RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    That's the magic ;)
     
  2. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    Let s see if the next version will remain as a permanent installed item :)
    I have also observed that events/alerts are logged in advanced mode sometimes , but no pop-up shows up to block or allow , it just reports some suspect behaviour in relation to benign files , like Screamer for example.Maybe more interactivity with the user is required for the HIPS component ?
     
  3. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
  4. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi Moose,

    Thanks for pointing to the MT discussion. We made some changes in the last release to clean up better. One of the samples ran in that video messes with registry settings that changes default file actions for a bunch of file types. That's why all the links on the desktop turned blank. RO stops the encryption of that sample but the registry changes occurred before that happens. So the new update adds additional registry checks to mitigate that kind of damage. Doesn't cover everything but should be enough to help get the system back to a better state.
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,390
    Location:
    Under a bushel ...
    Recommended Realtek HD Audio Driver 6.0.1.8569 update for my Dell XPS 13 via Dell SupportAssist triggered a ransomware alert.

    Temporarily disabled RO, no problem.
     
  6. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Greetings/Salutations:geek:


    Do you have a time period for the next update/release, ect...?;)



    Kind regards,

    Moose


    PS. @paulderash,

    Always close your Security Software when updating Drivers!!!!
    For example, RO...ect. Be protactived...
    Then restart/reboot your PC. Waiting, until your PC fully boot
    up. Then restart your Security Software, if it did not already
    start on it own....
     
    Last edited: Dec 28, 2018
  7. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Greetings/Salutations:geek:

    Could you make sure that RO will stop, Scorpion 3.1 and/or Ransomware scorpion?
    Please! Thank you!...

    Always the best,:)

    Moose


    Source: https://www.youtube.com/watch?v=lze7IW0KSKw


     
    Last edited: Dec 31, 2018
  8. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi Moose. No idea what Scorpion is or what it does so hard to develop counter measures. It's awfully easy to break Windows and many of those cases are outside of RO's purpose of stopping ransomware. Good backups are your friend in situations where the malware just trashes everything.
     
  9. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Follow-up:

    From: Moose

    Below:



    Published on Nov 25, 2018
    Test Scorpion Virus Version 3 in Windows7/Windows10 Using Virtual Machine (Oracle BOX) - Most Powerfull Virus Ever !

    Scorpion is a Ransomware which affects Microsoft Windows systems. This ransomware was sent to the FMV (fan-made virus) series of the popular malware YouTuber Siam Alam. it actually was made by Arab TEC, a YouTube channel from Jordan and made videos about Visual Basic, the file is compressed by a ZIP file, for extracting it, the user needs a password, when its extracted it will have a Readme text file and the executable.

    Version 3 completely change Scorpion vírus instead of reseting computer upon activation the screen cuts to a citamatic screen first it cuts to a broken/updated T.V. screen then it cuts to the scorpion logo going down then it finally stops and is greeted with:
    welcome to scorpion virus
    Your computer is dead

    after restarting the windows user can not use it again !.
    رابط القناة : http://www.youtube.com/ArabTEC2010
    صفحتنا على الفيس بوك : http://www.facebook.com/ch.ArabTEC


    Source: https://www.youtube.com/watch?v=lze7IW0KSKw

    I remember few months ago I also ran that Scorpion 3.1 against KIS in a VM. But we had slightly different results though, unlike the video, instead it shows the desktop, mine was it went immediately to BSOD. After the result, I immediately sent the sample to their virusdesk. I'm surprised that until this day they didn't still add this malware to their databases.

    Source: https://malwaretips.com/threads/kas...ee-2019-warball-communauty.88975/#post-787275

    Always the best,

    Moose

    P.S.
    Examples of Good Backups, when windows will not start?
    That you would suggest?
     
    Last edited by a moderator: Jan 1, 2019
  10. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Sorry, I will delink all links in future posts.
    Could you please, delink and /or remove
    https: www from the above posts. Just
    wanting to make sure....

    #1083
    #1084
    #1085


    I would apppreciate your help and thanks
    for letting me know!!!!:)

    Sincerely,

    Moose
     
  11. jagth

    jagth Registered Member

    Joined:
    Feb 25, 2019
    Posts:
    6
    Location:
    Warszawa
    it's so laggy on my pentium dual core :D after few hours it make chrome and brave browsers disconnecting from the internet
     
  12. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    That's unusual behavior. It's likely not Chrome or Brave related. What other security software do you have on your system?
     
  13. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Greetings/Salutations:geek:


    Next update/release, ect...? of RO....





     
  14. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    604
    Location:
    Wallachia
    I have observed similar behavior to what jaght reports while using Screamer Radio as this one is starting also from a non Program Files location maybe.Maybe it s location related.I think i have reported it in this thread.
     
  15. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    No planned release right now. We will try to figure out what is possibly causing connectivity issues and if we can identify it then we will put out an update.
     
  16. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Just checking in, Salutations/Greetings.......

    * Have you been working on any new updates with any new fixes ec..., for RansomOff.?
    * Last was Released 5 Dec 2018
    * It has been a while and/or have you stopped development? Ect....?
    * 7 months with a words.......


    Alway the best,

    Moose
     
  17. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi Moose,

    We have not abandoned RansomOff but just have had to focus on higher priority projects at the moment. We have a few things on our update list but no timeline of when we will be able to get around to releasing a new version. Thanks for checking in though.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,702
    Location:
    U.S.A. (South)
    Hi Dave.

    Appreciation to @Moose World for raising the question IF any further releases of Ransom0ff might be coming through the pipe anytime soon. You take care of those high priorities and know that we're sitting on ready if a new release pops out of the cooker.

    Outstanding killer and crusher of Ransomware ever!! Have A Nice Weekend and Continued Success!
     
  19. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    743
    Location:
    U.S. Citizen
    Greetings/Salutations,

    Appreciate the answer to my question....Because, I was getting scared that RansonOff was being abandoned.
    Or not being keep up to date....ect. Again, thank's for letting us know what has been going on.....

    Questions, does anybody know if there any kind of a conflicts between RansomOff and Comodo Cloud Antivirus (ccav),
    or VodooShield? Latest Versions?

    Many Thanks,

    Moose
     
  20. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    It has been awhile but we should finally be close to releasing an update for anyone interested. There are a bunch of bug fixes as well as a few new features. We have updated the docs awhile to discuss some of them. Hopefully by the weekend we will get it out. Cheers.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,702
    Location:
    U.S.A. (South)
    Greets Dave :thumb:

    Interesting note that since Heilig Defense first boarded this forum with this awesome Ransom0ff that ransomwares intensity tapered off steadily and consistently, postings and dire attacks reported are sporadic at best.

    No, not because of or the contribution of this product in particular but it is noteworthy the timing of it all. Always tracking trends specifically to this type of unique computer threat serves some measure that certain entities in the security community have ramped up and put a bite into matters with defenses against such problems

    Dare say I that your attendance and introduction to this splendid product was no coincidence!
     
    Last edited: Oct 8, 2019
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,390
    Location:
    Under a bushel ...
    Dave, so you found time :thumb:. Will be interesting to see the change log.

    Will it have been tested against Win 10 19H2 update? I uninstalled in mid-September after having 0x80070006 errors with Windows Updates, after re-trialing RO on a relatively vanilla machine after a Win 10 1903 clean install.
     
  23. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Haven't tested against 19H2. 19H2 is only an optional, cumulative update which isn't anything like the past major updates like 1803 or 1903. We'll test against it eventually but right now 1903 is the most recent we tested against.
     
  24. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    I believe we are at a good point to finally release the update. Haven't posted to the site yet so this is like a pre-release update that hopefully folks that take it for a spin can provide some feedback on while we finish a few other things up.

    It's not a complete re-write but we heavily modified the core protection code with the goal to make it more stable and efficient. Obviously also a lot of bug fixes as well along with a few new features like extension filtering.

    https://www.ransomoff.com/downloads/RansomOff.5.2019.287.5281.x86.exe
    https://www.ransomoff.com/downloads/RansomOff.5.2019.287.5281.x64.exe
     
  25. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,590
    Location:
    South Wales, UK
    Hi Dave, have to say that is way cool. Will be installing and hiving this new version a spin shortly. :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.