Page 5 of 5 FirstFirst 12345
Results 41 to 47 of 47

Thread: Activation issue on Windows 10 Home OEM + Windows Store suggestion

  1. #41
    Senior Member
    Join Date
    May 2014
    Posts
    116

    Default

    I did post here for not to say I did not warn Windows. Activate Windows hides a Ransomware !!!!!!!!!!!!!!!

    I did try to phone them once but somehow, cellphone not linked to the computer neither to the phone line in the computer had noise put by Ransomware in it so I couldn't tell Windows, but I did tell Windows users haha =)

    OK, I explain, sadness and too much emotions like that make me smile, something is wrong with me, I think I can win it, but my smile hides lots lots of fright as before yesterday I did have too much high tension because of issue and I could not sleep, and maybe it was due to my throad pharynx, but was surely issue, I felt I was going to die, so I did sleep on my back, OK should be on my left, but was if there was something in my blood, maybe too much salt, or maybe I am getting in panic and was just a very bad reaction to humidity and to the fact I don't like travelling although I adore visiting new towns.

    Anyway, I'm looking for help. And no idea if I will stop using Windows after that for not to loose nothing, and if Ubuntu Linux Studio is safe or should I go to an unknown OS and system that won't work at all and won't have GIMP and nothing usefull and that won't recognize none of my devices ?

  2. #42
    Senior Member
    Join Date
    May 2014
    Posts
    116

    Default

    I'm in contact with WINDOWS =)

  3. #43
    Senior Member
    Join Date
    May 2014
    Posts
    116

    Default

    I did told Windows. Couldn't put the stars on it :/ as I was doing pictures and it disconnected. Now either Windows Defender fixes it, else it lets it spread. Not my problem. I told them. Did my job. They do what they want with it.

    Will ask money back and get only Linux on here =) but I have no idea at all if it is safe or not.

    If Windows Defender gets the guilty, I as telepath, not really telepath, have something to solve with it, bad idea to eat Sauron.

    Still no idea on what to do for my files. Lost in informatics.

    Tomorrow Ubuntu Studio only, hope not too many bugs, but my problem.

    I don't believe at all in Ubuntu Linux being safe against Ransomware. I need a forum to check for them without Windows ? Because it is amongst files left. It could reactivate.

    I could also keep my Windows licence, but I won't use Windows. I'll have to see what Linux has to give me first for the next 5 years as this bug had hitted a little Ubuntu Linux in the past, as I had a pseudo activation issue on Ubuntu Linux. So not safe. I need to take it out of all of my files, anytime anywhere.

    Yes it couldn't reach world wide servers in Linux, so maybe they are planning bad things on my Linux too ?

    I willl ask Malwarebytes for it, even if I don't have at all Malwarebytes, or would need a better forum, where ?

    If you have forum ideas, please tell me, you already told me plenty of FORUM ideas. I just need wiping on my personal files. Wiping the bad. I did flood today. I know it is wrong.

    So sorry. Sorry Sorry.

    Thank you very much for all this help and have a good night =)

  4. #44

  5. #45
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    Even if you actually had a ransomware infection, reformatting your computer would wipe it out.
    The forum below can assist with this
    https://forums.whatthetech.com/index.php?showforum=119

    The photos you took said there was a threat. I do know that if you were hit with ransomware you would get a window telling you to pay money to get encrypted files back and you have never said this.
    It would also tell you a web site to go to and how to go about contacting someone for a decryption key, and you would find all your photos and files with extensions and nothing would open on demand.

    It might be possible, if you create a new user profile, go back and delete out all old ones?
    I don't know.

    Since we have done all we can do here, and you have run the tool to remove all quarantined, we can close this topic now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  6. #46
    Senior Member
    Join Date
    May 2014
    Posts
    116

    Default

    Hello, yes, you do have this picture.

    I did format to Ubuntu =) So I'm free. Although I must solve: Firefox as it don't let me upload here, needs profile to be deleted as there was a suspect profile in outside scan, and cell phone, needs SD Card and Cell phone to be changed as they did noise to phone call.

    CyberReason Ransom Free did delete the Ransomware virus on C:\ that is why it did not ask money.

    But I was too much in panic and no battery although I could, but I didn't to take a picture of CyberReason Ransom Free list of files it did delete.

    The trash recycle bin got stuck with the folders and files from the Ransomware.

