HitlerRansomware勒索病毒家族详情
勒索病毒家族名称:HitlerRansomware勒索病毒家族是否支持解密:否
详情:
被加密文件:
被加密文件后缀格式: 删除文件后缀
勒索提示信息:
文件名:readme.txt
文件内容 :
-------------------------------------------------------------------------------
PCHunter anti-rootkit is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation.It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel.With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.
PCHunter currently supports the following Windows versions:
Windows 2000 SP4 (32-bit only)
Windows XP (32-bit only)
Windows Server 2003 (32-bit only)
Windows Vista (32-bit only)
Windows Server 2008 (32-bit only)
Windows 7 (32/64)
Windows 8 (32/64)
Windows 8.1 (32/64)
Currently,the following features are available:
*Process Manager
View system process and thread basic information.
Detect hidden processes,threads,process modules.
Terminate, suspend and resume processes and threads.
View and manipulate process handles,windows and memory regions.
*Kernel Module Viewer
Display kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.
Detect hidden kernel modules.
Unload kernel module(dangerous).
Dump kernel image memory.
Display and delete system driver service information.
*Hook Detector
View and restore SSDT,Shadow SSDT,sysenter and int2e hooks.
View and restore FSD and keyboard disptach hooks.
View and restore kernel code hooks including kernel inline hooks,patches,IAT and EAT hooks.
View and restore usermode process hooks incluing inline hooks,patches,IAT and EAT hooks.
View and restore message hooks(both global and local).
View and restore kernel ObjectType hooks.
Display Interrupt Descriptor Table(IDT).
*System Callback Viewer
Display and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon).
*Network Viewer
Display current network connections, including the local and remote addresses and state of TCP connections.
View and delete IE plugins and context menu.
View and restore tcpip dispatch hooks.
Display winsock providers(SPI).
View and edit hosts file.
*Filter Viewer
View and remove filters for common devices including disk,volume,keyboard and network devices.
*Registry Viewer
View and edit system registry.
Detect hidden registry entries using live registry hive analysis.
*File Explorer
Detect hidden files using both disk analysis and driver methods.
View and delete locked files and folders.
View file basic information including NTFS Alternate Data Streams.
*Autorun Manager
Display and delete common autorun entries.
*Service Manager
Display Win32 service information (for Ring0 modules,it is included in Kernel Module Viewer).
Change service status and configuration.
*DPC Timer
Enumerate and delete DPC Timer objects.
*Miscellaneous
View and repair common filetype assosications.
View and repair image hijacks.
*Settings
Option to defense from process creation,thread creation,module load and message hook installation.
Option to defense from file creation,registry key creation.
Option to prevent system suspend,log-off,shutdown and reboot.
Option to prevent locking workstation and switching destop.
option to prevent setting system time.
Warning:Use it at your own risk.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
2015-10-17 V1.4:
*Support Win10(BuildNumber:10240)
2014-10-22 V1.35:
*Fixed a bug in x86 Win8.1 system.
2014-10-06 V1.34:
*Added disable CreateProcess/CreateThread/CreateFile/RegCreateKey/RegSetValueEx feature for x64 system
*Fixed several bugs.
2014-07-02 V1.33:
*Support Win8.1 Update1
2013-10-06 V1.3:
*Support Win8.1
2013-04-28 V1.21:
*Added CmpNotifyChange enumeration feature
*Added ipsec/ipfltdrv driver dispatch function enumeration feature
*Added IpFilterHook/IpFirewallHook enumeration feature
*Fixed several bugs.
2013-03-22 V1.2:
*Added ClassInitData enumeration feature
*Fixed several bugs.
2013-02-28 V1.1:
*Added Sfilter enumeration feature
*Added FltMgr Filter enumeration feature
*Fixed several bugs.
2013-01-22 V1.0:
*Finish the first version.
www.epoolsoft.com
2013-01-22 Beijing.China.
-------------------------------------------------------------------------------
弹窗:
防护建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括:
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
页:
[1]