i think i finally came into contact with a cryptobit virus

Dan

Dan

Supreme [H]ardness
Joined
May 23, 2012
Messages
8,020
a customer came in with the FBI/DoJ virus and was routine. cleaned it up ran scans everything is peachy. his poker game works, email, blah blah blah. He gets home and says "my pictures are corrupt it says, so is my music and documents"
after he brought it back and sure enough hes right. and all over his music/docs/pictures is a picture saying download TOR, and go to this random .onion website. At this point i stopped what i was doing and told him to drop it off again so i can check this out. Is this the "legendary" crypto virus? and anyone seen this before:confused:
 
Sounds familiar, but I don't remember hearing anything about a FBI/DOJ page being used for it. I know that's what they used for the Pedo Trojan which I got infected a few months ago on a independent political website. Scared me half to death thinking it was that ridiculous crypto virus, ended up restoring worked just fine.

Doing some searching it appears there are some options although I don't know how useful they will be. This is a new nasty that is likely to become the norm and god help us all.

http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information

If you scroll down they have a program specifically targeting MP3's, Pictures, and Files which leads me to believe that maybe it is a version of the crypto virus and there is a possible fix?

From now on I'd recommend you start shutting down machines instantly you notice an infection as it'll spread to any storage medium connected to a machine. That's exactly what I did after learning about how it works. I'm just glad it wasn't that one when I got hit by a drive-by download myself. I mean the one I got hit with I think would trick 95% of the people out there. Appeared on a site that happened to have youtube embedded video and it used the built-in Flash update feature in the browser looking all signed and convincing like. Didn't help I read a story about Adobe updating their plug-in due to a vulnerability soon before.

Good luck. My stomach turns every week I listen to Security Now podcast.
 
Oh gosh, I've been terrified of getting infected with this. Anyone else have experience getting infected with it (or seeing machines infected)?

I'm curious how it typically comes about. I'd guess it's just a standard infected .exe/rootkit type situation?
 
Yeah, nasty. It's mostly spread as a Trojan through none other than email attachments from what I've read thus far. Sad thing about it is the number of people that don't have backups of their important data.
 
heatlesssun said:
Yeah, nasty. It's mostly spread as a Trojan through none other than email attachments from what I've read thus far. Sad thing about it is the number of people that don't have backups of their important data.
Click to expand...


Or have their backups connected directly via USB *cough* me *cough*.
 
Alright. So it is infact the virus, and yes it does spread through your network. Another customers computer got clamped down **there is no shared media between the infected computer and the clean computer. The only thing I can think of is if the clean computer allowed network sharing and offered full read/write privileges to the network. Upon investigating all other computers, they had this feature turned off.** . I also have figured out how to fix it. You do the basic stuff to rid yourself of it. ie: combofix, Mbam, ect ect.

The software infact doesnt encrypt your files at all, It corrupts them. It takes the first 512 signatures of said file and pushes them to the back, and fills the front up with random crap so it becomes corrupt. there's a peice of software that fixes this. *i will link once i get home*

The virus also turns your PC into a mining rig. I have yet to figure this part out.
 
pliskin679 said:
The software infact doesnt encrypt your files at all, It corrupts them. It takes the first 512 signatures of said file and pushes them to the back, and fills the front up with random crap so it becomes corrupt. there's a peice of software that fixes this. *i will link once i get home*

The virus also turns your PC into a mining rig. I have yet to figure this part out.
Click to expand...


Same software that I linked earlier? There are so many variants of it now. At least there is a fix for you.
 
Cryptocurrencies are the lamest thing ever invented. Most of their use is criminal and they inflate hardware prices.
 
Sorry to hear about that. The data itself is lost unless the person has a backup though. (There is no known way to decrypt the data at this time.)
 
I just got done cleaning up my second network infection of this crap in the last couple of months...find the offending pc's shut them down, secure erase and restore. Find all corrupted/encrypted network files and restore from previous night's backups. Watch some employees whine and then tell them too bad, deal with it....I hate these dam virus writers.
 
