Forum Topic

TPC Virus & Spyware Removal Thread (must read page 1)

  • gaLj on 04 Sep 16 @ 02:01 PM #

    mga sir, ask k lang po kung may naka-encounter na sa inyo ng cerber3 ransom ware virus??? may solution pa po ba? badly needed po ung mga files. naencrypt kasi lahat ng files.. thanks in advance...


    Wala ng pag-asa yan. Maraming version yang cerber hindi rin gagana basta-basta yung mga decryptor.

    San mo naman nakuha ng ransomware ? Sa torr**t ?

  • WinXPert on 06 Sep 16 @ 02:07 PM #

    How to remove ramnit <click here for link>

  • istanbul on 08 Sep 16 @ 01:41 PM #

    Anong online website scanner ang pinaka consistent?

  • infoseeker on 08 Sep 16 @ 02:12 PM #

    kung some files lang
    one-a-time
    virustotal

  • jakdripper on 08 Sep 16 @ 02:15 PM #

    Try nyo Webroot

  • istanbul on 08 Sep 16 @ 04:42 PM #

    Thanks
    Rephrase ko lang tanong ko hehe
    Ano pina ok na online website scanner ng website/URL?
    ANo pina simple way to manually test if a site is malicious?

  • ackrit3 on 08 Sep 16 @ 08:50 PM #

    @istanbul
    you can try these services:
    virustotal.com
    url-analyzer.net
    zvelo.com (try zvelo live)

    or you can install this google chrome extension:
    https://chrome.google.com/webstore/detail/malware-url-scanner/ianpniapgjchiheejeipopldaanbjicd/related

    If you want to do it manually, I suggest using a sandbox.

  • istanbul on 09 Sep 16 @ 03:45 PM #

    Thanks ackrit3

  • ealim0890 on 13 Sep 16 @ 06:44 PM #

    mga sir virus po ba ung kapag nag iinternet ka sa chrome or ie ay palagin may lumilitaw na captcha? ex. may picture tapos sasagutin mo lang ung tanong.

  • infoseeker on 14 Sep 16 @ 12:44 PM #

    sa isp po yan sir
    mostly if smart prepaid gamit mo ganyan lumalabas

  • ealim0890 on 14 Sep 16 @ 04:32 PM #

    tama ka smart prepaid nga gamit ko.. kala ko tuloy virus na... salamat.

  • gen0 on 16 Sep 16 @ 11:54 PM #

    na infect ng cerber3 yung isang pc namin na connected sa network. Though wala akong nabasang kumakalat siya via local area (or possible?).

    Hirap ng walang magandang network hardware and software sa office. Just plain old routers and switches.

    Planning to teach them cloud computing, advisable ba sa small office to? Onedrive perhaps?

  • WinXPert on 19 Sep 16 @ 10:25 AM #

    Got malware? Follow these instructions <click here for link>

  • donjuan31 on 23 Sep 16 @ 09:55 PM #

    Mga Sir Ano Po Ba Magandang Anti Virus? Meron Anti Virus Tong Pc Namin Kaso Avira Lang Ska Malwarebytes Lang.. Natatakot Kasi Ako Sa Ransomware .Mostly Youtube,Fb At Games Lang Ako. minsan Nagdodownload Ng Movies Kay yts. Balak Ko Sa Octagon Bumili Ng Anti Virus. Ano Po Massuggest Nyo? Salamat Po Sa Sasagot..

  • WinXPert on 25 Sep 16 @ 10:23 AM #

    I'm using 360 TS, it's freeware.

    What's the point of using a licensed AV if you don't know ho w to set it up properly?

    I tested Bitdefender and Kaspersky's Anti-Ransomware and both failed on my sample.

    Wanna really be safe? Use virtualization

  • donjuan31 on 26 Sep 16 @ 02:08 PM #

    @WinXPert
    SIr Pag po ba nilagay ko yung 360 TS kelangan ko burahin yung Avira AV ko?
    Saka Ano Po Yung Virtualization? Palink naman kung meron po.. Di ko po masyado magets eh nag search na po ako kay google eh. Salamat po..

