Jump to content


Here We Go Again


  • Please log in to reply
8 replies to this topic

#1 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,345 posts

Posted 27 June 2017 - 03:36 PM

It's a version of Petya. Another nasty encryption worm is out there. I checked and Eset already has it covered.
Posted Image

Registered Linux User 445659

#2 OFFLINE   Digerati

Digerati

    Message Adept

  • Members
  • PipPipPip
  • 76 posts

Posted 27 June 2017 - 05:25 PM

Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#3 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,054 posts

Posted 27 June 2017 - 09:52 PM

Make sure SMB is OFF.  Simple instructions at Turn Off SMB1 on Windows Now.

You may also want to run the ESET EternalBlue Checker, available here:  ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure Windows vulnerabilities are patched—ESET Knowledgebase
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#4 OFFLINE   mac

mac

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 754 posts

Posted 28 June 2017 - 11:18 AM

Thanks Corrine! Quick and easy.
Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#5 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,392 posts

Posted 29 June 2017 - 07:40 AM

View PostDigerati, on 27 June 2017 - 05:25 PM, said:

Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time.

So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ? :228823:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#6 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,013 posts

Posted 29 June 2017 - 11:42 AM

I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP)
https://www.bleeping...mware-outbreak/

Apparently the intent was not ransom but to wipe as many hard drives as possible.
https://arstechnica....ing-ransomware/

Images, images and images save a computer from such a disaster.

Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files.
Liz
Registered Linux User # 401459
Posted Image

#7 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,392 posts

Posted 29 June 2017 - 12:13 PM

View Postzlim, on 29 June 2017 - 11:42 AM, said:

I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP)
https://www.bleeping...mware-outbreak/

Apparently the intent was not ransom but to wipe as many hard drives as possible.
https://arstechnica....ing-ransomware/

Images, images and images save a computer from such a disaster.

Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files.

Thanks I think according to my reading that I am covered a s I am fully up to date and am running Eset. I think I will have a go at disabling SMB1 aswell though.  :breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#8 OFFLINE   Digerati

Digerati

    Message Adept

  • Members
  • PipPipPip
  • 76 posts

Posted 29 June 2017 - 12:35 PM

Quote

So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ?
No, you don't have to do anything else.

As far as disabling SMB1, it is something you can do as an added precaution. I did.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#9 OFFLINE   goretsky

goretsky

    Forum Fiend

  • Forum Moderators
  • 1,914 posts

Posted 29 June 2017 - 08:48 PM

Hello,

The Win32/Diskcoder.C trojan (also known as Petya.C and NotPetya) trojan checks for the presence of three specific files on a computer and stops if they are found.  You can immunize a computer by creating these files on it, which will block the trojan.  IIf you're not comfortable with running a PowerShell script or batch file, create them, step-by-step:"
  • Open an elevated Command Prompt (filename: CMD.EXE) and type
    CD %WINDIR%
    and press Enter.  The prompt will change to the current Windows directory, which is typically located at C:\WINDOWS\ on most computers.
  • At the Command Prompt, type each of the following three commands, pressing Enter at the end of each line:
    ECHO Do not remove this ransomware immunization file. > PERFC
    ECHO Do not remove this ransomware immunization file. > PERFC.DAT
    ECHO Do not remove this ransomware immunization file. > PERFC.DLL

    This creates the files PERFC, PERFC.DAT and PERFC.DLL in the Windows directory (typically C:\WINDOWS\ on most computers).
  • Now, type the following command, pressing Enter at the end of the line:
    ATTRIB +R PERFC.
    ATTRIB +R PERFC.DAT
    ATTRIB +R PERFC.DLL

    This sets a "read-only" attribute each of the three files to prevent them from being deleted.
  • Close the Command Prompt by typing
    EXIT
    and press Enter.
NOTE:  The above instructions will immunize a system against the current version of this malware.  It is possible this check may be removed in the future.

Regards,
Aryeh Goretsky
Dexter is a good dog.

Aryeh Goretsky
Microsoft MVP (Windows - IT Pro)

Facebook Google+ personal blog personal website Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users