Jump to content

Here We Go Again


raymac46

Recommended Posts

Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time.

  • Like 1
Link to comment
Share on other sites

Note Microsoft already released an update for this so as usual, make sure systems are fully updated. I am not sure, however, if XP is covered this time.

 

So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ? :228823:

Link to comment
Share on other sites

I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP)

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

 

Apparently the intent was not ransom but to wipe as many hard drives as possible.

https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/

 

Images, images and images save a computer from such a disaster.

 

Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files.

  • Like 1
Link to comment
Share on other sites

I downloaded a batch file mentioned at Bleeping computer just to be sure I was protected. (works on 7 and XP)

https://www.bleeping...mware-outbreak/

 

Apparently the intent was not ransom but to wipe as many hard drives as possible.

https://arstechnica....ing-ransomware/

 

Images, images and images save a computer from such a disaster.

 

Unfortunately the majority of users will only learn how to do this AFTER they have lost irreplaceable files.

 

Thanks I think according to my reading that I am covered a s I am fully up to date and am running Eset. I think I will have a go at disabling SMB1 aswell though. :breakfast:

Link to comment
Share on other sites

So this is a fixed for Windows 7 as long as I have got the latest updates,,,,,,,,,or do I still have to fart around with fixing it ?
No, you don't have to do anything else.

 

As far as disabling SMB1, it is something you can do as an added precaution. I did.

  • Like 2
Link to comment
Share on other sites

Hello,

 

The Win32/Diskcoder.C trojan (also known as Petya.C and NotPetya) trojan checks for the presence of three specific files on a computer and stops if they are found. You can immunize a computer by creating these files on it, which will block the trojan. IIf you're not comfortable with running a PowerShell script or batch file, create them, step-by-step:"

  1. Open an elevated Command Prompt (filename: CMD.EXE) and type
    CD %WINDIR%
    and press Enter. The prompt will change to the current Windows directory, which is typically located at C:\WINDOWS\ on most computers.
  2. At the Command Prompt, type each of the following three commands, pressing Enter at the end of each line:
    ECHO Do not remove this ransomware immunization file. > PERFC
    ECHO Do not remove this ransomware immunization file. > PERFC.DAT
    ECHO Do not remove this ransomware immunization file. > PERFC.DLL
    This creates the files PERFC, PERFC.DAT and PERFC.DLL in the Windows directory (typically C:\WINDOWS\ on most computers).
  3. Now, type the following command, pressing Enter at the end of the line:
    ATTRIB +R PERFC.
    ATTRIB +R PERFC.DAT
    ATTRIB +R PERFC.DLL
    This sets a "read-only" attribute each of the three files to prevent them from being deleted.
  4. Close the Command Prompt by typing
    EXIT
    and press Enter.

NOTE: The above instructions will immunize a system against the current version of this malware. It is possible this check may be removed in the future.

 

Regards,

Aryeh Goretsky

  • Like 4
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...