass Windows Log-on using Pen-Drive
  1. Download and Extract Kon-Boot 2.4.rar from the links given below
  2. Plug in your Pen-Drive (Remove all other Pen-Drives)
  3. Right click on “usb_install_RUNASADMIN.bat” located in kon-bootUSB folder and pick “Run As Administrator” option.
  4. After Process Compeletion, Reboot
  5. Choose Boot from USB from BIOS settings
  6. Follow the installation procedure.
  7. After Booting process you can login without password, just press “Enter”
  8. Just Remove Kon-Boot PenDrive and Reboot to Get back the original Windows authentication functionality.
Steps To Bypass Windows Log-on using CD
  1. Download and Extract Kon-Boot 2.4.rar from the links given below
  2. Insert Empty CD in your Optical Disk Drive
  3. Download and Install ImgBurn From the Links Given Below
  4. Run ImgBurn program
  5. Select “Write image file to disc”
  6. Click “Browse”
  7. Select “kon-bootCD.iso” –  this file is located in your “kon-bootCD” directory.
  8. You are ready to use your Kon-Boot
  9. Choose Boot from CD from BIOS settings
  10. Follow the installation procedure.
  11. After Booting process you can login without password, just press “Enter”
  12. Just Remove Kon-Boot CD and Reboot to Get back the original Windows authentication functionality.
How To Change Profile Password?
  1. Boot with Kon-Boot
  2. Navigate the Start Menu to Control Panel
  3. Select “User Accounts and Family Safety”
  4. (if the User Account Control window appears) Click “Yes” and leave the password field empty
  5. Select “Create a new account”
  6. Create the account (pick a name) and set the permissions (administrator).
  7. Disconnect Kon Boot and restart the computer to restore original Windows authentication functionality.
  8. After Restart,  Select your new User Account (the account you have created)
  9. Navigate the Start Menu to Control Panel
  10. Select “User Accounts and Family Safety”
  11. Select the target User Account (the one you want to change)
  12. Select “Change the password”
  13. Input the new information for the account and click “Change password”
  14. You are done 
Screenshot








Videos

Downloads
By at No comments:

Top 10 Forex Sites

Here is the list of the top 10 Forex sites ranked by Alexa:

1. Investing.com - technical analysis and real-time data streaming for the Forex, commodities, major world indices and futures. Includes trading and investment tools.

2. Forex Factory - forum that includes market calendar and news

3. DailyFX - foreign exchange analysis, currency news updates, FX forum, currency forecasts and charts

4. FXStreet - real-time exchange rates, currency charts, news, market forecasts, technical analysis and a currency converter

5. XForex - a broker with stand-alone forex trading platform

6. Trading Economics - view, download and compare thousands of economic indicators

7. FXCM - a leading Forex broker

8. Babypips - simple easy to understand guide for teaching beginners how to trade

9. Forex Peace Army - reviews of Forex services, resolves Forex scam incidents

10 Dukascopy - a leading Forex ECN broker and a bank

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , , ,
Subscribe to: Posts (Atom)