Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Let's start a new sub: Survivors of ADAME ransomware attacks

10 Oct 2019   #1
XweAponX

Windows 7 (My Idea)
 
 
Let's start a new sub: Survivors of ADAME ransomware attacks



I've been using computers since 1989. Started with DOS 3.0 and Machine Basic on an old IBM PC-XT 8088 with the 8086 Match Coprocessor.

I've seen computers develop over the years, so that now there are systems with two 28-core CPUs making a 56-core system with multiple 32-GB Ram Cards. I've even experienced this progress firsthand when I built a Ryzen 5 system for a friend- With only 8GB of Ram, the CPU Itself had better 4K graphics than my Geforce GTX 750 Ti and its 2GB of GDDR5 Ram.

But while Computers and Operating systems have progressed, so have VIRUSES.

What's the Old Man on about, is what you are asking?

Last week I was watching Season 9 of Perry Mason on my Apple TV 4K*, counting down to Episode 21, the only colour episode of the series, "The Case of the Twice Told Twist". But instead of my PLEX server automatically starting playback of the next episode, suddenly I was faced with the Signature "Apple Spinner" and no video signal.

No Problem, I thought, the system where my Perry Mason DVD rips were (note: were) stored was my old ASUS M2N system, which notoriously hangs up all the time or BSOD's or some failure. But when I flipped over to that system, I was confronted with a Desktop populated with files ending with "ADAME". The whole drive was ADAME files.I don't even know how the OS was still running. At first I thought that this virus was simply renaming the files, but it was also ENCRYPTING the files. So most of the files on my storage PC were lost.

Looking at the system FS, I could see how the virus was jumping from folder to folder to the next drive and then into my Apple Time Capsule where it infected THOSE files (mac files on a mac partition, so MACs are not immune to this cack).

The first thing to do was find the process that was doing this, I found it easily, but that's when I flipped back to my Main PLEX server, and the damn virus was starting in on that system too!

I had to delete music and video libraries I had been collecting for YEARS. But I finally stopped the progress, I was able to catch it trying to jump into my main PC once again, but the worst damage was on my ancient Windows XP driven Pro Tools workstation (The version of PT I use has to run on XP only).

I Lost YEARS of recording sessions, mixes, video files.

But thanks to ol' Perry Mason, this ransomware would have infected every file on 3 PCs and over 10 TB of data. - And it had even started getting into my iPhone, cos I use a program called Filza which is a full Finder for iOS, and I saw it trying to get in THERE.

I don't know where I got this from, and I am always careful. But THIS version of the ransomware, Spyhunter passed right over it without detecting it. It got passed my VPN and the AV on two systems, and my AV did not even blink, it just allowed the intrusion with a how de do, please come in and delete my files.

So, these rat finks managed to finally get me. I lost ONE whole system, two whole drives on that system, and half of a 2TB WD MyBook. It ransacked 80gb on a 160gb Windows XP System drive, it DEVOURED about 300gb on a 750gb drive where I had recording sessions stored. Then it got in to my main PC and it literally erased most of the files on 8 HDDs and it even chipped away on the SSD system drive. But the reason why it did not do more damnage THERE, is because I use a 2TB eSATA HDD as scratch disks for all my programs, ie, video editors, music mixing programs, Photoshop etc.

Just remember, if they can get someone as paranoid as me, they can get you too.

And as I did not lose EVERYTHING, I can start rebuilding. But I did lose about 2 TB of Programs I had been storing since the late 90's, some of which were still useful, but are totally unavailable.

Since I don't really know where this came from, and it had to be something new, and I do occasionally download old programs from Oldversion com, and sometimes I even use download com or softpedia. Majorgeeks, Afterdawn, which in the past have been relatively harmless, these SOBs that planted this, it may have been put into a popular item, maybe even into a program update.

Has anyone else in here been ADAME'd? I'd like to know how you dealt with it, and more important, what you did you do to add safeguards into your system(s) to make sure this can't get in again? What are the most effective Anti Ransomware tools, and, is there a way to de-decrypt infected files?

* Irony there, he's got a 4K ATV and he's watching Perry Mason?!?
My System SpecsSystem Spec
13 Oct 2019   #2
XweAponX

Windows 7 (My Idea)
 
 

Quote   Quote: Originally Posted by XweAponX View Post


...and, is there a way to de-decrypt infected files?
I was told TODAY: ADAME does not really ENCRYPT the files, it copies them, and encrypts the COPIES, then deletes the Original.

So, with that in mind, I scanned the main DATA drive on my Pro Tools system with Recuva. I did not want to chance installing EasUS on that system and maybe inadvertently deleting any recoverable files, and Recuva was already installed. I did have to make a few modifications in the settings, to recover the directory structure. Sometimes EaseUS neglects to do that.

I successfully recovered about 30gb of sessions files! Some of them were dupes of what I had managed to save, but there were a bunch that I had thought I had lost forever.