ManofGod said:
Sorry to hear about that. The data itself is lost unless the person has a backup though. (There is no known way to decrypt the data at this time.)
Click to expand...

you dont know what your talking about apparently lol. Ive recovered all the files off both of the machines here. And yes, i used the bleeping computer article to help out. I really hate to say it, but who ever made this is a genius. I always wanted to give the person who made the FBI/DoJ virus commission cause that virus is easy to fix. I've made tons of money off it lol.
 
pliskin679 said:
you dont know what your talking about apparently lol. Ive recovered all the files off both of the machines here. And yes, i used the bleeping computer article to help out. I really hate to say it, but who ever made this is a genius. I always wanted to give the person who made the FBI/DoJ virus commission cause that virus is easy to fix. I've made tons of money off it lol.
Click to expand...

If were talking about the same type of infection there is no way in hell you recovered any encrypted files without backups or paying the ransomware.
 
Last edited:
pliskin679 said:
you dont know what your talking about apparently lol. Ive recovered all the files off both of the machines here. And yes, i used the bleeping computer article to help out. I really hate to say it, but who ever made this is a genius. I always wanted to give the person who made the FBI/DoJ virus commission cause that virus is easy to fix. I've made tons of money off it lol.
Click to expand...

I am sorry but, telling me I do not know what I am talking about and then providing no solution is no help at all. :rolleyes::p Do you have a link that helps recover the files without a working backup? PCJunkie is correct though if we are talking about the same infection.
 
B00nie said:
Cryptocurrencies are the lamest thing ever invented. Most of their use is criminal and they inflate hardware prices.
Click to expand...

I'd venture to guess that this is an unpopular view on most internet forums but I'd have to wholeheartedly agree. I never did see much use for them outside of the criminal element (which, incidentally, is what these "ransomware" virus' appear to use).
 
AudiTuner said:
I'd venture to guess that this is an unpopular view on most internet forums but I'd have to wholeheartedly agree. I never did see much use for them outside of the criminal element (which, incidentally, is what these "ransomware" virus' appear to use).
Click to expand...

Yep cryptocurrencies are yet another incentive for idiots around the world to attempt to hack machines for their farms. A fart currency would be better. Bottled farts are also limited in obtainability. Why not put a dollar value on bottled fart that forms a visible ooze in the bottle through enriching, instead. That way our machines would stay in peace.
 
B00nie said:
Bottled farts are also limited in obtainability.
Click to expand...
My dog has unlimited farts available for bottling. Cryptocurrency is more like trading or posting derivative bets with your electricity, which has actual value, you can buy it or sell it to the power company if you can make it.
 
Bluesun311 said:
My dog has unlimited farts available for bottling. Cryptocurrency is more like trading or posting derivative bets with your electricity, which has actual value, you can buy it or sell it to the power company if you can make it.
Click to expand...

One could argue that your computers have unlimited clock cycles available for mining. Dogs need to eat to produce farts so you trade or post cans of dog food and trade it to a limited obtained commodity, dog farts. Therefore dog farts surely have coin value.
 
B00nie said:
One could argue that your computers have unlimited clock cycles available for mining. Dogs need to eat to produce farts so you trade or post cans of dog food and trade it to a limited obtained commodity, dog farts. Therefore dog farts surely have coin value.
Click to expand...

Compelling argument. I'm going to start my own backyard breeding operation, purely for the valuable (but not yet widely accepted) dog fart currency. The best part is that I can sell the puppies to dog lovers when I'm tired of bottling their farts. It's a brilliant (yet sick) win-win.
 
AudiTuner said:
Compelling argument. I'm going to start my own backyard breeding operation, purely for the valuable (but not yet widely accepted) dog fart currency. The best part is that I can sell the puppies to dog lovers when I'm tired of bottling their farts. It's a brilliant (yet sick) win-win.
Click to expand...

There's a Nobel Prize in there somewhere if you can really focus your energy. :D
 
what a BITCH this is. This is crazy. I need to manually go through every MP3 and do them manually. and the "batch" stuff like the .jpg fixer only does the subfolders. like c:/pictures/2012. I cant do all of pictures.
http://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBit.zip
is the software used.
sorry for stating you dont know what your talking about, been stressful couple of days and I appreciate your input.

this customer has like 300 picture folders from everytime he hooked up his camera, and this software cant fix Video files.
 
You must log in or register to reply here.
Back
Top