Jump to content

Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

 

Please note: Unfortunetely due to some server side issues, registration via Hotmail / Outlook email addresses do not work, members are requested to use some other email addresses like Gmail to register here.


The search index is currently processing. Activity stream results may not be complete.

All Activity

This stream auto-updates     

  1. Past hour
  2. How fast is your internet speed?

  3. I have the WbemPerf registry key but it is Empty. There is not any kind of 001,002,003,004 and HBP registry key. I don't have any of these Files in my system. Maybie because i use Shandow Defender and i have my system update. But for good...i will do right now a Format. Not a big deal...
  4. myFFmpeg 3.1.2

    Im a huge fan of xmedia recode http://www.xmedia-recode.de/en/index.html Its free
  5. This comment is useful: Cigologic September 23, 2017 at 3:19 am # @Emrah -- There is a possibility that the hackers could have coded the trojan to trigger different batches of infected PCs call home & download additional 3rd/4th etc. malicious payloads at different time periods. Exactly when one gets "called up for service" may depend on one's "usefulness" profile, geographic region, IP address, WIn OS version, etc. So for Stage 1, if your WbemPerf registry key is empty, it merely means that you might be safe where Stage 1 is concerned. Since the hacker-suspects are known to be very sophisticated, there might be further stages of deployment for infected machines. Stage 2 Symptoms: Since you are using Win 10 x64 (home PC presumably), you may wish to check if the following DLL files exist on your system & if they are legitimately signed: A) TSMSISrv.dll (signed by: Microsoft) VirtCDRDrv.dll (signed by: Corel Inc.) C) localspl.dll (signed by: Microsoft) Files A & B probably shouldn't exist on a home (non-server) version of Win OS, & if you have never installed any Corel-related software. If you have File C (the legit file itself is related to Windows printer spooler), make sure that it is digitally signed by Microsoft, & that the signing date isn't too recent. If any of the above files exist AND are not signed, they are malicious FAKE files generated by the Floxif trojan, & their presence likely implies a Stage 2 infection. Note: The above is all that is publicly known at this point in time (as of 21/22 Sep 2017), for investigations are incomplete, So it can't be discounted that there could be future stages of deployment involving other infected files. In case of any signs of infection, stop using the PC immediately, & get the HDD formatted before fresh-installing Win OS. Use a different user login password for the new Win OS install, & make sure to carefully scan whatever backup files you might be transferring to the new install. In addition, after making sure that your PC/ new install is not infected, change all your offline & online passwords ASAP. Regardless of whether one's PC currently exhibits infection symptoms or not, as long as one has used the trojan-compromised version of CCleaner, it is best to practise vigilance during the upcoming weeks or even months. An analogy would be to treat this malware episode like how one might monitor an infectious biological epidemic involving unknown pathogens with unpredictable behaviours. Good luck & keep safe always
  6. Or you see I take me for the big leader. I can say the same thing to you then. It's that you call ; personally insult and criticize. Then treat me: It's then ; personally insult and criticize.
  7. You have the Agomo key? If yes delete it. HKLM\SOFTWARE\Piriform\Agomo. Unless you are some of the company this people were after, the second stage payload didn't download at all. Check also this: Talos Group found evidence that the attack was more sophisticated, as it targeted a specific list of domains with a second payload. singtel.corp.root htcgroup.corp samsung-breda samsung samsung.sepm samsung.sk jp.sony.com am.sony.com gg.gauselmann.com vmware.com ger.corp.intel.com amr.corp.intel.com ntdev.corp.microsoft.com cisco.com uk.pri.o2.com vf-es.internal.vodafone.com linksys apo.epson.net msi.com.tw infoview2u.dvrdns.org dfw01.corp.akamai.com hq.gmail.com dlink.com test.com https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/ They were after big guys, didn't care about normal users at all. The 32-bit trojan is TSMSISrv.dll, the 64-bit trojan is EFACli64.dll. Identifying Stage 2 Payloads The following information helps identify if a stage 2 payload has been planted on the system. Registry Keys: HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\002 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\003 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\HBP Files: GeeSetup_x86.dll (Hash: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83) EFACli64.dll (Hash: 128aca58be325174f0220bd7ca6030e4e206b4378796e82da460055733bb6f4f ) TSMSISrv.dll (Hash: 07fb252d2e853a9b1b32f30ede411f2efbb9f01e4a7782db5eacf3f55cf34902 ) DLL in Registry: f0d1f88c59a005312faad902528d60acbf9cd5a7b36093db8ca811f763e1292a Stage 2 Payload: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83
  8. Impulse Music Player Pro v2.0.1 Apk

    Dead links... None of them is working..
  9. ًWhy did you say that.? Now they know about you and they will came for your web Banking.!!
  10. [JOTD] Joke of the day

    Recently scientists revealed that beer contains small traces of female hormones. To prove their theory, the scientists fed 100 men twelve bottles of beer each. The scientists observed that 100% of the male test group gained weight, talked excessively without making sense, became emotional, and couldn't drive. No further testing is planned.
  11. @EagleEye i can't find my old post after the forum update so i'll post one more time. http://anywhere.webrootcloudav.com/zerol/wsabarclayscen.exe it's official link to 314 days Webroot Cloud AV,great for online banking.if something wrong with your system-it will show immediatelly. previously delete your currient AV & clean registry & hidden folders.
  12. My friend, i am not in any panic...but we must know which was the damage. It is only in ccleaner files or the app can infected other files of my system? In my pc i use Web Banking...so i must know...don't you think?
  13. myFFmpeg 3.1.2

    some more info High Quality and Control Convert and processes many media files with high level quality using FFmpeg with no knowledge.Advanced users are not left out in the cold with lots of options to work with. Media Formats Support for many codecs and containers like MPEG4, H264, H265 HEVC, Matroska, PRORES, DNxHD, DVVideo, MPEG TS, MPEG PS, XAVS, FLV, Theora, AVI, OGG, VP8 & VP9 (.webm), Animated GIF, VOB, MXF, GFX and many more.. Merging media files Stitch unlimited files to one file. Two methods : Concat passthru (blistering fast) and Complex Filter. Subtitles support Both hardburn subtitles and soft subtitles are supported (External or Embedded). Presets A lot of presets are included by default: iPod, iPad, iPhone, Apple TV, PS4, Xbox One, Wii-U, Android, YouTube, Facebook, Vimeo and many more Encode multiple files at once Encode up to 8 batch at the same time
  14. How fast is your internet speed?

    a fools hv same minds(just kiddin') only one game i still playin' is online one but my ping in there isn't more than 55 if i playin' somewhere far from home,it's ok.
  15. Malwarebytes 3.2.2.2029

    So, which keygen/fix is working properly? which one I should use? can somebody please give the link?
  16. this license is Chinese,it is everywhere on the websites
  17. Date: 2017-09-23 14:00 CEST Version: 2.84c (Update profile field) Status: Beta Download Mirrors: mp3tagv284csetup.exe 2.84c (2017-09-23) FIX: runtime error when using Mp3tag on computers with older CPUs (e.g, Pentium III, Athlon XP, ...) (since 2.84b).
  18. How fast is your internet speed?

    Yes you are right @gipsy but i don't Play online games any more for a long time now and that's why i changed my 2giga fiber optic to this tv cabel internet cuz it's cheaper and it's all i need
  19. @EagleEye c'mon man,no need to panic so much)) if u do not trust your AV-rescan your system by Emsisoft Emergency Kit & keep sleepin' well.
  20. How fast is your internet speed?

    @hacker7 not bad speed for Sweden but ping is too much imo(too big for online gaming). actually unlimited Gigabit optics inet isn't a problem in my country (approx 15 bucks for a month) but i don't see any reason to change,currient one is quite enough for my needs (almost do not usin' torrent now after i bought a tv box).
  21. [Solved] Adguard difficulties

    I did that,unthicked all Process Protection features,disabled Exploit Mitigation still wasn't launching AnVir,I had to quit HMPA. I added to WAR's whitelist AnVir,but still was blocked,I quit this too. So,after quitting both HMPA and WAR was able to launch AnVir from desktop.
  22. myFFmpeg 3.1.2

    Focused on simplicity, myFFmpeg brings a fresh approach to use FFmpeg, to create ultra high quality movies without the need to write one single command-line code. HomePage Keygen By Shadow Mask
  23. Today
  24. Dear comrade (Chief God in the world), I have exactly the same right to say my opinion or recommendation like you have. You are not the only one and the Chief God in the world. And if you've read the forum guidelines at random, you might know, that here is not the place to personally insult and criticize others, but rather a place to discuss about computer software and problems.
  25. @Astron Title needs to be updated to HotspotSheild 7.1.3 file name is now HotspotShield 7.1.3-12832209
  1. Load more activity
×