If possible please post the content from one of them here as well. It uses the following registry auto start entry to ensure its execution on each reboot:. Be sure to stay up-to-date on emerging threats. It has no company name and is loaded when the computer starts. Last but not least, the malware changes the ClearPageFileAtShutdown registry value to cause Windows to clear the page file on shutdown eliminating all traces that might be left due to disk swapping. Check those GUI values out in the Registry and see what else they point to. MalwareBytes Anti-Rootkit doesn’t find anything.

dubrute 2.0

Uploader: Kataxe
Date Added: 9 November 2008
File Size: 46.43 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 59432
Price: Free* [*Free Regsitration Required]

Also, I have never installed Google Chrome, seems weird and unlikely this was also done by the malware. This is still very much unsolved.

Post both logs in this thread. Posted February 12, edited.


Ransomware is a special kind of malware that takes a system and its data hostage in an attempt to extort money from its owner in exchange for returning control back to him.


Emsisoft’s free decrypter is here to help free your files. Even better would be to disable Remote Desktop or Terminal Services completely if not required or at least to use IP address based restrictions to allow the access to these services from trusted networks only.

Double-click to run it. This will duvrute prevent the user from using the system, unless he puts in the correct unlock code, which will cause the screen locker to switch back to the real desktop and terminate.

More stuff

This variant was first seen on March The naming scheme used for encrypted files is cubrute identical to the one used by variant 3 as well. To generate the first password the crypto malware will generate a 50 character long random string. Compressed file Inner file.

dubrute 2.0

Similar to variant 3 two different passwords are used to encrypt the files on the system. Both successfully remove the threat.

Posted February 18, What is this file: This will cause the crypto malware to generate and use a new numeric string on its next execution. AdwCleaner doesn’t find anything.

dubrute 2.0

B Avast Win Explore the payment methods that are supporting the new wave of cybercrime. Sarah Malware analyst at Emsisoft. The third variant uses the same name as the second variant. Well first and foremost as this is a Server that has been compromised one should really delete the partitions, recreate, format, and reinstall Windows. Google Update Helper x32 Version: After the initial infection the attacker will transfer both files containing the numeric string off the system.


Due to the nature of the attack protection software is rather ineffective.

DUBrute RC1 on Vimeo

No VirusTotal Community member has commented on this item yet, be the first one to do so! Are you still with us? There are many more listed.

dubrute 2.0

The first time the tool is run, it makes also another log Addition. Posted February 24, Enter the email address associated to your VirusTotal Community account and we’ll send you a message so you can setup a new password. Posted February 22, Will report back tomorrow.