search

nexxai / CryptoBlocker

A script to deploy File Server Resource Manager and associated scripts to block infected users
GNU General Public License v2.0
200 stars 73 forks source link

Please support windows server 2016 #4

Closed chrisloup closed 1 year ago

chrisloup commented 7 years ago

Please support windows server 2016

chrisloup commented 7 years ago

PS C:\Users\administrator.test\Desktop\CryptoBlocker-master> dir

Directory: C:\Users\administrator.test\Desktop\CryptoBlocker-master

Mode LastWriteTime Length Name

------ 25-04-2017 11:04 PM 12 .gitignore
------ 25-04-2017 11:04 PM 8240 DeployCryptoBlocker.ps1
------ 25-04-2017 11:04 PM 18046 LICENSE.md
------ 25-04-2017 11:04 PM 2125 README.md
-a---- 15-05-2017 5:57 PM 385 SkipList.txt

PS C:\Users\administrator.test\Desktop\CryptoBlocker-master> .\DeployCryptoBlocker.ps1 The following shares needing to be protected: C:\,D:\ Checking File Server Resource Manager.. FSRM not found.. Installing (2008).. & : The term 'servermanagercmd' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:122 char:10

Adding/replacing File Group [CryptoBlockerGroup1] with monitored file [!!! HOW TO DECRYPT FILES !!!.txt,!!! READ THIS - IMPORTANT !!!.txt,!!!!!ATENÇ ÃO!!!!!.html,!!!READ_TO_UNLOCK!!!.TXT,!!!README!!!.rtf,!!!-WARNING-!!!.html,!!!-WARNING-!!!.txt,!_HOW_TORESTORE.txt,!_RECOVERYHELP!.txt,!Decry pt-All-Files-.txt,!DMALOCK3.0,!readme.,!Recovery_.html,!Recovery_.txt,!satana!.txt,!Where_are_my_files!.html,# DECRYPT MY FILES #.html,# DECRYP T MY FILES #.txt,# DECRYPT MY FILES #.vbs,# README.hta,###-READ-FOR-HELLPP.html,#_DECRYPTASSISTANCE#.txt,#_RESTORINGFILES#.TXT,$RECYCLE.BIN.{- --}, .vCrypt1,!DMAlock,!recover!.,.!emc,.cry,.crypto,.darkness,.exx,.kb15,.kraken,.locked,.nochance,.obleep,.@decrypt201 7,.[admin@hoist.desi]..WALLET,.[BRAINCRYPT@INDIA.COM].BRAINCRYPT,.[crysis@life.com]..WALLET,.[File-Help@India.Com].mails,.[GOFMEN17@YA.RU],CR P,.[NO.TORP3DA@PROTONMAIL.CH].WALLET,.[PINGY@INDIA.COM],.[SHIELD0@USA.COM]..WALLET,._AiraCropEncrypted!,.ryp,.{CRYPTENDBLACKDC},.~HL,.0x0 ,.1999,.1txt,.2cXpCihgsVxB3,.31342E30362E32303136,.31392E30362E32303136,.6FKR8d,.73i87A,.777,.7h9r,.7z.encrypted,.7zipper,.8637,.8lo ck8,.96e2,.a19,.a5zfn,.A95436@YA.RU,.A9V9AHU4,.aaa,.abc,.adk,.ADMIN@BADADMIN.XYZ,.ADR,.AES,.aes_ni_0day,.AES256,.aesir,.AES-NI,.AFD, .aga,.airacropencrypted!,.akaibvn,.Alcatraz,.amba,.amnesia,.android,.angelamerkel,.AngleWare,.anon,.ap19,.asdasdasd,.ATLAS,.axx,.B10C KED,.b5c6,.bagi,.BarRax,.bart,.bart.zip,.better_call_saul,.bitkangoroo,.bitstak,.bleep,.bleepYourFiles,.bloc,.blocatto,.bloccato,.bloc