作者dcsr (风之股动)
看板AntiVirus
标题Re: [问题] 中勒索病毒 .gyjkmyli
时间Sun Aug 12 12:52:32 2018
※ 引述《hiyasa (asashi)》之铭言:
: 请教下
: 中了勒索病毒 gyjkmyli
: 查下似乎是新品种
: 当下已放弃档案 并想format 更新到win10 (目前用win7)
: 我查下有些档案(jpg)没被加密 可以开启 这些都安全吗??
: 我是想用随身碟带走正常开启的档案 若放入其他电脑会不会也中毒??
: 谢谢!
我也中了
附档名後面加上awwjfvkw
看板上各位 新型的是後面加上附档名後面随机8个英文字
但是现在网路上没有找到解法
现在只有先拿卡巴司机将源头砍了
readme的里面讯息是
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN
ENCRYPTED!
====================================================================================================
Your files are NOT damaged! Your files are modified only. This modification
is reversible.
The only 1 way to decrypt your files is to receive the private key and
decryption program.
Any attempts to restore your files with the third party software will be
fatal for your files!
====================================================================================================
To receive the private key and decryption program follow the instructions
below:
1. Download "Tor Browser" from
https://www.torproject.org/ and install it.
2. In the "Tor Browser" open your personal page here:
http://nm9m0h6kfve208cxmve.smxpvudyf3avtk7r.onion/awwjfvkw
Note! This page is available via "Tor Browser" only.
====================================================================================================
Also you can use temporary addresses on your personal page without using
"Tor Browser":
http://nm9m0h6kfve208cxmve.putshis.space/awwjfvkw
http://nm9m0h6kfve208cxmve.wetook.host/awwjfvkw
http://nm9m0h6kfve208cxmve.nowsays.pw/awwjfvkw
http://nm9m0h6kfve208cxmve.toowe.site/awwjfvkw
Note! These are temporary addresses! They will be available for a limited
amount of time!
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 125.231.45.87
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/AntiVirus/M.1534049554.A.E18.html
1F:→ brianuser: 到底哪来这麽多害我好好奇 08/12 12:53
2F:→ dcsr: 应该是後面随机8个英文字母 等高手解开 08/12 13:02
※ 编辑: dcsr (125.231.45.87), 08/12/2018 13:05:16
3F:推 estupid: 请留下作业系统 有无更新 防毒软体 连网方式 08/12 17:19
4F:→ estupid: 中奖前有没有按过可疑的东西 供後世参考 08/12 17:20
5F:→ dcsr: win7 无更新 没装防毒软体 08/13 19:22
6F:推 popbitch: 没装防毒还能拖到现在才中也太猛 08/13 19:56
7F:推 waterblue85: win10不更新一样啦 天择 08/14 11:43
8F:推 MVagusta: 其实已经有很多人在讨论最近的新病毒,目前还没有正式 08/14 14:09
9F:→ MVagusta: 式的知道这是哪一款病毒,但应该是wcry的变形建议先将 08/14 14:09
10F:→ MVagusta: 档案存起来之後也许趋势的解密工具可以帮忙解,然後也建 08/14 14:09
11F:→ MVagusta: 议装防毒,pccillin的勒索克星就是针对勒索病毒的,可以 08/14 14:10
12F:→ MVagusta: 试试 08/14 14:10
13F:→ valsione: 我有中 用趋势的分析会说跟JIGSAW很像 不过解不了 08/14 15:20
14F:→ valsione: 只能看硬碟有没有冷备份了 08/14 15:21