    None of those files are mine. In my opinion they were generated from millions of bits hidden in C:\ and in my opinion the Ransomware comes in small bits pieces too although there was this $mages a imprimer.docx that made it wake up when I did not delete it to check why it was saying to be a system file needed for the computer to work.

    I didn't open the files, in my opinion, after the day, there must only be ugly awful things against law inside those files. And there was no way to delete them as recycle bin did stuck.

    Maybe you don't know how CyberReason Ransom Free works, maybe it's illegal to talk to them, but they did things right in my opinion, and I don't think BitDefender would have been able to freeze the infection. In fact if I had no panic, I could wait for hours before clicking on :


    Stop clean the threat?
    No Let it run vs Yes Stop & clean the threat

    As there was the link: view affected files on the Window called: Cyber(my picture from here is not neat -Reason) - Ransomware activity has been detected !

    First line does say: c:\Windows\explorer.exe (started on Friday, Nov 30 at 2:27 PM) might be attempting to malicious encrypt files on your hard drive and has been suspended. Another process may be trying to conceal its activity by abusing c:\Windows\explorer.exe.

    Cybereason strongly recommends that you click 'Yes' to stop the process to avoid possible encryption of valuable files (e.g. documents, photos, videos, etc.). If you are certain this instance of c:\Windows\explorer.exe is safe, click 'No'.

    View affected files >
    (and that was my error not to take a picture / screenshot wasn't working on the View of it but did work without the View / of that sorry :( )

    Stop clean the threat ?

    No Yes
    Let it run Stop & clean threat

    Ransomware blog - contact us - Q&A


    So I am very sorry that my information can't help Windows users :'(

    But good luck to all =) And thank you very much.

    If it's safe, I might use my new Windows Home in the Virtual Machine in Ubuntu so to have the programs that don't need drivers back =) I will also try Wine. But I feel better now. =)

    Thank you very much and sorry for the trouble =)

    I do hope Windows to catch this fake Activation virus that hides a Ransomware that for luck, I had computer almost empty, and for luck it was stopped before encryption started and before the whatever sign to appear on my desktop, and it only did create a few folders and files not mine, some of them were empty, those I sent you was not mine, it was a souvenir from the bad Ransomware that couldn't know he had not kill me yet =)

    So thank you =)

    I'm also very sorry for the flood, was panic :'(

    You can close topic =)
    Attached Images Attached Images

  7. #47
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,672

    Default

    Trying to find answers as to why and what this tool is doing is hard since I don't use this but I did come across interesting comments.

    It's possible these files are being created by the tool itself,
    https://forums.malwarebytes.com/topi...on-ransomfree/


    https://www.bleepingcomputer.com/for...l-on-computer/
    name="quietman7" post="4454908" timestamp="1519934729"
    Cybereason RansomFree is a program which deliberately creates hidden dummy folders containing randomly named .bmp, .png, .gif, .jpg, .pem, .xls, .mdb, .txt, .sql, .docx, .doc, .xlsx, .xls, .rtf, and .txt files in various locations (and partitions) on your computer as part of its functionality. These are actually trap (bait) folders and "canary" files...patterns of files and hidden virtual files that ransomware is attracted to. They are monitored for any changes and meant to be targeted for encryption by ransomware before actual data files. When the anti-ransomware program detects any of these files has been modified it will display an alert that an attack is occurring and ask if you wish to terminate the process that is trying to access them. This feature is sometimes referred to as "Honeypot Detection" or "Entrapment Protection" but is commonly misidentified by users or incorrectly reported as being related to malware.

    This is Nathan Scott's explanation of Entrapment Protection from his now closed EasySync web site in this topic.

    Entrapment Protection
    Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!
    Common dummy folder locations with random names typically include My Documents, Desktop and common folder variables such as %User Profile%, %AppData%, %LocalAppData%, %ProgramData%, %Temp%.


    RansomFree also deploys a Disconnected Network Drive (A) which is related to additional protection and detection of ransomware. The developers do no recommend you tamper with the drive.

    If you attempt to remove these files and folders, RansomFree will re-create them. In fact, any attempt taken to delete (modify) the files or folders most likely will be interpreted as possible ransomware activity and trigger a warning alert or initiate some action by RansomFree.

    The use of trap (bait, canary) files and folders is not a 100% solution...some data files probably will end up being encrypted by ransomware but whatever helps with prevention, I consider useful.
    I think from this point on, you have questions, you should try to contact CyberReason Ransom Free forums

    I will now close this topic.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •