Índice general
Identificarse
Registrarse
The content of this article or any related information is under the Creative Commons license BY, you can republish this content freely but you must mention the author of this article: Kernel and indicate the URL of this page: https://www.exabyteinformatica.com/tienda/foro/como-desinfectar-el-virus-petya-petya-removal-t1966.html
The big Petya ransomware assault crippled corporations and governments across the globe yesterday, placing many people on the sidelines, thousands of whom had been unable to access business-critical information. The assault is akin to closing month's WannaCry ransomware assault, which exploited a flaw in windows Server Message Block 1 (SMB 1). It influences those who did not apply Microsoft's important MS17-010 patch issued in March. WannaCry had a kill swap, however there is no familiar kill change for the Petya ransomware (also referred to as "NotPetya" through some researchers).
Its effect was indeed quite wide. The assault the day gone by contaminated greater than 12,500 clients in sixty four countries across the world together with Belgium, Brazil, Germany, Russia and the united states. Microsoft late the day before today posted an in depth account of Petya's method, which the company described as "refined."
Microsoft spoke of it has considering that released updates to its signature definition programs shortly after confirming the character of the malware. The updates are available in Microsoft's free antimalware items, together with windows Defender Antivirus and Microsoft safety basic, or directors can download the files manually at the Malware insurance plan middle, according to Microsoft, which additionally noted that the brand new windows Defender advanced danger insurance policy (windows Defender ATP), launched with the latest windows 10 replace "instantly detects behaviors used by means of this new ransomware variant with none updates."
If you have been infected by the Petya virus, simply create a .BAT file with this content and execute it:
Código: Seleccionar todo
@echo off
REM Administrative check from here: https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights
REM Vaccination discovered by twitter.com/0xAmit/status/879778335286452224
REM Batch file created by Lawrence Abrams of BleepingComputer.com. @bleepincomputer @lawrenceabrams
echo Administrative permissions required. Detecting permissions...
echo.
net session >nul 2>&1
if %errorLevel% == 0 (
if exist C:\Windows\perfc (
echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya.
echo.
) else (
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll
echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat
attrib +R C:\Windows\perfc
attrib +R C:\Windows\perfc.dll
attrib +R C:\Windows\perfc.dat
echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya.
echo.
)
) else (
echo Failure: You must run this batch file as Administrator.
)
pause
No te pierdas el tema anterior: Unlocking the secrets to ransomware assaults
Salta al siguiente tema: Sitio bloqueado por Riskware
Quizás también te interese: