raymac46 Posted June 27, 2017 Share Posted June 27, 2017 It's a version of Petya. Another nasty encryption worm is out there. I checked and Eset already has it covered. 1 Quote Link to comment Share on other sites More sharing options...
Digerati Posted June 27, 2017 Share Posted June 27, 2017 Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time. 1 Quote Link to comment Share on other sites More sharing options...
Corrine Posted June 28, 2017 Share Posted June 28, 2017 Make sure SMB is OFF. Simple instructions at Turn Off SMB1 on Windows Now . You may also want to run the ESET EternalBlue Checker, available here: ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure Windows vulnerabilities are patched—ESET Knowledgebase 2 Quote Link to comment Share on other sites More sharing options...
mac Posted June 28, 2017 Share Posted June 28, 2017 Thanks Corrine! Quick and easy. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 29, 2017 Share Posted June 29, 2017 Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time. So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ? Quote Link to comment Share on other sites More sharing options...
zlim Posted June 29, 2017 Share Posted June 29, 2017 I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP) https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/ Apparently the intent was not ransom but to wipe as many hard drives as possible. https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/ Images, images and images save a computer from such a disaster. Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files. 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted June 29, 2017 Share Posted June 29, 2017 I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP) https://www.bleeping...mware-outbreak/ Apparently the intent was not ransom but to wipe as many hard drives as possible. https://arstechnica....ing-ransomware/ Images, images and images save a computer from such a disaster. Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files. Thanks I think according to my reading that I am covered a s I am fully up to date and am running Eset. I think I will have a go at disabling SMB1 aswell though. Quote Link to comment Share on other sites More sharing options...
Digerati Posted June 29, 2017 Share Posted June 29, 2017 So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ?No, you don't have to do anything else. As far as disabling SMB1, it is something you can do as an added precaution. I did. 2 Quote Link to comment Share on other sites More sharing options...
goretsky Posted June 30, 2017 Share Posted June 30, 2017 Hello, The Win32/Diskcoder.C trojan (also known as Petya.C and NotPetya) trojan checks for the presence of three specific files on a computer and stops if they are found. You can immunize a computer by creating these files on it, which will block the trojan. IIf you're not comfortable with running a PowerShell script or batch file, create them, step-by-step:" Open an elevated Command Prompt (filename: CMD.EXE) and type CD %WINDIR%and press Enter. The prompt will change to the current Windows directory, which is typically located at C:\WINDOWS\ on most computers. At the Command Prompt, type each of the following three commands, pressing Enter at the end of each line: ECHO Do not remove this ransomware immunization file. > PERFC ECHO Do not remove this ransomware immunization file. > PERFC.DAT ECHO Do not remove this ransomware immunization file. > PERFC.DLLThis creates the files PERFC, PERFC.DAT and PERFC.DLL in the Windows directory (typically C:\WINDOWS\ on most computers). Now, type the following command, pressing Enter at the end of the line: ATTRIB +R PERFC. ATTRIB +R PERFC.DAT ATTRIB +R PERFC.DLLThis sets a "read-only" attribute each of the three files to prevent them from being deleted. Close the Command Prompt by typing EXITand press Enter. NOTE: The above instructions will immunize a system against the current version of this malware. It is possible this check may be removed in the future. Regards, Aryeh Goretsky 4 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.