Login

**GuiltySpark** · 01-18-2017, 03:36 PM

Brian in your video: https://www.youtube.com/watch?v=VAxGI4-uavg

You stated that the decryptor by Checkpoint security was a virus based on the VT analysis, but running it on a test machine didn't cause any infection leading me to believe it was a FP.

Any chance you can do a test on this to clarify one way or t'other?

***Britec*** · (This post was last modified: 01-18-2017, 07:39 PM by Britec.)

(01-18-2017, 03:36 PM)GuiltySpark Wrote: Brian in your video: https://www.youtube.com/watch?v=VAxGI4-uavg

You stated that the decryptor by Checkpoint security was a virus based on the VT analysis, but running it on a test machine didn't cause any infection leading me to believe it was a FP.

Any chance you can do a test on this to clarify one way or t'other?

Its been removed, I wonder why...

I uploaded it to virustotal and it come back as a ransom Confused

**GuiltySpark** · (This post was last modified: 01-18-2017, 07:53 PM by GuiltySpark.)

I still have a copy of it if you're interested?

I did read that Derialock had adapted in it's methods to counter the decryptors, maybe that's why they took it down.

It's back up : https://www.nomoreransom.org/decryption-tools.html

***Britec*** · (This post was last modified: 01-18-2017, 10:44 PM by Britec.)

Have you uploaded it to virustotal? Maybe I was wrong and its a false positive, I thought the only decryptor tool was from the guy I got it from.

**GuiltySpark** · 01-18-2017, 10:37 PM

Yea I did and it's still heavily filed as malware but when I ran it no infection happened. I think it may be a case of the way it's supposed to work, like a Nirsoft tool that gets marked as malicious when it's not.

But...as I say it didn't infect me so I'm at a loss at present.

***Britec*** · 01-18-2017, 10:46 PM

Yeah looks like I made a mistake, because that site does good normally. I was under the impression that the guy who created the tool I used was the only one. We live and learn Blush

**GuiltySpark** · 01-18-2017, 10:50 PM

Well it still to be confirmed if it works as the reason Gillespie kept his decryptor private is so malware writers can't adapt the ransomware, but this one however is out there for anyone to use.

***Britec*** · 01-19-2017, 04:13 PM

I think I will edit that part out of the video. Its only right.

***Britec*** · 01-19-2017, 05:26 PM

Could not edit it out, so I put a note on the video.

**GuiltySpark** · 01-19-2017, 08:19 PM

Ok mate. I hope the tool is still effective.