A forum for reverse engineering, OS internals and malware analysis 

Search found 87 matches

 Go to advanced search

Re: Unknown Ransomware

 by bsteo ¦  Thu May 02, 2013 12:17 pm ¦  Forum: Malware ¦  Topic: Win32/Urausy (aka "WinLocker") ¦  Replies: 80 ¦  Views: 80355

Thanks!

Re: Unknown Ransomware

 by bsteo ¦  Thu May 02, 2013 12:10 pm ¦  Forum: Malware ¦  Topic: Win32/Urausy (aka "WinLocker") ¦  Replies: 80 ¦  Views: 80355

From design it's Urausy/Reveton, targeted at PC users from Romania. To remove it you can do a system restore using Safe Mode with command prompt: 1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Window...

Re: Unknown Ransomware

 by bsteo ¦  Thu May 02, 2013 11:58 am ¦  Forum: Malware ¦  Topic: Win32/Urausy (aka "WinLocker") ¦  Replies: 80 ¦  Views: 80355

Fixed it with Malwarebytes Anti-Malware.

Found 2 files:

%WINDIR%\system\svchost.exe and %AppData%\Roaming\skype.dat

Any idea? Doesn't seem to be Reveton or at least not what I saw till now?

Unknown Ransomware

 by bsteo ¦  Thu May 02, 2013 11:13 am ¦  Forum: Malware ¦  Topic: Win32/Urausy (aka "WinLocker") ¦  Replies: 80 ¦  Views: 80355

Hi! A client of mine just got infected with some kind of ransomware that Avira can't seem to detect.

Image

Any idea what ransomware is and how to remove? Is starting only on the infected user.

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Fri Apr 19, 2013 9:06 am ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 867761

HackedPOS wrote:VISA Sent out a Data Security Alert regarding memory-parsing POS malware:

http://www.scribd.com/doc/136739426/ALE ... s-04112013
Any samples from those hashes in the doc?

Re: .js malware

 by bsteo ¦  Thu Mar 28, 2013 10:38 am ¦  Forum: Malware ¦  Topic: .js malware ¦  Replies: 8 ¦  Views: 4760

Maybe you can upload a sample of the malware?

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Wed Mar 27, 2013 9:03 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 867761

p4r4n0id wrote:Dump Memory Grabber - http://www.securityweek.com/exclusive-n ... r-us-banks

http://darkmoney.cc/kuplya-prodazha-36/ ... ojan-5117/

sample anyone?
Not much info. Found any MD5 hash of some binary?

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Wed Mar 13, 2013 12:30 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 867761

For what? If you think I'm a POS malware bad guys helper you're wrong. Don't get me wrong, but your first post here is about how to send me PM to give you some script. I fight malware.

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Fri Feb 15, 2013 11:55 am ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 867761

Card Recon is legit software, I disagree with you, can't cast out a piece of software only because is used by the bad guys :)

Re: Point-of-Sale malwares / RAM scrapers

 by bsteo ¦  Sat Feb 09, 2013 12:43 pm ¦  Forum: Malware ¦  Topic: Point-of-Sale malwares / RAM scrapers ¦  Replies: 244 ¦  Views: 867761

Found this on a customer's POS. Didn't yet analyse it just looked at the strings. Copies self to other locations, creates autorun record, seems to send mails. Comodo analysis: http://camas.comodo.com/cgi-bin/submit?file=3db1bb43f8cf070631c69130a6f9ed5ac48a05a8846d59994880df327ab79c9e koaie007@yahoo....

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 9