So, thank Ghod for Recuva.

But out of 3 drives I scanned, only one of them had files i could get back. my 2TB WD My Book had lost about 70% of its contents. When I scanned THAT drive, it was all ADAME files. And I don't want those back. In fact, I want to write 0's over them (How do I do that, use cCleaner?).

Unless someone knows a way to decrypt the files that got encrypted? Nobody I have talked to has said that there was any method to recover encrypted files.
My System SpecsSystem Spec
13 Oct 2019   #3
RoWin7

Win 7 Ult 64-bit
 
 

How many people do you think would make it all the way through your 845-word post? I had to just skim.

You're computing for 30 years. You had no external images of your drives?
My System SpecsSystem Spec
.

16 Oct 2019   #4
XweAponX

Windows 7 (My Idea)
 
 

Quote   Quote: Originally Posted by RoWin7 View Post
How many people do you think would make it all the way through your 845-word post? I had to just skim.

You're computing for 30 years. You had no external images of your drives?

You COUNTED the words? Actually I don't care if anyone reads it or not. Which is why I posted it in here, not in General. Ever need to VENT?

I was able to restore the OSes on 2 systems but the DATA that was attacked, was actually saved in several redundant areas, ALL of them were adame'd. It's ALL GONE. The system restoration scheme you refer to (which I was using) does not backup or restore USER data. Also, adame gets rid of backups, it shuts off System Restore and deletes your restore points, that's about the first thing it does. I had system restore working on only one PC, and after I ran that, the user data that had been encrypted was NOT restored.

I was able to use Recuva on ONE 750GB HDD and I got back about 300GB of data that had been encrypted. The rest of my hard drives, well THIS version of adame, after deleting the original files and deleting them, scrambled them somehow. I had gotten to the files on the one 750GB HDD before the deleted files had been scrambled. It was using a process similar to how cCleaner deletes the MFT free space, writes crap over the deleted files so you CANT get them back that way. I was lucky to get back what I did.
My System SpecsSystem Spec
16 Oct 2019   #5
RoWin7

Win 7 Ult 64-bit
 
 

No, I asked Microsoft Word to count them. It was the most unusual post I've ever seen, and I belong to about 25 forums. And my system does back up and restore data. It's 2 images made in Macrium, System+Programs and Data, and I don't keep it connected to my main machine between imaging sessions. I also keep a copy on my other computer, and back up certain data nightly to a flashdrve.

So what's your question?
My System SpecsSystem Spec
17 Oct 2019   #6
RoWin7

Win 7 Ult 64-bit
 
 

XP no longer works because it can't use the amount of RAM needed by 7 and 10, and it also has less security than 7 and 10 (not counting defense against M$.) How does this relate to the OP's problem?
My System SpecsSystem Spec
17 Oct 2019   #7
RoWin7

Win 7 Ult 64-bit
 
 

XweAponX-- Sorry I was being snarky. It's too late now, but future backups have to be detached from the computer after they're made.

I use this program to get me away from my desk when I have an appointment, but you can set it by days or weeks to remind you to do a backup. It sits on the desktop:
Download Free Alarm Clock 4.0.1
My System SpecsSystem Spec
.
20 Oct 2019   #8
RoWin7

Win 7 Ult 64-bit
 
 

Looks like our troll's comments have been deleted. Poof!
My System SpecsSystem Spec
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar help and support threads
Thread Forum
DoS attacks
I just bought a Motorola SB6121 modem and a Netgear WNDR4300 router. In checking the logs I have a bunch of DoS attacks. Should I be concerned?
Network & Sharing
ransomware and black screen upon start-up
Hi everyone. Not been on the forum for a while but need some help and figured this would be the best place to get it. Yesterday I experienced Ransom ware. I already had some removal instructions printed so followed those but I now have a black screen upon start-up. What forum should I post onto...
System Security
BSOD Attacks
So, in the past few weeks, I had BSOD attacks. When it started, first there were random attacks, sometimes the blue screen with message about win32k.sys, sometimes my monitor just turns off. It's been 6 months since I reinstalled windows. I installed many programs to fix windows registers, like...
BSOD Help and Support
Multiple DoS Attacks
Hi Guys, I have just had a look at my Router settings from 192.168.0.1 and it shows multiple DoS (Denial Of Service) Attacks from different IP's. from source:41.232.151.64, destination source:192.168.0.2 LEN=131 TOS=0x00 PREC=0x00 TTL=111 ID=8169 PROTO=UDP SPT=50774 DPT=56669 - Fri, 2012-02-03...
System Security
Intrusion Attacks
I have had 297 intrusion attempts from 2/10/10 to today (3-5-10) luckily I have Norton 360 which blocks the intrusions, but why am I being targeted, why so many attacks and how can I prevent these intrusion attacks?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:05.
Twitter Facebook