Sodin Ransomware uses Cve-2018-8453 Vulnerability to penetrate your security

When the ransomware is done encrypting your files, it leaves a mc9530-readme.txt file with instructions in every folder:

Everyone knows that the Internet is a place where one can run into all kinds of hazardous virus programs. In today’s article, we will talk about one really problematic and difficult to handle form of virus which researchers tend to call Ransomware. This sort of viruses is very hard to handle since they differ greatly from all other versions of malware. In order to illustrate how they operate, we will take as an example one of their latest representatives which goes under the name of Sodin Ransomware. What the Sodin Virus does once it gets inside the computer is it renders inaccessible the victim’s data by using a highly-advanced encryption code. Immediately after the encryption takes place, the user is blackmailed into paying a ransom if they wish to obtain the key that is supposed to enable them to re-access the encryption-locked files. Details on how exactly to execute the ransom payment are generally given within a pop-up message which gets generated by the Ransomware as soon as the file encryption procedure has ended.

For those of you who have already stumbled upon this nasty malware piece, we’ve created a special removal guide which explains how to deal with the infection and how to remove it.

Risks of Sodin Ransomware

At the beginning of this article we said that Ransomware is not an ordinary type of malware and operates quite differently than most other kinds of computer threats. This is mainly because the Ransomware uses the method of file-encryption, which is generally non-harmful and commonly used data-protection method, to cause great harm to the users. What makes this malware type especially popular with cyber-terrorists is also the fact that most security programs usually don’t recognize the file-encryption processes as something malicious and, therefore, don’t take actions against it. In addition, virtually no warning signs are caused by this type of process and it is really tricky to detect and intercept it.

Removing Sodin Ransomware manually

As we would like to stop you from making a mistake that may cost you a lot of money, we are going to tell you why paying the ransom to the hackers behind Sodin Ransomware, .Besub, .Litar (or any other Ransomware) is perhaps not the most advisable “solution”.  Naturally, the criminals that are blackmailing you really want you to send them the money and they are determined to do their best to convince you to follow their instructions. Typically, they promise to send you a special decryption key that is stored on their servers with the idea of “helping” you to regain access to your encrypted files. They also may give you a short deadline and may threaten to destroy that key if no ransom is paid within the given time. However, trusting the criminals and hoping that they will fulfill all of their promises once you give them your money is quite risky. Moreover, there is always a bothering possibility of paying the ransom and not obtaining anything in return. Not to mention that giving money to anonymous hackers is a direct form of sponsorship to their criminal practice. For this reason, what we would recommend is to opt for legitimate methods and alternatives that could help you remove the Sodin Virus and restore your files by other means. You can start by reviewing all potential solutions and ways to handle the Ransomware and give all of them a try, leaving the ransom payment as a final option if all else fails.

SUMMARY:

[add_third_banner]

Remove Sodin Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Sodin

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Sodin.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Sodin , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Sodin

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Sodin Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Sodin Decryption

The previous steps were all aimed at removing the Sodin Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Sodin Ransomware (+File Recovery) appeared first on Malware Complaints.

The representatives of the Trojan Horse malware category are definitely some of the more dangerous computer threats that you can face on the Internet and Cve-2018-8453 is among the newest additions to this malicious family. One important thing that maybe not many users realize is that the Trojan infections aren’t a danger exclusive to PCs – there are Mac Trojans out there as well and, as a matter of fact, their numbers have been increasing exponentially throughout the past few years, and especially throughout the past few months. So, regardless of what your Operating System is, you should really be careful against this sort of malware threats because the problems that they may lead to could oftentimes be pretty serious.

Is Cve-2018-8453 dangerous?

 To give you a general idea about some of the things threats like Cve-2018-8453 Vulnerability can be used for, a Trojan may be able to take over your computer in a covert way, without you even realizing that there’s anything wrong with the machine. After it does this, it may force your computer to use all of its RAM, GPU and CPU to mine BitCoin that gets directly sent to the criminal behind the infection. Many Trojans have huge botnets under their control – those are networks of computers infected by the Trojan that are remotely controlled by the hacker and used for various purposes. BitCoin mining is only one of the possibilities. Other things that such botnets may be used for is DDoS attacks, further distribution of malware (the same Trojan or some other infection), spam messaging and even rigging of online polls.

 In other instances, Trojans the likes of Cve-2018-8453, Bearfoos or Idle Buddy may adopt a more secretive and stealthy approach and operate silently in your machine, keylogging everything you type on your keyboard in order to obtain your online usernames and passwords. Needless to say, if any such information falls into the hands of the hackers, all hell could break lose – the online criminals may blackmail you, harass you or even directly drain your banking accounts without you having any idea about what has happened. The terror doesn’t end here but we can’t really go over all the possible ways in which a Trojan Horse may mess with you and with your computer.

 In the case of Cve-2018-8453 Vulnerability, since it is a newly released threat and there is still much research to be done, we can’t say with certainty what its end goal is. What we can say with certainty, however, is that you should definitely act to remove the malware from your machine without wasting any time. The longer this virus stays in your computer, the greater the chances of it managing to cause some irreversible harm. Hopefully, with the guide that we have included under this article, you should have no problem eliminating the insidious Cve-2018-8453. If, for some reason, the manual steps presented in the guide are not enough to rid your computer of the nefarious malware program, know that you can also try out the recommended malware-removal program that we have linked in the guide.

SUMMARY:

[add_third_banner]

Remove Cve-2018-8453 Vulnerability

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Cve-2018-8453

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Cve-2018-8453.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Cve-2018-8453 , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Cve-2018-8453

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Cve-2018-8453 Vulnerability. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

The post Remove Cve-2018-8453 Vulnerability appeared first on Malware Complaints.

BlackSquid Malware is a very stealthy computer infection, created by hackers with malicious intentions. The purpose of this malware is to secretly sneak inside your computer without showing any symptoms and to start launching different harmful activities in the background. If not detected and removed on time, BlackSquid might have fatal consequences for your system. For instance, it may mess with your files and the software that you have installed on your PC, as well as introduce some unwelcome and potentially harmful modifications in your settings and in the way the system operates. Such malware may also replace certain system components and install other ones that may damage the computer.

It is typical for most Trojans to perform activities that allow their creators to establish remote access to the infected computer or to secretly steal data from it. Generally, the types of harm caused by infections like BlackSquid may include online fraud, theft of important or confidential data, credit or debit card fraud, online banking attacks, draining of bank accounts, theft of identity, espionage and more. Unfortunately, it is very difficult to predict what exactly the malware can do while inside the computer because a given Trojan may be used differently in different situations depending on what the hackers behind it want to accomplish.

Nowadays, such infections are oftentimes used to insert other malware in the system and to create security holes which can be exploited by Ransomware, Spyware or other viruses.  Another common use of Trojans is related to their ability to turn the infected machine into a bot and use it to spread spam and malware. Additionally, an infection like BlackSquid and  Cve-2019-0708 BlueKeep may be designed to steal specific information, keep track of your keystrokes, hack into your webcam and mic and collect details that could later be used for blackmail and personal harassment purposes. That’s why it is highly recommended to remove such threats as soon as you detect them and thus block their attempts to cause even more harm.

Unfortunately, detecting a Trojan Horse can be a real challenge, especially for those of you who have never dealt with this type of malware in the past. The reason is, advanced infections like BlackSquid typically don’t show any obvious symptoms of their presence and try to remain undetected inside the system for indefinite periods of time. Therefore, if you rely only on being observant, you may not notice anything unusual unless some actual damage occurs as a result of the Trojan’s activity. If you have an updated and reliable security tool, however, you may have a better chance at catching the infection on time and preventing it from messing up your PC (or Mac). That’s why we always advise our readers to invest in professional software protection and run regular scans of the system to keep it safe and sound. If the antivirus is not able to deal with an infection like BlackSquid (yes, some advanced Trojans may have the ability to block security programs), here we have prepared a manual removal guide that you are advised to use. It contains instructions that when followed may help you remove the Trojan and all of its traces. Also, you can find a professional removal tool for quick automatic detection in the guide in case the antivirus that you currently have isn’t effective against this particular infection.

BlackSquid SUMMARY:

[add_third_banner]

Remove BlackSquid Malware Exploit

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to BlackSquid

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the BlackSquid.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and BlackSquid , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – BlackSquid

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to BlackSquid Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

The post Remove BlackSquid Malware Exploit appeared first on Malware Complaints.

If a Trojan Horse named Win.Exploit.CVE_2019_0903-6966169-0 has recently attacked your computer, there’s no time to wast – you ought to take immediate measures against this malware piece and find a way to remove it from your system before it has fulfilled its nefarious tasks. Speaking of the task of this infection, we can’t really tell you the exact goal that it may be after. This Trojan is a rather new representative of its respective malware family and the information about it is still not sufficient enough. These types of malware programs are unlike other kinds of malware in the sense that their abilities may be highly varied and multi-functional. Other threatening malware programs like Ransomware or Rootkits usually have their purposes limited to only one or two tasks that those infections are supposed to complete. For instance, a Ransomware cryptovirus would use its advanced encryption to make its victim’s data inaccessible and would then request a payment for the locked data’s liberation – but it wouldn’t normally do anything else. A Rootkit, too, would only be used to complete a single goal, that goal being to block the user’s security software. Aside from that, it wouldn’t do much else. With Trojans like Win.Exploit.CVE_2019_0903-6966169-0, Cve-2019-0708 BlueKeep, however, things tend to be rather different – these infections are well known for how versatile they can be and how many different types of harm they may be able to cause. To give you an idea about just how multi-functional a Trojan might be, here is a short list of some of the more common uses of this type of infections:

• A Trojan could have the ability to impose remote control over any machine that it attacks and make it a part of its massive botnet of compromised machines. The computers from the botnet could be used for large-scale criminal tasks like Denial of Service attacks, cryptocurrency mining, spam online message campaigns and many more.
•  Some Trojans are basically tools similar to Spyware in the sense that they can monitor your virtual activities and then report the gathered information to their creators. Needless to say, the acquired info could then be used in all kinds of insidious ways.
•  A big number of Trojan Horse infections are used as tools for backdooring Ransomware and other infections inside the computers of the users they have attacked. In such cases, it is the delivered infection that usually carries out the main criminal task, with the Trojan being a secondary threat.
•  Since the examples above were only that, examples, there could be many, many more potential ways in which Win.Exploit.CVE_2019_0903-6966169-0 Virus or another similar infection could be used by its makers.

Removing Win.Exploit.CVE_2019_0903-6966169-0 Virus manually

We hope that the guide we have prepared and included in this post will be enough to allow those of our readers with Win.Exploit.CVE_2019_0903-6966169-0 Virus in their machines remove the invasive malware. In case you need extra help with the removal, you may want to check out the anti-malware program we have linked on this page and know that you can also write us a comment in case you have any questions related to Win.Exploit.CVE_2019_0903-6966169-0 and its removal.

SUMMARY:

[add_third_banner]

Remove Win.Exploit.CVE_2019_0903-6966169-0 Virus

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Win.Exploit.CVE_2019_0903-6966169-0

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Win.Exploit.CVE_2019_0903-6966169-0.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Win.Exploit.CVE_2019_0903-6966169-0 , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Win.Exploit.CVE_2019_0903-6966169-0

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Win.Exploit.CVE_2019_0903-6966169-0 Virus. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

The post Remove Win.Exploit.CVE_2019_0903-6966169-0 Virus appeared first on Malware Complaints.