New FBI randsomware solutions?

TsVk! · May 15, 2013

hey guys... anyone know how to remove the newest version of FBI ransomware?,
(I mean the fully locked version) without mounting the offending drive in another machine... I don't have this infection on any of my machines, just really curious to hear if anyone has finally figured it out.

jamescv7 · May 15, 2013

It will be depend on the situation given solution by malware remover experts.

Hitman Pro Kick Starter has the ability to overrun any based ransomware locked system.

Rkill, Combofix and others can managed to remove through command line.

Sometimes using a rescue CD.

Fiery · May 15, 2013

Kaspersky rescue disk or any other rescue disk can work as long as the vendor has the ransomware signatures, which sometimes they don't.

Easiest, fastest and most efficient way for Vista and up is using Farbar Recovery Scan Tool. You don't need to wait hours for a complete system scan and you get all the rootkits, files, folders, registries. It's not based on signatures, it's based on the user's eyes

TsVk! · May 15, 2013

In the new versions I understood that the system was completely locked to restart on any boot mode except the randsom page... No command line or safe mode options at all.

Even Hitman Pro is often failing against this new version. Pretty crazy stuff, the bar is constantly being pushed higher and higher. :black_eye:

Fiery · May 15, 2013

Malware writers are always 2 steps ahead of security vendors unfortunately

jamescv7 · May 15, 2013

Security companies doesn't have the abilities to prevent using any components like BB, HIPS, and sandbox as they will execute a brute force attack as locked system.

Signatures are the way to prevent since its came from deep analysis through their lab.

Seany007 · May 16, 2013

jamescv7 said:
Security companies doesn't have the abilities to prevent using any components like BB, HIPS, and sandbox as they will execute a brute force attack as locked system.

Signatures are the way to prevent since its came from deep analysis through their lab.

I'm yet to see which ransomware can bypass Comodo sandbox on untrusted.

HIPS can stop it as well it depends on the user and configuration. What you mean by "execute a brute force attack as locked system"?

Signatures are often behind new ransomware samples.

jamescv7 · May 16, 2013

It means even HIPS/BB respond due changes for system, some ransomware has the ability to execute immediately and locked the system.

Seany007 · May 16, 2013

jamescv7 said:
It means even HIPS/BB respond due changes for system, some ransomware has the ability to execute immediately and locked the system.

Oh okay. I'm yet to see such samples.

But I see no way for it to bypass the sandbox like CIS provided the user knows what he is doing and the restriction level is high enough.

TsVk! · May 16, 2013

If users knew what they were doing it'd be much harder for malware authors. :to_become_senile:

jamescv7 · May 16, 2013

Malware writers are just doing their part to make more tactical styles in order not to reveal easily.

And everyday thousands of users got infected always due common styles with lack of awareness.

Search

New FBI randsomware solutions?

TsVk!

New Member

jamescv7

Level 85

Fiery

Level 1

TsVk!

New Member

Fiery

Level 1

jamescv7

Level 85

Seany007

New Member

jamescv7

Level 85

Seany007

New Member

TsVk!

New Member

jamescv7

Level 85

Similar threads