k_file12,.braincrypt,.breaking bad,.breaking_bad,.bript,.btc,.btc.kkk.fun.gws,.btcbtcbtc,.btc-help-you,.btcware,.C0rp0r@c@0Xr@,.canihelpy ou,.cawwcca,.cbf,.ccc,.CCCRRRPPP,.CEBER3,.cerber,.cerber2,.cerber3,.cfk,.chifrator@qq_com,.CHIP,.CIFGKSAFFSFYGHD,.clf,.cloud,.code,. coded,.coin,.comrade,.CONFICKER,.Contact_Here_To_Recover_Your_Files.txt,.CONTACT_TARINEOZA@GMAIL.COM,.corrupted,.coverton,.CRADLE,.crashed, .cRh8,.crime,.crinf,.criptiko,.criptokod,.cripttt,.crjocker,.crjoker,.crptrgr,.CRPTXXX,.CRRRT,.cry,.cryp1,.crypt,.crypt1,.crypt38,. crypted,.crypted_file,.CRYPTED000007,.crypto,.CRYPTOBOSS,.CRYPTOBYTE,.cryptolocker,.CRYPTOSHIEL,.CRYPTOSHIELD,.cryptotorlocker,.CryptoTor Locker2015!,.cryptowall,.cryptowin,.crypttt,.cryptz,.crypz,.CrySiS,.CTB2,.ctbl,.CTBL2,.czvxce,.d4nk,.da_vinci_code,.DALE,.damage,.dar kness,.dCrypt,.decrypt2017,.decryptional,.ded,.deria,.DEXTER,.dharma,.Do_not_change_the_file_name.cryp,.domino,.donation1@protonmail.ch.12 345,.doomed,.duhust,.dxxd,.dyatel@qq_com,.ecc,.eclr,.edgel,.eky,.encedRSA,.EnCiPhErEd,.encoderpass,.ENCR,.encrypt,.Encrypted,.encrypt ed.locked,.encryptedAES,.encryptedped,.encryptedRSA,.encryptedyourfiles,.EncrypTile,.enigma,.enjey,.epic,.evil,.evillock,.exotic,.exploi t,.exx,.ezz,.FailedAccess,.fantom,.fartplz,.file0locked,.filegofprencrp,.fileiscryptedhard,.filock,.firecrypt,.FLATCHER3@INDIA.COM.000G, .flyper,.frtrss,.fuck,.Fuck_You,.fucked,.fuckyourdata,.fun,.gangbang,.gefickt,.gembok,.GETREKT,.GG,.globe,.good,.gruzin@qq_com,.GSupp ort3,.gui,.gws,.gws.porno,.h3ll,.ha3,.HakunaMatata,.hannah,.happy,.happydayzz,.Harzhuangzi,.hasp,.haters,.hb15,.hcked,.heisenberg,.h elpdecrypt@india.com,.helpdecrypt@ukr.net,.helpdecrypt@ukr.net,.helpdecrypt@ukr_net,.helpmeencedfiles,.helppme@india.com.,.HELPPME@INDIA.COM .ID83994902,.herbst,.hnumkhotep,.hnumkhotep@india.com.hnumkhotep,.hnyear,.How_To_Decrypt.txt,.How_To_Get_Back.txt,.htrs,.hush,.hydracrypt_I D,.hydracryptID,.iaufkakfhsaraf,.id-3044989498_x3m,.ID-7ES642406.CRY,.infected,.isis,.IWANT,.I'WANT MONEY,.iwanthelpuuu,.jaff,.jeepda yz@india.com,.JEEPERS,.jey,.jse,.justbtcwillhelpyou,.k0stya,.keepcalm,.kencf,.keybtc@inbox,.keybtc@inbox_com,.KEYH0LES,.KEYHOLES,.KEYZ, .KEYZ.KEYH0LES,.kilit,.killedXXX,.kimcilware,.kimcilware.locked,.kirked,.kkk,.kok,.korrektor,.kostya,.kr3,.kraken,.kratos,.krypted,.L0 CKED,*.lambda.l0cked].. & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:174 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:175 char:6

Adding/replacing File Group [CryptoBlockerGroup2] with monitored file [.LAMBDA.LOCKED,.lambda_l0cked,.LCKD,.LeChiffre,.legion,.lesli,.letmetr ydecfiles,.lfk,.LOCK75,.lock93,.locked,.locked-,.LOCKED.txt,.locked3,.Locked-by-Mafia,.Lockify,.LOCKOUT,.locky,.LOL!,.LOLI,.loptr,.l ovewindows,.loveyouisreal,.magic,.magic_software_syndicate,.maktub,.MATRIX,.MAYA,.medal,.MERRY,.micro,.MIKOYAN,.MOLE,.MRCR1,.msj,.nalo g@qq_com,.neitrino,.nemo-hacks.at.sigaint.org,.news,.NM4,.no_more_ransom,.nochance,.noproblemwedecfiles,.nuclear55,.NUMBERDOT,.odcodc,.od in,.okean,.okokokokok,.OMG!,.one,.one-we_can-help_you,.ONION,.only-we_can-help_you,.oops,.oor,.openforyou@india.com,.oplata@qq_com,.osh it,.osiris,.otherinformation,.owned,.p5tkjw,.padcrypt,.PAY,.paybtcs,.paycyka,.payfordecrypt,.payfornature@india.com.crypted,.paymds,.pay mrts,.payms,.paymst,.payransom,.paytounlock,.pdcr,.PEGS1,.pizda@qq_com,.pizdec,.pky,.plauge17,.PoAr2w,.porno,.porno.pornoransom,.porno ransom,.POSHKODER,.potato,.powerfulldecrypt,.powned,.pr0tect,.psh,.purge,.pzdc,.R.i.P,.R16M01D05,.R4A,.R5A,.RAD,.RADAMANT,.raid10,.r anranranran,.RANSOM,.RARE1,.razarac,.razy,.razy1337,.RDM,.rdmk,.Read_Me.Txt,.realfs0ciety,.rekt,.relock@qq_com,.remind,.REVENGE,.rip, .RMCM1,.rnsmwr,.rokku,.RRK,.RSNSlocked,.RSplited,.rtyrtyrty,.ryp,.sage,.SALSA222,.sanction,.scl,.SecureCrypte,.SecureCrypted,.SERP,. serpent,.sgood,.shifr,.shino,.shit,.sifreli,.Silent,.SKJDTHGHH,.slvpawned,.son,.sport,.sshxkej,.stn,.SUPERCRYPT,.surprise,.szesnl,.s zf,.TheTrumpLockerf,.TheTrumpLockerp,.theva,.thor,.tmp.exe,.toxcrypt,.troyancoder@qq_com,.trun,.ttt,.tzu,.uDz2j8mv,.UIWIX,.uk-dealer@si gaint.org,.unavailable,.unbrecryptID,.usr0,.vault,.VBRANSOM,.vCrypt1,.vdul,.velikasrbija,.Venusf,.venusp,.VforVendetta,.viki,.vindow s,.vscrypt,.vvv,.vxLock,.wallet,.warn_wallet,.wcry,.WCRYT,.weareyourfriends,.weencedufiles,.wflx,.whatthefuck,.Where_my_files.txt,.Wher eisyourfiles,.windows10,.wncry,.wncryt,.wnry,.WORMKILLER@INDIA.COM.XTBL,.wowreadfordecryp,.wowwhereismyfiles,.WRNY,.wuciwug,.WWW,.x0lzs3c ,.x3m,.x3mpro,.XBTL,.xcrypt,.xncrypt,.xorist,.xort,.XRNT,.xrtn,.xtbl,.xxx,.xyz,.Yakes,.youransom,.yourransom,.YTBL,.Z81928819,.zc3 791,.zcrypt,.zendr4,.zepto,.Zimbra,.ZINO,.zorro,.zXz,.zycrypt,.zyklon,.zypto,.zzz,.Zzzz,.zzzzz,.кибер разветвитель,.암호화됨,.已加密,@gma ilcom,@india.com,[cryptservice@inbox.ru],[cryptsvc@mail.ru].,[lavandos@dr.com].wallet,_.rmd,_crypt,_help_instruct.,_HELP_instruction s.html,_HOWDO_text.bmp,_HOWDO_text.html,_luck,_nullbyte,_READ_THISFILE_,recover.,_ryp,steaveiwalker@india.com,_WHAT_is.html,+re cover+.,bingo@opensourcemail.org,cerber2,decipher,decrypt my file.,decrypt your file.,decryptmyfiles.,drakosho_new@aol.com,EdgeLoc ker.exe,files_are_encrypted.,-filesencrypted.html,garryweber@protonmail.ch,gmail.crypt,help_restore.,HERMES,how_to_recover.,info@krak en.cc_worldcza@email.cz,install_tor.,keemail.me,maestro@pizzacrypts.info,opentoyou@india.com,qq_com,rec0ver.,-recover-.,recover_inst ruction.,recover}-.,restore_fi.,ukr.net,want your files back.,warning-!!.,.~,@_USE_TOFIX.txt,@Please_Read_Me@.txt,@WanaDecryptor@. ,@WARNING_FILES_ARE_ENCRYPTED..txt,[amanda_sofost@india.com].wallet,[KASISKI],_!!!README!!!*,!!!README!!!* .txt,_!!!README!!!*.hta,_ _HOWDOtext.html,README.hta,_README.jpg,_Adatok_visszaallitasahoz_utasitasok.txt,_DECRYPTINFO.html,_DECRYPT_INFO_szesnl.html,_H_e_l_p_RECOVE R_INSTRUCTIONS.html,_H_e_l_p_RECOVER_INSTRUCTIONS.png,_H_e_l_p_RECOVER_INSTRUCTIONS.txt,_H_e_l_p_RECOVER_INSTRUCTIONS+.html,_H_e_l_p_RECOVER_INS TRUCTIONS+.png,_H_e_l_p_RECOVER_INSTRUCTIONS+.txt,_HELP_HELPHELP,_HELP_HELPHELP.hta,_HELP_HELPHELP.jpg,_help_instruct.,_HELP_instructio ns.bmp,_HELP_instructions.txt,_HELP_RecoverFiles.html,_how_recover.html,_how_recover.txt,_how_recover.txt,_how_recover+.html,_how_recover+*.txt ,_HOW_TO_Decrypt.bmp].. & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:174 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:175 char:6

