- Joined
- Feb 27, 2008
- Messages
- 8,744 (1.48/day)
System Name | OrangeHaze / Silence |
---|---|
Processor | i7-13700KF / i5-10400 / |
Motherboard | ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard |
Cooling | Corsair H75 / TT ToughAir 510 |
Memory | 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600 |
Video Card(s) | Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb |
Storage | Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb |
Display(s) | 22" Dell Wide/24" Asus |
Case | Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue |
Audio Device(s) | SB Audigy 7.1 |
Power Supply | Corsair Enthusiast TX750 |
Mouse | Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum |
Keyboard | K68 RGB — CHERRY® MX Red |
Software | Win10 Pro \ RIP:Win 7 Ult 64 bit |
So, a client called this morning with my worst nightmare: "There's this crypto thing on my computer. What do I need to do?" Small company, and really nice guy. I've heard this story before, but it was false alarms, so I'm not overly stressed.
He brings the laptop, and I start it up in safe mode, command prompt, playing it safe. No mouse or keyboard control. Ok, try again, no luck, with an external mouse. Fine. Safe mode. No change... Great. Ok, I use a thumb drive to bypass the MBR, and bring it up normal mode. the background is covered with "CTB_Locker", and I get a small frisson of dread.
I tell him I'll update asap, and head for my PC. Sure enough, that's a bad thing. And, his A/V caught it afterwards, so it could be even worse... Nope, this one's got a failsafe, and if your antivirus cleans it, it does allow you one chance to hop on TOR, and pass a key to their server for payment options. Great. Ok, he has backups, I checked it several weeks back. I call, and he brings it over.
The backup hasn't run since not long after the last time I was over. Great. That's a month and a half of data lost. I run the recovery. “The backup file contains unrecognized data and cannot be used”. The small frisson turns into "Oh, fvck me. " At this point, attempting a repair tool called NTbkup, and being not-very-hopeful. The last time I had the laptop in-house, I made a full image, but that's over a year ago. This is not going to end well....
He brings the laptop, and I start it up in safe mode, command prompt, playing it safe. No mouse or keyboard control. Ok, try again, no luck, with an external mouse. Fine. Safe mode. No change... Great. Ok, I use a thumb drive to bypass the MBR, and bring it up normal mode. the background is covered with "CTB_Locker", and I get a small frisson of dread.
I tell him I'll update asap, and head for my PC. Sure enough, that's a bad thing. And, his A/V caught it afterwards, so it could be even worse... Nope, this one's got a failsafe, and if your antivirus cleans it, it does allow you one chance to hop on TOR, and pass a key to their server for payment options. Great. Ok, he has backups, I checked it several weeks back. I call, and he brings it over.
The backup hasn't run since not long after the last time I was over. Great. That's a month and a half of data lost. I run the recovery. “The backup file contains unrecognized data and cannot be used”. The small frisson turns into "Oh, fvck me. " At this point, attempting a repair tool called NTbkup, and being not-very-hopeful. The last time I had the laptop in-house, I made a full image, but that's over a year ago. This is not going to end well....