Login

recep03500 · 12-26-2021, 01:03 AM

Hello, I have an acer 5750~g series i5 2nd generation laptop about 1.5 months ago (RIGJ) (MOIA) Under Swrtifi with EXTENSION Infected with Virus and changed all my memory its Extension Revert Extension but I can't open my files, photos and videos. Please I'm waiting for support. Thank you Recep from Turkey

Maxinator500 · 12-26-2021, 01:07 AM

Is this virus requesting payment?

recep03500 · 12-26-2021, 01:07 AM

yes i have come across the possibility of ransom virus researches

recep03500 · (This post was last modified: 12-26-2021, 01:20 AM by recep03500.)

Also, whenever I turn on my laptop and change the hdd, it doesn't work. They make a connection, what should I do?

Maxinator500 · 12-26-2021, 01:24 AM

(12-26-2021, 01:07 AM)recep03500 Wrote: yes

If you want to recover data, follow what this virus asks for.

recep03500 · 12-26-2021, 01:27 AM

? ???

Maxinator500 · 12-26-2021, 01:29 AM

What is this virus called?

recep03500 · 12-26-2021, 02:51 AM

txt formatında açıklamasını atabilirim istersen

recep03500 · (This post was last modified: 12-26-2021, 03:02 AM by recep03500.)

File Information
Size553KSHA-1c32b61c45986dc968a5f171d3908529f696fbd5fMD58d73e53c7ea2fe803c7d6f1d5033a94fCRC-32b039e34aFile typeapplication/x-ms-dos-executableFirst seen2011-04-20
Runtime Analysis
Copies Itself To
c:\Documents and Settings\test user\Local Settings\Temp\ircbsbot.exe
Dropped Files
c:\Documents and Settings\test user\Local Settings\Temp\data.dat
Size32SHA-1a63834dcdb4c35d355adff7bb74e707a6aff5a18MD5b631415fa89b240b97137ec5667af007CRC-328365a11eFile typeapplication/octet-streamFirst seen2011-04-20
Registry Keys Created
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
winlogonC:\DOCUME~1\support\LOCALS~1\Temp\ircbsbot.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winlogonC:\DOCUME~1\support\LOCALS~1\Temp\ircbsbot.exe
HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
NT4CULVUBIApril 20, 2011
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DoNotAllowExceptions0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
c:\test_item.exec:\test_item.exe:*:Enabled:Windows Messanger
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
winlogonC:\DOCUME~1\support\LOCALS~1\Temp\ircbsbot.exe
Processes Created
c:\windows\system32\cmd.exe
c:\windows\system32\reg.exe
DNS Requests
eastncballer.dyndns.info

https://ibb.co/MGygQp8

Maxinator500 · 12-26-2021, 03:37 AM

(12-26-2021, 03:00 AM)recep03500 Wrote: ircbsbot.exe

There is no information on the search for the file name on the net and, accordingly, there are no existing solutions. When activated, this virus establishes remote communication with the attacker's computer, so it can assume that the virus can either encrypt and allow to see your private files, but that doesn't matter.
Could you send me a downliad link to this file IN PRIVATE MESSAGES? For safety.

Login
Username:
Password:	Lost Password?
	Remember me