Adding/replacing File Group [CryptoBlockerGroup3] with monitored file [_HOWDO_text.html,_Locky_recover_instructions.bmp,_Locky_recover_instructions. txt,_READ_THI$FILE,README.hta,README.hta,_RECOVER_INSTRUCTIONS.ini,_ryp,_secret_code.txt,_WHAT_is.html,0_HELP_DECRYPT_FILES.HTM,000-IF-YOU-W ANT-DEC-FILES.html,000-No-PROBLEM-WE-DEC-FILES.html,000-PLEASE-READ-WE-HELP.html,001-READ-FOR-DECRYPT-FILES.html,009-READ-FOR-DECCCC-FILESSS.html,4- 14-2016-INFECTION.TXT,About_Files.txt,Aescrypt.exe,AllFilesAreLocked.bmp,ASSISTANCE_IN_RECOVERY.txt,ATLAS_FILES.txt,ATTENTION!!!.txt,ATTENTION.url, bahij2@india.com,BitCryptorFileList.txt,BTC_DECRYPT_FILES.txt,BUYUNLOCKCODE,BUYUNLOCKCODE.txt,C-email--.odcodc,Coin.Locker.txt,COME_RIPRISTINARE_I _FILE.,Comment débloquer mes fichiers.txt,Como descriptografar seus arquivos.txt,COMO_ABRIR_ARQUIVOS.txt,COMO_RESTAURAR_ARCHIVOS.html,COMO_RESTAURA R_ARCHIVOS.txt,confirmation.key,crjoker.html,cryptinfo.txt,cryptolocker.,CryptoRansomware.exe,Crytp0l0cker.dll,Crytp0l0cker.exe,Crytp0l0cker.Upack. dll,Cversions.2.db,Cyber SpLiTTer Vbs.exe,DALE_FILES.TXT,damage@india.com,de_crypt_readme.,de_crypt_readme.bmp,de_crypt_readme.html,de_crypt_readm e.txt,decipher_ne@outlook.com,Decrypt All Files .bmp,decrypt explanations.html,decrypt_Globe.exe,DECRYPT_INFO.txt,DECRYPT_INFORMATION.html,decryp t_instruct.,DECRYPT_INSTRUCTION.HTML,DECRYPT_INSTRUCTION.TXT,DECRYPT_INSTRUCTION.URL,DECRYPT_INSTRUCTIONS.html,DECRYPT_INSTRUCTIONS.TXT,DECRYPT_Re adMe.TXT,DECRYPT_Readme.TXT.ReadMe,DECRYPT_ReadMe1.TXT,DECRYPT_YOUR_FILES.HTML,DECRYPT_YOUR_FILES.txt,DecryptAllFiles.txt,DecryptAllFiles.txt,decry pted_files.dat,DecryptFile.txt,decrypt-instruct.,DECRYPTION INSTRUCTIONS.txt,DECRYPTION_HOWTO.Notepad,decypt_your_files.html,default32643264.bmp,d efault432643264.jpg,DESIFROVANI_POKYNY.html,DesktopOsiris.,DesktopOsiris.htm,DOSYALARINIZA ULAŞMAK İÇİN AÇINIZ.html,EMAIL__recipient.zip,email-sal azar_slytherin10@yahoo.com.ver-.id--.randomname-,email-vpupkin3@aol.com,enc_files.txt,encryptor_raas_readme_liesmich.txt,enigma.hta,enigma_encr .txt,ENTSCHLUSSELNHINWEISE.html,exit.hhr.obleep,fattura.js,File