Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Jody Thornton

Microsoft patches Windows XP to fight 'WannaCry' attacks

Recommended Posts

Easeus partition master (the software I use to make partitions in XP) is also able to decrypt Wannacrypt encrypted files.

Share this post


Link to post
Share on other sites

14 hours ago, FranceBB said:

Easeus partition master (the software I use to make partitions in XP) is also able to decrypt Wannacrypt encrypted files.

Hmmm. :dubbio:

Have you actually tested it?

Or actually READ what the actual authors wrote?

http://www.easeus.com/data-recovery/recover-decrypt-wannacrypt-encrypted-files.html

Quote


Yes, it's proven to be possible to recover WannaCrypt encrypted files, only make it clear that we're not talking about the 'encrypted' but 'original' files that were deleted by the ransomware after it finished the encryption.
 

And later:

Quote

We've explained how EaseUS Data Recovery Wizard works and rescues the files that were encrypted by WannaCrypt ransomware virus, and you must notice that deleted files recovery is simple, easy and fast, however, not including the situation in which new data has overwritten the deleted items.

Let's pray your deleted files has not been overwritten yet, so EaseUS recovery tool will do it best to help you make through the hardtime, and maximumly reduce your pain and loss.

In plain English:

Easeus software DOES NOT DECRYPT ANYTHING.

IF (and only IF) the original files, deleted after a new corresponding encrypted file was created by the malware, were NOT OVERWRITTEN, then MAYBE the software (just like ANY other deleted files recovery software) can recover the original file.


 

Obviously on a filled to the brim filesystem chances of this recovery are 0% or very near to 0%, while on an almost empty filesystem they may reach something relevant (my guess would be something like 15%, maybe 25% I doubt more than that), and clearly if you have (like it is normally on windows 7) an automatic/scheduled defrag and it has run in the meantime your chances are again tending to very low (unless - maybe - all the files were contiguous before the encryption and you can use direct carving with success, but losing paths and filenames).

jaclaz


 

Share this post


Link to post
Share on other sites

In the very few past hours, eBay and Paypal show the same symptoms of bad operation as during the two last attacks by Wannacrypt and its successor.

Just in case a new wide attack has started, take your precautions!

Share this post


Link to post
Share on other sites

SMB 1 vulnerability isn't a threat if u have a firewall that blocks that port.  I think the basic firewall that comes with XP blocks it and any decent router should by default.  It's a non issue.

Share this post


Link to post
Share on other sites

I have disabled the SMB1 protocol.

Others do what's best for them.

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
1 hour ago, Sampei.Nihira said:

I have disabled the SMB1 protocol.

Others do what's best for them.

 

Good :) (both for you and for the others).

What I was missing (and still miss :dubbio:) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about :unsure:.

Most probably there is one (or more than one), but I failed to understand what this/these is/are.

jaclaz

  • Upvote 1

Share this post


Link to post
Share on other sites

The biggest threat to a computer are not its vulnerabilities, it's the person using it.  Unfortunately there's no way to patch human beings.

Share this post


Link to post
Share on other sites
18 hours ago, jaclaz said:

Good :) (both for you and for the others).

What I was missing (and still miss :dubbio:) is any connection(s) with the WannaCry/Wannacrypt patch Microsoft issued for XP wihich this thread is about :unsure:.

Most probably there is one (or more than one), but I failed to understand what this/these is/are.

jaclaz

WannaCry uses the EternalBlue exploit.

https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue

Share this post


Link to post
Share on other sites

Actually, I do not understand why an old barrel is reopened. For this problem, there were even official updates for Windows XP sp3 (users who received the updates for POSReady 2009, got updates a little earlier)! 

Currently KB4012598 has been replaced by KB4041995 from 10/05/2017!

:)

Share this post


Link to post
Share on other sites
2 hours ago, heinoganda said:

Actually, I do not understand why an old barrel is reopened.

Well, that's because some users are actualy supermegaueberultraparanoid... :yes:
And, to those users I'd like to inform that tin hats have been deprecated for almost 20 years, already: cutting-edge tech is velostat, now.

Share this post


Link to post
Share on other sites
1 hour ago, dencorso said:

Well, that's because some users are actualy supermegaueberultraparanoid... :yes:

Well, I'm worried because so many old barrels can also have an unpleasant content. The following example shows fish specialty from Sweden.

:yes:

Edited by heinoganda
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...