HTML/CSS An HTML and computer securIty question

[mech-eng]

Hi, some of my html and txt files have added the extension .crypt, i.e, they have become .txt.crypt and .htm.crypt. Now I deletes .crypt extension from .htm files but now they do not open correctly. How can I open correctly with internet explorer?

Thank you.

 

[Borg]

That doesn't sound good. I haven't experienced it but it sounds like a ransomware attack.

 

[mech-eng]

Yes, there is an attack and they want 500 dollars to decrypt them. But I have taken a backup all of my files. I will try to make a soft recovery for win8. How can this attack happen?

 

[Borg]

Visiting the wrong site or opening the wrong file is the most common way of getting infections like this. You should always be especially wary of anything that shows up in your email - even if it comes from someone that you know.

Before you connect any backup to your computer, make sure that you have cleared the existing infection or it could infect your backups as well.

 

[JorisL]

You should try and identify the specific brand of ransomware.

The first hit when googling "ransomware .crypt" (no quotation marks) is https://blog.kaspersky.com/cryptxxx-ransomware/11939/
I hope this helps.

This makes me think of a post stack-something of a guy that cracked the problem for some ransomware.
you might be able to find it, don't know if it is relevant.

 

[256bits]

Here is an alert - US and Canada, about ransomware and where you can get it - email, web sites, compressed files,
https://www.us-cert.gov/ncas/alerts/TA16-091A
Home users and businesses affected.

Symantec estimates ( 2012 ) 400k$ per single C2 server ( whatever that is ) paid out from users.
Slightly profitable for the ransom people.

 

[mech-eng]

why cannot police catch them? Which antivirus program can protect from them? Antimalwarebytes was installed when this happened.

If we haven't any antivirus program installed, how can we activate window's preinstalled protection program?

Thank you.

 

[Borg]

why cannot police catch them? Which antivirus program can protect from them? Antimalwarebytes was installed when this happened.

If we haven't any antivirus program installed, how can we activate window's preinstalled protection program?

Thank you.

A better question would be how to protect yourself. These days, you have to be the first line of defense for your computer. Police are mostly limited to their own jurisdictions such that a police dept. in Florida can't do much about malware coming from Russia. Antivirus software is only as good as its last update and won't generally protect you from yourself. Did you install any "free software" recently? Did you go to a 'free' music or movie site and click on anything? Is your browser and all of it's plugins up to date?

 

[mech-eng]

A better question would be how to protect yourself. These days, you have to be the first line of defense for your computer. Police are mostly limited to their own jurisdictions such that a police dept. in Florida can't do much about malware coming from Russia. Antivirus software is only as good as its last update and won't generally protect you from yourself. Did you install any "free software" recently? Did you go to a 'free' music or movie site and click on anything? Is your browser and all of it's plugins up to date?
.

How can I check wheter or not my browser's plug-in is up-to-date? Even I do not know if there is any plug-in my browser. There are only 4 websites which I usually visit to download free things so how can I determine whether or not these four sites are dangerous?
Thank you

 

[Borg]

It depends on your browser. If your browser is Firefox, click on Tools -> AddOns. It will bring up a page where you can update any plugins. I would also google every plugin to verify that it is legitimate.

If you're going to any website to download 'free' movies, you're just begging to get infected. For the websites that you are visiting, I would start by googling phrases like how to get a computer virus.

 

[Borg]

Another note. Protection is not just about installing antivirus software and assuming that you're protected. You have to take a layered approach to protect yourself. This includes but isn't limited to

• Installing antivirus software and keeping it up to date
• Installing a firewall. Many viruses will initially install a small script that will try to connect to a website to perform additional tasks such as installing software or sending private information to the site. A good, up-to-date firewall will let you know as soon as anything new tries to go to the internet.
• Keep your computer's OS up to date with patches.
  
• Treating all links and downloads with great suspicion. If you are visiting a new site, google it with phrases like 'virus' added to the search. You can get lots of advanced intell before you go there and do anything. You can get infected from some sites just by opening the page if your browser or computer isn't up to date on its patches.

 

[Greg Bernhardt]

why cannot police catch them?

Usually they reside in countries with weak laws and police forces. Do not pay. Try Borg's suggestions.

 

[StevieTNZ]

Disabling Java in your browser is also a good thing. Only turn it on, and when on at the highest security settings, when you go to a website -that you know is fine- that requires Java.

I suspect doing a clean install Windows 8 will be the best way forward. To protect yourself, invest in anti-malware and anti-virus software. I use G Data Total Protection as well as Emsisoft Anti-Malware. But you could always use the security program that comes with Windows -- https://www.microsoft.com/en-us/safety/pc-security/windows8.aspx

 

[newjerseyrunner]

... with internet explorer?

I got a pretty good idea of how you got hacked.