Decrypt Help.html,file0locked.js,FILES_BACK.txt,FILESAREGONE.TXT,firstransomware. exe,GetYouFiles.txt,GJENOPPRETTING_AV_FILER.html,GJENOPPRETTING_AV_FILER.txt,Hacked_Read_me_to_decrypt_files.html,HELLOTHERE.TXT,Help Decrypt.html,h elp_decrypt.,HELP_DECRYPT.HTML,HELP_DECRYPT.lnk,HELP_DECRYPT.PNG,Help_Decrypt.txt,HELP_DECRYPT.URL,help_decrypt_your_files.html,helpfile.,help _instructions.,HELP_ME_PLEASE.txt,help_recover.,HELP_RECOVER_FILES.txt,help_recover_instructions.bmp,help_recover_instructions.html,help_recove r_instructions.txt,help_recover_instructions+.BMP,help_recover_instructions+.html,help_recover_instructions+.txt,help_restore.,HELP_RESTORE_FI LES.txt,HELP_RESTOREFILES.,HELP_RESTOREFILES.TXT,HELP_TO_DECRYPT_YOUR_FILES.txt,HELP_TO_SAVE_FILES.bmp,HELP_TO_SAVE_FILES.txt,help_your_file .,HELP_YOUR_FILES.html,HELP_YOUR_FILES.PNG,HELP_YOUR_FILES.TXT,HELP_YOURFILES.HTML,HELPDECRYPT.TXT,HELPDECYPRT_YOUR_FILES.HTML,help-file-decrypt.en c,HELP-ME-ENCED-FILES.html,How decrypt files.hta,How Decrypt My Files.lnk,how to decrypt aes files.lnk,HOW TO DECRYPT FILES.HTML,HOW TO DECRYPT FILE S.txt,How to decrypt LeChiffre files.html,How to decrypt your data.txt,How to decrypt your files.jpg,How to decrypt your files.txt,how to decrypt. ,How to get data back.txt,how to get data.txt,How to restore files.hta,how_decrypt.gif,HOW_DECRYPT.HTML,HOW_DECRYPT.TXT,HOW_DECRYPT.URL,HowDecrypt My_Files,HOW_OPEN_FILES.hta,how_recover.,HOW_RETURN_FILES.TXT,how_to_decrypt.,HOW_TO_DECRYPT.HTML,HOW_TO_DECRYPT_FILES.html,HOW_TO_DECRYPT_FILES .TXT,How_to_decrypt_your_files.jpg,HOW_TOFIX!.TXT,how_to_recover.,How_To_Recover_Files.txt,How_to_restore_files.hta,HOW_TO_RESTORE_FILES.html,HO W_TO_RESTORE_FILES.txt,HOW_TO_RESTORE_YOUR_DATA.html,how_to_unlock.,HOW_TO_UNLOCK_FILESREADME.txt,HowDecrypt.gif,HowDecrypt.txt,howrecover+.tx t,howto_recover_file.txt,HOWTO_RECOVERFILES.,HOWTO_RECOVERFILES.TXT,howto_restore.,Howto_RESTORE_FILES.html,Howto_Restore_FILES.TXT,howtode crypt.].. & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:174 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:175 char:6

Adding/replacing File Group [CryptoBlockerGroup4] with monitored file [howtodecryptaesfiles.txt,HOW-TO-DECRYPT-FILES.HTML,HowtoRESTORE_FILES.txt,HUR _DEKRYPTERA_FILER.html,HUR_DEKRYPTERA_FILER.txt,HVORDAN_DU_GENDANNER_FILER.html,HVORDAN_DU_GENDANNER_FILER.txt,HWID Lock.exe,IAMREADYTOPAY.TXT,IF_WA NT_FILES_BACK_PLS_READ.html,IHAVEYOURSECRET.KEY,IMPORTANT READ ME.txt,Important!.txt,IMPORTANT.README,install_tor.,INSTALL_TOR.URL,INSTRUCCIONES.t xt,INSTRUCCIONES_DESCIFRADO.html,INSTRUCCIONES_DESCIFRADO.TXT,INSTRUCTION RESTORE FILE.TXT,INSTRUCTION_FOR_HELPING_FILE_RECOVERY.txt,Instructionaga. txt,INSTRUCTIONS_DE_DECRYPTAGE.html,ISTRUZIONI_DECRITTAZIONE.html,KryptoLocker_README.txt,last_chance.txt,lblBitcoinInfoMain.txt,lblFinallyText.txt, lblMain.txt,LEER_INMEDIATAMENTE.txt,locked.bmp,loptr-.htm,maxcrypt.bmp,MENSAGEM.txt,MERRY_I_LOVE_YOU_BRUCE.hta,message.txt,NFS-e1025-7152.exe,NOTE ;!!!-ODZYSKAJ-PLIKI-!!!.TXT,OKSOWATHAPPENDTOYOURFILES.TXT,OKU.TXT,ONTSLEUTELINGS_INSTRUCTIES.html,oor.,OSIRIS-.,OSIRIS-.htm,PadCrypt.exe,padcryp tUninstaller.exe,paycrypt.bmp,Payment_Advice.mht,Payment_Instructions.jpg,PAYMENT-INSTRUCTIONS.TXT,PLEASE-READIT-IF_YOU-WANT.html,popcorn_time.exe,p ronk.txt,qwer.html,qwer2.html,Rans0m_N0te_Read_ME.txt,ransomed.html,READ IF YOU WANT YOUR FILES BACK.html,Read Me (How Decrypt) !!!!.txt,READ ME ABO UT DECRYPTION.txt,READ ME FOR DECRYPT.txt,READ TO UNLOCK FILES.salsa..html,Read.txt,READ@My.txt,READ_IT.txt,READ_IT_FOR_GET_YOUR_FILE.txt,README! .txt,READ_ME_TO_DECRYPT_YOU_INFORMA.jjj,Read_this_file.txt,READ_THIS_TO_DECRYPT.html,ReadDecryptFilesHere.txt,README HOW TO DECRYPT YOUR FILES.HTML, README!!!.txt,readme.hta,readme_decrypt.,ReadME_DecryptHelp.html,README_DECRYPT_HYDRAID.txt,README_DECRYPT_HYRDAID.txt,README_DECRYPT_UMB REID.jpg,README_DECRYPT_UMBREID.txt,readme_for_decrypt.,README_HOW_TO_UNLOCK.HTML,README_HOW_TO_UNLOCK.TXT,readme_liesmich_encryptor_raas.tx t,README_RECOVERFILES.html,README_RECOVERFILES.png,README_RECOVERFILES.txt,README_TO_RECURE_YOUR_FILES.txt,READ-READ-READ.html,READTHISNOW! !!.TXT,Receipt.exe,recover.bmp,recover.txt,recoverfile.txt,RECOVERY_FILE.txt,recovery_file.txt,RECOVERY_FILES.txt,recovery_key.txt,recovery+.,Re covery+.html,Recovery+.txt,recoveryfile.txt,Recupere seus arquivos aqui.txt,redchip2.exe,RESTORE_CORUPTED_FILES.HTML,RESTORE_FILES.HTML,restore_f iles.txt,RESTOREFILES.,RESTOREFILES.txt,RESTORE-12345-FILES.TXT,restorefiles.txt,rtext.txt,Runsome.exe,Sarah_G@ausi.com___,SECRET.KEY,SECRET IDHERE.KEY,SHTODELATVAM.txt,SIFRE_COZME_TALIMATI.html,strongcrypt.bmp,Survey Locker.exe,svchosd.exe,taskdl.exe,taskhsvc.exe,tasksche.exe,taskse.exe, ThxForYurTyme.txt,tor.exe,tox.html,TRY-READ-ME-TO-DEC.html,UnblockFiles.vbs,unCrypte@outlook.com,UNLOCK_FILES_INSTRUCTIONS.html,UNLOCK_FILESINSTRU CTIONS.txt,Vape Launcher.exe,vault.hta,vault.key,vault.txt,VictemKey_,VIP72.exe,Wannacry.exe,wcry.exe,wcry.zip,WE-MUST-DEC-FILES.html,What happen to my files.txt,WHERE-YOUR-FILES.html,wie_zum_Wiederherstellen_von_Dateien.txt,winclwp.jpg,WindowsApplication1.exe,xort.txt,YOUGOTHACKED.TXT,Your f iles are locked !!!!.txt,Your files are locked !!!.txt,Your files are locked !!.txt,Your files are locked !.txt,Your files encrypted by our friends !!! txt,Your files encrypted by our friends !!!.txt,YOUR_FILES.HTML,YOUR_FILES.url,YOUR_FILES_ARE_DEAD.hta,YOUR_FILES_ARE_ENCRYPTED.HTML,YOURFILES ARE_ENCRYPTED.TXT,YOUR_FILES_ARE_LOCKED.txt,YourID.txt,zcrypt.exe,ZINO_NOTE.TXT,zXz.html,zycrypt.,zzzzzzzzzzzzzzzzzyyy,КАК_РАСШИФРОВАТЬ_ФАЙЛЫ.txt]. . & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:174 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:175 char:6

