An HTML and computer securIty question

In summary: Links and downloads should be treated with suspicion. To be on the safe side, you can google any new site you are thinking about visiting before you do. And if you do get infected, remember that there is help available.
  • #36
.
Borg said:
You can also open a command window and type "ipconfig /renew". That should force it without shutting down the router. To verify, type ipconfig before and after to see what your address is. You can also go to this website to verify it - http://whatismyipaddress.com/.

the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.
 
Technology news on Phys.org
  • #37
mech-eng said:
.the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.
First one: your public IP address (assigned by ISP)
Second one: internal one assigned by router.
 
  • #38
mech-eng said:
.the website whatismyipaddress gives: 78.17*.7*.1** as IPv4
But when I write ipconfig /renew in the command prompt 192.16*.1.3* as IPv4 again
Why are these two different?

Thank you.
StevieTNZ is correct about the internal address. You can also type ipcong /all to see everything about your ip addresses.
The ipconfig / renew command tells your ISP to give you a new ip address. When you go back to the whatismyipaddress site after the renew command, is your address different from what it was before?
 
  • #39
In the norton forums, they think that there is a malware in my PC and recommend that I should refer to a free malware cleaning website. But this situation confuses me because are malwares a different situation for antiviruses? Attacks continued until the morning but now they finished.
 
  • #40
Borg said:
The ipconfig / renew command tells your ISP to give you a new ip address. When you go back to the whatismyipaddress site after the renew command, is your address different from what it was before?
I doubt it would change, if it is a static IP assigned by the ISP. If it's a dynamic one, then that method may work in changing the IP without powering off then on the modem for a few minutes.
 
  • #41
mech-eng said:
In the norton forums, they think that there is a malware in my PC and recommend that I should refer to a free malware cleaning website. But this situation confuses me because are malwares a different situation for antiviruses? Attacks continued until the morning but now they finished.
Try the 30-day trial period of this: https://www.emsisoft.com/en/software/antimalware/

I have that product, which runs in the background in conjunction with G Data Total Protection.
 
  • #42
StevieTNZ said:
I doubt it would change, if it is a static IP assigned by the ISP. If it's a dynamic one, then that method may work in changing the IP without powering off then on the modem for a few minutes.
AFAIK, most ISPs do not assign static addresses so it's a good bet that it would work. While I have had mine for a long time (years), I have changed it with this method in the past.
 
  • #44
DrZoidberg said:
It sounds like Cryptxxx. There is some information about it on the kaspersky website. They also have a tool for decrypting the files. https://blog.kaspersky.com/cryptxxx-ransomware/11939/

I have downloaded the tool to decrypt the files but It is not an .exe file, it's extension is numbers: rannohdecryptor.1462103186. How can I install this application? Even Windows cannot determine it and asking me to choose an application to open it.

Thank you.
 
  • #45
If you go to that site and click on "download" you get an exe. I don't know why your file has that number at the end. You could try downloading it with a different browser. Maybe it will work if you just change the ending of the file to exe manually.
 
  • #46
There is a problem. I started it. Click on scan and after choosing the file I saw this:
kasp.png


How can I precede at this stage?

Thank you.
 
  • #47
The program needs at least one original unencrypted file to figure out the encryption key. Since you have a backup of most of your files that shouldn't be a problem.
After you started rannohdecryptor, you first give it an encrypted file and then the original version of that same file and then it will start decrypting all the files on your computer.
Btw. The file you give it should be as large as possible. So pick the largest file you have a backup of.
 
  • #48
DrZoidberg said:
The program needs at least one original unencrypted file to figure out the encryption key. Since you have a backup of most of your files that shouldn't be a problem.
After you started rannohdecryptor, you first give it an encrypted file and then the original version of that same file and then it will start decrypting all the files on your computer.
Btw. The file you give it should be as large as possible. So pick the largest file you have a backup of.

Now the scan is in progress, will it open turn encrypted ones into original form or it will re-form originals without deleting encrypted ones?

Thank you.
 