  • infoseeker on 26 Sep 16 @ 03:01 PM #

    Respect to sir winxpert, hindi naman po nya sinasabi na hindi na kayo tatamaan ng ransomware kung gagamit kayo ng 360
    Wala po kasing pinaka the best na anti virus
    The best po talaga is dun sa gagamit pa rin para maiwasan ang ransomware o sabi nga "safe computing"

    Backread ka na lang kung ano advice ng karamihan sa paid AV para at least magka-idea ka

    On virtualization, check mo sa google at youtube
    How to install virtual machine pc

    Others naman are using "live cd os"



    On regards sa ransomware, google nyo na rin how to avoid ransonware
    Or how to be safe from ransomware

  • WinXPert on 27 Sep 16 @ 10:04 AM #

    My security settings. Better safe than sorry. Don't turn off Avira Engine

    My screenshot, sorry can't upload image. just click on the link
    <click here for link>

    I have these choices for Anti-Ransomware, Bitdefender, Kaspersky and Malwarebytes. I tested all three with a new ransomware (Sept 20). Only Malwarebytes detected and blocked my sample.

    Respect to sir winxpert, hindi naman po nya sinasabi na hindi na kayo tatamaan ng ransomware kung gagamit kayo ng 360
    Wala po kasing pinaka the best na anti virus
    The best po talaga is dun sa gagamit pa rin para maiwasan ang ransomware o sabi nga "safe computing"


    +1

    -- edited by WinXPert on Sep 27 2016, 10:05 AM

  • infoseeker on 27 Sep 16 @ 10:09 AM #

    ikaw na boss winxpert :)

    talagang tinesting mo sa virtual machine mo ransomware ah :D

    -- edited by infoseeker on Sep 27 2016, 10:13 AM

  • kerneloop on 27 Sep 16 @ 10:30 AM #

    wag po kasi kayo download ng executable file ng kung anu-ano offer ng isang site. example yung mga pang crack software na hinahanap nyo. kung d nyo maiwasan to. at gusto nyo talaga malaman kung ok na gumagana. testing nyo muna sa virtual machine para hindi madali host pc nyo. ganyan gawin nyo lalo na kung hindi trusted yung source ng executable file or installer na dl nyo or nagdududa kayo kung infected sya ng kung anu-anong malware.

    +1 to Malwarebytes = the only protection I have on my windows gaming pc. Majority of my pc usage is Linux OS for worry free. Kung may makikigamit ng pc for net surfing, sa Linux OS sila pde lalo n kung medyo noob user haha.

  • WinXPert on 27 Sep 16 @ 12:57 PM #

    Programs used for Virtual Environment Testing

    Sandbox in 360 TS, Avast, etc.
    Sandboxie <click here for link>
    Deep Freeze
    Shadow Defender
    Time Freeze <click here for link>
    rollback rx <click here for link>

  • WinXPert on 27 Sep 16 @ 12:58 PM #

    Happy Birthday mixmasta

  • donjuan31 on 05 Oct 16 @ 12:33 AM #

    @winxpert
    @infoseeker
    @kerneloop
    Salmat po mga Sir nagkaroon na ko ng idea ngayon.

  • Espiya01 on 10 Oct 16 @ 10:47 PM #

    mga sir ano purpose nitong si Malwarebytes Anti Exploit? sa system ko

  • farballz on 11 Oct 16 @ 02:55 AM #

    Mga sir, bago lang dito sa TPC. Ask ko lang. Okay lang ba sabay ang mcafee (premium) at mwb? ty

  • mixmasta on 11 Oct 16 @ 04:03 AM #

    WinXPert Send Message View User Items on 27 Sep 16 @ 12:58 PM #
    Happy Birthday mixmasta
    haha. Ngayon ko lang to nabasa. Thanks idol!

    mga sir ano purpose nitong si Malwarebytes Anti Exploit? sa system ko

    Binabantayan yan ang links at backend exploits. Parang regular antivirus lang na may kakayahang bantayan ang mga websites bago pa sila makainstall ng malware sa pc.

    Mga sir, bago lang dito sa TPC. Ask ko lang. Okay lang ba sabay ang mcafee (premium) at mwb? ty
    Usually, wala namang compatibility issues ang MWB KUNG maayos ang setup. Ang tanong na lang eh kaya ba ng computer? Maayos ba ang firewall setup niyang dalawa?