Adding/replacing File Screen Template [CryptoBlockerTemplate] with Event Notification [] and Command Notification [].. & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:179 char:2

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:186 char:2

Adding/replacing File Screens.. Adding/replacing File Screen for [C:] with Source Template [CryptoBlockerTemplate].. & : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:205 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:206 char:6

& : The term 'filescrn.exe' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At C:\Users\administrator.test\Desktop\CryptoBlocker-master\DeployCryptoBlocker.ps1:206 char:6

PS C:\Users\administrator.test\Desktop\CryptoBlocker-master> PS C:\Users\administrator.test\Desktop\CryptoBlocker-master> PS C:\Users\administrator.test\Desktop\CryptoBlocker-master>

nexxai commented 7 years ago

Hi Chris,

I'm sorry for the issues you're having, however I don't have a Server 2016 box to test on so to help, I'm going to have to have you run some stuff on your end and report back to me.

First, can you please run the following commands and let me know the results so I can see what MS has versioned Server 2016 as:

$majorVer = [System.Environment]::OSVersion.Version.Major
$minorVer = [System.Environment]::OSVersion.Version.Minor

write-host $majorVer
write-host $minorVer

Thanks

andi-blafasl commented 7 years ago

ObjectNotFound: (filescrn.exe:String) [], CommandNotFoundException

To resolve this error maybe we have to change the script from using filescrn.exe to the powershell cmdlets. But they are not available in Server 2008 or 2008r2, only available for Server 2012 and above. I also don't have a 2016 Server for testing right now :-(

nexxai commented 7 years ago

The problem is that it's seeing this code: 

# Identify Windows Server version, and install FSRM role
$majorVer = [System.Environment]::OSVersion.Version.Major
$minorVer = [System.Environment]::OSVersion.Version.Minor

Write-Host "`n####"
Write-Host "Checking File Server Resource Manager.."