  • #49
Depends on whether you selected "Delete crypted files after decryption".
 
  • #50
DrZoidberg said:
Depends on whether you selected "Delete crypted files after decryption".

How can I see that feature and how can I start that program without using installation file everytime. I click on win key and write kaspersky but nothing appears?
Thank you
 
  • #51
mech-eng said:
In the norton forums, they think that there is a malware in my PC and recommend that I should refer to a free malware cleaning website. But this situation confuses me because are malwares a different situation for antiviruses? Attacks continued until the morning but now they finished.
I have great luck with Safer networking S&D forums give them a try.
 
  • #52
Hey mech-eng,
Be very careful with moving data between this computer and another device. Often, these infections have the capacity to infect usb drives as well as a means to spread. Disable USB autoplay on all your computers as a precaution. If you have file sharing enabled on your computers, disable it as well to protect the rest of your network.

The suggestions provided here are good, hopefully you were able to recover your files with the tool you were using.

Going forward, do not use the computer even if you were able to recover your data and the antivirus gives you the all clear. There is always the chance that a root kit was also installed in which case the system maybe hiding stuff from you and your antivirus.

I very strongly recommend that you do a full wipe and reinstall Windows before you resume normal work on this computer.
 
  • Like
Likes StevieTNZ
  • #53
Routaran said:
Hey mech-eng,
Be very careful with moving data between this computer and another device. Often, these infections have the capacity to infect usb drives as well as a means to spread. Disable USB autoplay on all your computers as a precaution. If you have file sharing enabled on your computers, disable it as well to protect the rest of your network.

The suggestions provided here are good, hopefully you were able to recover your files with the tool you were using.

Going forward, do not use the computer even if you were able to recover your data and the antivirus gives you the all clear. There is always the chance that a root kit was also installed in which case the system maybe hiding stuff from you and your antivirus.

I very strongly recommend that you do a full wipe and reinstall Windows before you resume normal work on this computer.
I concur with what Routaran has said.
 
  • #54
Routaran said:
Going forward, do not use the computer even if you were able to recover your data and the antivirus gives you the all clear. There is always the chance that a root kit was also installed in which case the system maybe hiding stuff from you and your antivirus. I very strongly recommend that you do a full wipe and reinstall Windows before you resume normal work on this computer. .

Hi, for above, what does "antivirus gives you the all clear" refer to and "system maybe hiding stuff" refer to and "do a full wipe" refer to?

Thank you.
 
  • #55
mech-eng said:
Hi, for above, what does "antivirus gives you the all clear" refer to and "system maybe hiding stuff" refer to and "do a full wipe" refer to?

Thank you.
antivirus gives you the all clear: When you do scans on your system, the antivirus reports that no infections found.

system maybe hiding stuff: Rootkits are specialized programs that may be bundled with malware which are meant to literally hide programs on the system. They reside in the kernel (the program that directly interacts with the hardware on the computer) and then filter out information to hide their existence from the operating system. So if you were to search for the rootkit, it won't show up. These are the most dangerous type of malware because you will have no evidence that they even exist on the system.

do a full wipe: I suggested this because after an infection occurs on the system, there's always a possibility that the malware may have also installed a rootkit. Because cryptolocker variants require time to encrypt all the data on a system, this infection must have been present on the system for some time. As a result, if it was my system, i would not be able to trust that a rootkit wasn't also installed. these infections often install backdoors as well allowing others to install things like rootkits. I would do a wipe once i knew i had all the data i could recover.
A full wipe means formatting your computer's hard drive (this erases absolutely everything from the computer including any rootkits that may be present) and then reinstalling windows from scratch.

After a wipe and reinstall of windows, then I'd be fairly certain that the system can be trusted when the antivirus says that there are no infections.
 

Similar threads

Replies
2
Views
1K
Replies
7
Views
3K
Replies
5
Views
708
Replies
1
Views
2K
Replies
12
Views
9K
Replies
7
Views
3K
Replies
4
Views
2K
Replies
5
Views
2K
Back
Top