Switch to Chrome and disable Flash: http://www.digitaltrends.com/computing/pwn2own-2016-chrome-most-secure/

 

[mech-eng]

A moment ago, when I was in Youtube something strange happened. Now I cannot understand what is happening? Would someone guide me?

Thank you.

 

[Greg Bernhardt]

Have you done a full virus and malware scan yet?

 

[mech-eng]

I have made a soft recovery, but then plugged a flash memory which include virüs but I have to do this because of wireless driver. After connecting to internet and updating antivirus program, Norton started to catch them. I have made a full system scan because antivirus might do it in the background. Antivirus is giving some responses automatically.

Thank you.

 

[mech-eng]

This is the another notification from Norton as Activity 11 instead of 16 . Am I under attack? Is someone try to access to my PC now?

Thank you.

 

[Greg Bernhardt]

Am I under attack?

Yes but it appears to be blocked. Do a full system scan now.

 

[mech-eng]

Have you done a full virus and malware scan yet?

Yes but it appears to be blocked. Do a full system scan now.

I have started to do it but I have a better idea. I would like to make them lost my track. How can I become invisible to them? How are the attackers finding me on the internet among millions of computers.

Thank you.

 

[StevieTNZ]

I have started to do it but I have a better idea. I would like to make them lost my track. How can I become invisible to them? How the attackers are finding me on the internet among millions of computers.

Thank you.

They know your IP. Unless it isn't a static IP, then you can't become invisible to them. But it is good that Norton is blocking the attempts. It seems there is a virus on your computer. Before the virus appeared, did you do a backup of your important data? If done after the virus entered your system, it is likely the backup contains it as well. I'm not too clued up on how they find computers to attack.

 

[StevieTNZ]

Otherwise, try and find out the name of the virus, and search it on Norton's website on how to remove it, with Norton's instructions. Or you could use their live support (phone or via web).

 

[mech-eng]

They know your IP. Unless it isn't a static IP, then you can't become invisible to them. But it is good that Norton is blocking the attempts. It seems there is a virus on your computer. Before the virus appeared, did you do a backup of your important data? If done after the virus entered your system, it is likely the backup contains it as well. I'm not too clued up on how they find computers to attack.

My backups are flash memories and usb disks. But when I plug them can antivirus automatically detect them or detect what they try to do? Or I have to do them a full system scan with right clicking and then choosing "scan" option?

Thank you.

 

[Greg Bernhardt]

I have started to do it but I have a better idea.

Install a firewall. Norton might already be doing this for you.

 

[StevieTNZ]

My backups are flash memories and usb disks. But when I plug them can antivirus automatically detect them or detect what they try to do? Or I have to do them a full system scan with right clicking and then choosing "scan" option?

Thank you.

If they have the virus on them, it will be detected (hopefully!) when you scan just that individual drive (i.e G drive for a USB you just plugged in). I believe Norton has that feature to scan - automatically - USB sticks when they are plugged in, or you can go into Norton itself and choose to scan the USB.

If the USB doesn't have a virus, and you plug it into your computer, the virus on the computer may infect the USB.

 

[StevieTNZ]

Install a firewall. Norton might already be doing this for you.

Yes, I think Norton's firewall is active.

By the way, what version of Norton are you using, mech-eng?

 

[JorisL]

You can try to change your outside IP by disconnecting your router from the power for a few minutes.

Other than that you'll need to google a lot to resolve this.

 

[mech-eng]

Yes, I think Norton's firewall is active.

By the way, what version of Norton are you using, mech-eng?

Norton internet security 20.4.0.40. Are the pirates monitoring my screen now? How many times will they try to attack?

 

[Vanadium 50]

I have started to do it but I have a better idea.

Why are you asking our advice if you refuse to follow it?

 

[Greg Bernhardt]

Norton internet security 20.4.0.40. Are the pirates monitoring my screen now? How many times will they try to attack?

Make sure the firewall is enabled. It appears Norton is blocking their attempts. They will stop once they are bored, or the automated program gives up.

 

[Borg]

You can try to change your outside IP by disconnecting your router from the power for a few minutes.

Other than that you'll need to google a lot to resolve this.

You can also open a command window and type "ipconfig /renew". That should force it without shutting down the router. To verify, type ipconfig before and after to see what your address is. You can also go to this website to verify it - http://whatismyipaddress.com/.

 

[mech-eng]

Why are you asking our advice if you refuse to follow it?

I have started a full system scan and I am following and trying to do the advices given here. Full system scan is still going on and it will last for hours

Thank you.

 

[mech-eng]

Make sure the firewall is enabled. It appears Norton is blocking their attempts. They will stop once they are bored, or the automated program gives up.

Smart firewall, intrusion prevention and e-mail protection is enabled and a heuristic virus and 15 tracking cookies has been detected and solved by full system scan so far, full system scan is still on progress.

