Turn on thread page Beta
    • Thread Starter
    Offline

    0
    ReputationRep:
    Hi,

    Tonight I recieved an email from a temporay email adress and they are claiming to have information about me knowing I have been torrenting from KAT even though they are down. If anyone knows how to help please help! Also they are threatening to release information about me snd if it helps they are Spanish.

    Thanks
    • Very Important Poster
    Online

    19
    Very Important Poster
    have you run an up to date malware killer and a virus killer?
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by 999tigger)
    have you run an up to date malware killer and a virus killer?
    No i cant as everytime I attempt to install spybot it comes up with Access is Denied then turns me off.

    The thing that annoys me is that i had an email 1 min before saying see ya
    • Very Important Poster
    Online

    19
    Very Important Poster
    Does it send you to a particular webpage? google it and add the word malware to the search to see the solution
    Offline

    22
    ReputationRep:
    Download malwarebytes
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by 999tigger)
    Does it send you to a particular webpage? google it and add the word malware to the search to see the solution
    I have no webpage come up. I have attempted to trace their IP but they are spoofing by using a VPN
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by niteninja1)
    Download malwarebytes
    I downloaded SpyBot which is pretty much the same thing and when I attempt to install it, it came up with Access is Denied then turned off thr computer
    Offline

    22
    ReputationRep:
    Try malewarebytes

    If not download knoppix and burn to USB this is a live OS then it can hunt down the malware
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by niteninja1)
    Try malewarebytes

    If not download knoppix and burn to USB this is a live OS then it can hunt down the malware
    There is no need bothering replying to thid thread, the guy ran a scheduled task to delete the contents of C drive at boot deleting system volume information aling with all file in C drive meaning that the computer will not boot at all
    • Very Important Poster
    Online

    19
    Very Important Poster
    What guy? The person in charge of the malware?
    He has wiped your C drive?
    Were there important docs on the drive? No back up?

    You will still be able to access important docs with a file recovery utility.

    You can access more geeks on kitguru, hexus.net or toms hardware forums.
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by 999tigger)
    What guy? The person in charge of the malware?
    He has wiped your C drive?
    Were there important docs on the drive? No back up?

    You will still be able to access important docs with a file recovery utility.

    You can access more geeks on kitguru, hexus.net or toms hardware forums.
    I am getting someone else to do it. I will have to re-image then computer and put the hard drivr into an Apple Mac as Windows viruses do not carry over you Mac OS to hopefully recover my documents if they can be recovered at all!
    • Very Important Poster
    Online

    19
    Very Important Poster
    (Original post by Leggyyy)
    I am getting someone else to do it. I will have to re-image then computer and put the hard drivr into an Apple Mac as Windows viruses do not carry over you Mac OS to hopefully recover my documents if they can be recovered at all!
    No idea. Not the way I would do it, but its unsuitable to try and sort the issue out over the forum. Its all a bit unclear. Doubt you will have lost any data.
    • Thread Starter
    Offline

    0
    ReputationRep:
    (Original post by 999tigger)
    No idea. Not the way I would do it, but its unsuitable to try and sort the issue out over the forum. Its all a bit unclear. Doubt you will have lost any data.
    Okay well thank you for your help but i'm judt sad it was all just too little too late
    • Very Important Poster
    Online

    19
    Very Important Poster
    (Original post by Leggyyy)
    Okay well thank you for your help but i'm judt sad it was all just too little too late
    It doubt he has wiped your drive properly, so am confident you should be able to recover your documents. You might just have to reinstall everything.

    Anyone that knows enough about pcs might be able to get it working via a boot disc/ usb.

    First sep is to identify what malware iit was. You wont have been the only person hit, so the solution is likely online.
    Offline

    22
    ReputationRep:
    Knoppix allows you to retrieve documents and the viruses can't follow.
    Offline

    0
    ReputationRep:
    I have fixed the problem for the OP. We re-imaged it with a custom Windows 7 image. He found out he had a backup of his files taken previously to which we were able to copy back. We found out that it was a scheduled task that was configured to wipe the drive had been created along with a few other malicious actions. The OP is now subject to a full security checkup + strategic analysis to prevent it happening again.

    The OP and I are grateful for all other posts.
    • Very Important Poster
    Online

    19
    Very Important Poster
    (Original post by Cycosmon)
    I have fixed the problem for the OP. We re-imaged it with a custom Windows 7 image. He found out he had a backup of his files taken previously to which we were able to copy back. We found out that it was a scheduled task that was configured to wipe the drive had been created along with a few other malicious actions. The OP is now subject to a full security checkup + strategic analysis to prevent it happening again.

    The OP and I are grateful for all other posts.
    Thanks for the update and how fortunate for them to have a friend who could assist. Its very hard to do over the internet and I still wasnt getting a clear picture of what happened or where it came from. I suspect the OP has a good idea how they acquired it.

    Did they have a full virus and anti malware in place?
    Did you identify what the malware was?

    GJ for sorting them out. Glad it was resolved.
    Offline

    0
    ReputationRep:
    (Original post by 999tigger)
    Thanks for the update and how fortunate for them to have a friend who could assist. Its very hard to do over the internet and I still wasnt getting a clear picture of what happened or where it came from. I suspect the OP has a good idea how they acquired it.

    Did they have a full virus and anti malware in place?
    Did you identify what the malware was?

    GJ for sorting them out. Glad it was resolved.
    Hi,
    The OP obtained some files off a Torrent site (I have already discussed the ethics with him regarding this, and has now promised to stop) and believes they obtained "something" from there. It may well have been a SAAS application, as he doesn't recall having his computer "taken over" at any point i.e. when he was using it as that would allow scheduled tasks to be created remotely through a command line.

    The computer was, when I received it completely unbootable and wasn't able to boot into any recovery options or even get it to recognize any system volume information for the OS. I think a script must of landed on his drive at some point, basically wiping the drive as much as his Admin permissions permit. If your aware of Security permissions within Windows, some folders/files can't be deleted as they are owned by "TrustedInstaller".

    Sadly using some syntax' within command prompt is enough to wipe the drive enough that it can become un-bootable without removing the files.

    The OP is running Sophos Endpoint Security and Control, full enterprise grade Anti-Virus as I have a license for it. We PXE booted the machine into my deployment server at home and it was re-imaged in about 25 minutes.

    There wasn't any anti-malware installed as the free version of Malwarebytes doesn't have on-access scanning. I may write a script to start the application to do this and create a scheduled task if I can figure out the switches for it. That's a task, although I don't suppose I'd be licensed to distribute it as it circumvents one of the features of Premium?

    Thanks again,

    Tom
    Offline

    19
    ReputationRep:
    (Original post by Leggyyy)
    Hi,

    Tonight I recieved an email from a temporay email adress and they are claiming to have information about me knowing I have been torrenting from KAT even though they are down. If anyone knows how to help please help! Also they are threatening to release information about me snd if it helps they are Spanish.

    Thanks
    Not relevant but your username is my cat's name
    • Very Important Poster
    Online

    19
    Very Important Poster
    (Original post by Cycosmon)
    Hi,
    The OP obtained some files off a Torrent site (I have already discussed the ethics with him regarding this, and has now promised to stop) and believes they obtained "something" from there. It may well have been a SAAS application, as he doesn't recall having his computer "taken over" at any point i.e. when he was using it as that would allow scheduled tasks to be created remotely through a command line.

    The computer was, when I received it completely unbootable and wasn't able to boot into any recovery options or even get it to recognize any system volume information for the OS. I think a script must of landed on his drive at some point, basically wiping the drive as much as his Admin permissions permit. If your aware of Security permissions within Windows, some folders/files can't be deleted as they are owned by "TrustedInstaller".

    Sadly using some syntax' within command prompt is enough to wipe the drive enough that it can become un-bootable without removing the files.

    The OP is running Sophos Endpoint Security and Control, full enterprise grade Anti-Virus as I have a license for it. We PXE booted the machine into my deployment server at home and it was re-imaged in about 25 minutes.

    There wasn't any anti-malware installed as the free version of Malwarebytes doesn't have on-access scanning. I may write a script to start the application to do this and create a scheduled task if I can figure out the switches for it. That's a task, although I don't suppose I'd be licensed to distribute it as it circumvents one of the features of Premium?

    Thanks again,

    Tom
    Thanks for the detailed explanation. You know far more than I do. Hope hes buying you a few pints.
 
 
 
Reply
Submit reply
Turn on thread page Beta
Updated: November 3, 2016
The home of Results and Clearing

4,854

people online now

1,567,000

students helped last year

University open days

  1. Bournemouth University
    Clearing Open Day Undergraduate
    Fri, 17 Aug '18
  2. University of Bolton
    Undergraduate Open Day Undergraduate
    Fri, 17 Aug '18
  3. Bishop Grosseteste University
    All Courses Undergraduate
    Fri, 17 Aug '18
Poll
A-level students - how do you feel about your results?

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.