Posted on 06/20/2016 7:31:04 PM PDT by Swordmaker
Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated. Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.
Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.
One security expert said the approach was likely to fool many victims. "It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.
"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."
(Excerpt) Read more at bbc.com ...
Hats off for the tip!
I added a DWORD key “Enabled” but that just doesn't look right.
Plus I am on Win 10 64-bit. Do I need to add a QWORD entry?
Search your system for .js files, or create a dummy using notepad (making sure it doesn't have .txt appended to the .js extension). I found a ton of .js files related to a game I have installed. Double-click the file and you should see the exact error shown in the article. I'm assuming you have restarted the computer since creating this DWORD value.
Does anyone know what could be causing my problem with my computer. It still has 7.
On the 13th around 2-3pm central time when I was out of the room, I came back to a black screen but the computer was still on. I hit the keyboard a few times and it came back up but something had opened Windows mail and live and was doing a search of my files. I turned off the internet and closed them all out but the screen kept going black and it kept opening searches. I finally deleted the Mail and Live which I don’t use anyways but I still have it trying the searches. I have the internet unplugged.
I have run several cleaners and virus scans.
Today I was running AVG and it did the blackout a few times and then it was trying to delete AVG. I turned off the computer as soon as I could.
I ended up pinning the Task manager and a few of the others because it often does it several times in a row and even locks and messes with the password entry. I sometimes didn’t even have time to start looking at the tasks or start a scan.
Some of the searches have 0,i6* ect in many combinations.
It also does this in safe mode.
For a while I couldn’t type in msconfig because it wouldn’t let me type i and it would go black for a few seconds and back to opening the search.
Nothing I have done has lasted for more than a few hours.
Sounds like you have a root kit malware installed. It will work even in Safe Mode, unfortunately.
Check out this youtube for instructions on how to remove a RootKit from your Windows 7
It has instructions from Kaspersky's and links you to a remover. I hope this helps.
What he (Swordmaker) said. Yep.
Thanks, I will give that a try tonight.
Today I turned on the computer and it of course was happening again but I had looked up some of the things running that I did not recognize from being on the list in the past few weeks. One of them was WUDFHOST which is supposed to be running but not supposed to show on the task manager.
I turned it off for now and it seems to be at least part of the problem. Running some scans and then will see after I restart. Been on for over 4 hours without a problem since I made the changes. Still not connected to internet.
I do think the problem is bigger so I won’t stop looking until I am positive it is clean.
Now I am also making sure this XP netbook is up to date on the scanners and such.
I always used to be very proactive making sure everything was updated and ran at least once every week, but I have really let some things go too long for the past year.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.