Thank you.

 

[StevieTNZ]

You can try to change your outside IP by disconnecting your router from the power for a few minutes.

Other than that you'll need to google a lot to resolve this.

Only if you are assigned a dynamic IP address. When I power off and on our modem - and we have a static IP - the IP doesn't change.

But given it looks like the virus on the computer is attempting to allow someone elsewhere to get into mech-eng's computer. Even if he could change the IP (i.e. if dynamic powering off then on the modem), the virus will still communicate to whatever to continue trying to access the computer.

 

[JorisL]

That's why I said he could try :-)
But maybe it's best to keep that computer offline anyway if there are other ways to access the web available.

I know I had some trojan once that connected to the internet everytime part of it was removed.
It was like cutting of hydras heads. I ended up using a specific removal tool (after about 2 days)

 

[mech-eng]

.

You can also open a command window and type "ipconfig /renew". That should force it without shutting down the router. To verify, type ipconfig before and after to see what your address is. You can also go to this website to verify it - http://whatismyipaddress.com/.

the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.

 

[StevieTNZ]

.the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.

First one: your public IP address (assigned by ISP)
Second one: internal one assigned by router.

 

[Borg]

.the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.

StevieTNZ is correct about the internal address. You can also type ipcong /all to see everything about your ip addresses.
The ipconfig / renew command tells your ISP to give you a new ip address. When you go back to the whatismyipaddress site after the renew command, is your address different from what it was before?

 

[mech-eng]

In the norton forums, they think that there is a malware in my PC and recommend that I should refer to a free malware cleaning website. But this situation confuses me because are malwares a different situation for antiviruses? Attacks continued until the morning but now they finished.

 

[StevieTNZ]

The ipconfig / renew command tells your ISP to give you a new ip address. When you go back to the whatismyipaddress site after the renew command, is your address different from what it was before?

I doubt it would change, if it is a static IP assigned by the ISP. If it's a dynamic one, then that method may work in changing the IP without powering off then on the modem for a few minutes.

 

[StevieTNZ]

In the norton forums, they think that there is a malware in my PC and recommend that I should refer to a free malware cleaning website. But this situation confuses me because are malwares a different situation for antiviruses? Attacks continued until the morning but now they finished.

Try the 30-day trial period of this: https://www.emsisoft.com/en/software/antimalware/

I have that product, which runs in the background in conjunction with G Data Total Protection.

 

[Borg]

I doubt it would change, if it is a static IP assigned by the ISP. If it's a dynamic one, then that method may work in changing the IP without powering off then on the modem for a few minutes.

AFAIK, most ISPs do not assign static addresses so it's a good bet that it would work. While I have had mine for a long time (years), I have changed it with this method in the past.

 

[DrZoidberg]

It sounds like Cryptxxx. There is some information about it on the kaspersky website. They also have a tool for decrypting the files. https://blog.kaspersky.com/cryptxxx-ransomware/11939/

 

[mech-eng]

It sounds like Cryptxxx. There is some information about it on the kaspersky website. They also have a tool for decrypting the files. https://blog.kaspersky.com/cryptxxx-ransomware/11939/

I have downloaded the tool to decrypt the files but It is not an .exe file, it's extension is numbers: rannohdecryptor.1462103186. How can I install this application? Even Windows cannot determine it and asking me to choose an application to open it.

Thank you.

 

[DrZoidberg]

If you go to that site and click on "download" you get an exe. I don't know why your file has that number at the end. You could try downloading it with a different browser. Maybe it will work if you just change the ending of the file to exe manually.

 

[mech-eng]

There is a problem. I started it. Click on scan and after choosing the file I saw this:

How can I precede at this stage?

Thank you.

 

[DrZoidberg]

The program needs at least one original unencrypted file to figure out the encryption key. Since you have a backup of most of your files that shouldn't be a problem.
After you started rannohdecryptor, you first give it an encrypted file and then the original version of that same file and then it will start decrypting all the files on your computer.
Btw. The file you give it should be as large as possible. So pick the largest file you have a backup of.

 

[mech-eng]

The program needs at least one original unencrypted file to figure out the encryption key. Since you have a backup of most of your files that shouldn't be a problem.
After you started rannohdecryptor, you first give it an encrypted file and then the original version of that same file and then it will start decrypting all the files on your computer.
Btw. The file you give it should be as large as possible. So pick the largest file you have a backup of.

Now the scan is in progress, will it open turn encrypted ones into original form or it will re-form originals without deleting encrypted ones?

Thank you.

 

[DrZoidberg]

Depends on whether you selected "Delete crypted files after decryption".

 

[mech-eng]

Depends on whether you selected "Delete crypted files after decryption".

How can I see that feature and how can I start that program without using installation file everytime. I click on win key and write kaspersky but nothing appears?
Thank you