  • infoseeker on 11 Oct 16 @ 08:54 AM #

    StrongPity 'Advanced Persistent Threat' Goes After WinRAR, TrueCrypt Users, Says Kaspersky
    by Lucian Armasu October 10, 2016 at 4:25 PM - Source: Kaspersky


    Kaspersky announced the discovery of a new "advanced persistent threat" (APT) attack called "StrongPity." The attack involved infecting installers of WinRAR and TrueCrypt on sites that distributed the two apps.
    Encryption Tools Users Targeted
    Kaspersky’s research team has noticed that over the past few months, there has been an escalation in attacks against users who are looking mainly for two software programs: WinRAR and TrueCrypt.
    TrueCrypt, which has been abandoned by its original authors but has been continued through other projects such as VeraCrypt, is a well-known drive encryption software. WinRAR is a popular file archiver utility for Windows, but it’s also often used to encrypt files.
    Waterhole Attacks
    The users were infected through “waterhole attacks,” which are attacks that put malware on certain websites where targeted users are likely to visit. The StrongPity attackers would insert trojans into the installer files of WinRAR and TrueCrypt on various distributor sites, from where users would download them and infect their own systems.
    The attackers are able to take complete control of their systems through the infected installers. They can also steal disk contents and download additional malware components that allow them to collect contacts and monitor communications.
    Belgium And Italy Most Targeted
    Users were most targeted in Belgium and Italy. In Belgium, the attackers built fake websites from which they would make the infected installers available. In Italy, the StrongPity attackers infected the software installers on an existing software distributing website. Kaspersky noticed the fraudulent activity in both Belgium and Italy earlier this year, in May.
    Kasperky Lab data revealed that over a single week, hundreds of systems throughout Europe and Northern Africa/Middle East were infected by StrongPity malware.
    ”The techniques employed by this threat actor are quite clever. They resemble the approach undertaken in early 2014 by the Crouching Yeti/Energetic Bear APT, which involved trojanizing legitimate IT software installers for industrial control systems and compromising genuine distribution sites,” said Kurt Baumgartner, principal security researcher, Kaspersky Lab.
    “These tactics are an unwelcome and dangerous trend that the security industry needs to address. The search for privacy and data integrity should not expose an individual to offensive waterhole damage. Waterhole attacks are inherently imprecise, and we hope to spur discussion around the need for easier and improved verification of encryption tool delivery," he added.
    Code Signing And Verification
    The ideal protection against this sort of attack, where you get an infected file that should otherwise be legitimate, is "code signing" and "signature verification." This is especially important for encryption software that’s more likely to be targeted by sophisticated attackers, such as nation- states.
    However, checking a file’s signature isn’t an easy enough task for most people, so most people don’t bother or don’t even know how to do it. Easier ways to verify a file’s integrity by comparing it to the original source are needed. Until then, Kaspersky said that strong anti-malware and dynamic whitelisting solutions will be more necessary than ever.

  • harizen on 11 Oct 16 @ 07:13 PM #

    Good day po mga boss. May problema lang po ako and need some advices.

    Ganito po ang nangyari, nagtratransfer po ang kapatid ko from CP to PC.

    While transferring photos, nagblue screen po ang PC which ang error is Page Fault in Non Paged Area tapos continous restart na po siya.

    Kapag magrerestart siya at nakapasok na sa desktop may magpopop up na Chinese Website ba iyon or something like that which is ang URL is uc.exe.

    Napapasok ko pa ang safe mode para mag repair or recover pero pag pipili na ako ng account di na nagfufunction ang keyboard kaya di matuloy ang progress.

    Sana may makatulong sa akin. DI ko pa nabackup mga files ko.

    Salamat.

    Running on Windows 10

  • GerEdc22 on 11 Oct 16 @ 07:29 PM #

    Most likely pati yung Safe Mode na take over na ng virus. If the keyboard suddenly works then download malwarebytes free version and scan

  • harizen on 12 Oct 16 @ 03:45 AM #

    Regarding sa concern ko sa taas , ok na po iyong lagi nagrerestart at nawala na iyong chinese ek ek. Tinyaga ko lang mapindot iyong reset pc. So i wait 1hr and ok na.

    Ngayon ayaw naman gumana ng keyboard at mouse. Wala rin cursor. Sa startup lang siya nailaw. Hay ano kaya prob. Salamat po.