Import-Module ServerManager

if ($majorVer -ge 6)

And it looks like according to https://msdn.microsoft.com/en-ca/library/windows/desktop/ms724832(v=vs.85).aspx that it should be MajorVer 10, MinorVer 0 (10.0) and so it's seeing that the MajorVer is greater than or equal to 6 (10 > 6) but then isn't matching the rest of the if's and so defaulting to the 2008 instructions.

I'm pretty sure all we need to do is redefine the original if to say:

if ($majorVer -eq 10)
{
    $checkFSRM = Get-WindowsFeature -Name FS-Resource-Manager

    if ($minorVer -eq 0 -and $checkFSRM.Installed -ne "True")
    {
        # Server 2016
        Write-Host "`n####"
        Write-Host "FSRM not found.. Installing (2016).."
        Install-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools
    }

}

elseif ($majorVer -ge 6)
{
    $checkFSRM = Get-WindowsFeature -Name FS-Resource-Manager

    if ($minorVer -ge 2 -and $checkFSRM.Installed -ne "True")
    {
        # Server 2012
        Write-Host "`n####"
        Write-Host "FSRM not found.. Installing (2012).."
        Install-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools
    }
}

Which should check for 2016 first, then 2012, and so on.

chrisloup commented 7 years ago

.Version.Major

.Version.Minor [PS] > [PS] >write-host $majorVer 10 [PS] >write-host $minorVer$majorVer = [System.Env ironment]::OSVersion.Version.Major 010 = [System.Environment]::OSVersion.Version.Major

.Version.Minor [PS] > [PS] >write-host $majorVer 10 [PS] >write-host $minorVer 0

chrisloup commented 7 years ago

after modifying the if clause. success, results are as follows (on 2016)

PS C:\Users\administrator.test\Desktop\CryptoBlocker-master> .\DeployCryptoBlocker.ps1 The following shares needing to be protected: C:\,D:\ Checking File Server Resource Manager..

FSRM not found.. Installing (2016)..

Success Restart Needed Exit Code Feature Result

True No Success {File and iSCSI Services, File Server, Fil... Adding/replacing File Group [CryptoBlockerGroup1] with monitored file [!!! HOW TO DECRYPT FILES !!!.txt,!!! READ THIS - IMPORTANT !!!.txt,!!!!!ATENÇÃO!!!!!.html,!!!READ_TO_UNLOCK!!!.TXT,!!!README!!!.rtf,!!!-WARNING-!!!.html,!!!-WARNING-!!! .txt,!_HOW_TORESTORE.txt,!_RECOVERYHELP!.txt,!Decrypt-All-Files-.txt,!DMALOCK3.0,!Please Read Me!.txt,!readme.,! Recovery_.html,!Recovery_.txt,!satana!.txt,!WannaDecryptor!.exe.lnk,!Where_are_my_files!.html,# DECRYPT MY FILES #.htm l,# DECRYPT MY FILES #.txt,# DECRYPT MY FILES #.vbs,# README.hta,###-READ-FOR-HELLPP.html,#_DECRYPTASSISTANCE#.txt,#_R ESTORINGFILES#.TXT,$RECYCLE.BIN.{---}, .vCrypt1,!DMAlock,!recover!.,.!emc,.cry,.crypto,.darkness,.e xx,.kb15,.kraken,.locked,.nochance,.obleep,.@decrypt2017,.[admin@hoist.desi]..WALLET,.[BRAINCRYPT@INDIA.CO M].BRAINCRYPT,.[crysis@life.com]..WALLET,.[File-Help@India.Com].mails,.[GOFMEN17@YA.RU],CRP,.[NO.TORP3DA@PROTONMAIL .CH].WALLET,.[PINGY@INDIA.COM],.[SHIELD0@USA.COM]..WALLET,._AiraCropEncrypted!,.ryp,.{CRYPTENDBLACKDC},.~HL,.0 x0,.1999,.1txt,.2cXpCihgsVxB3,.31342E30362E32303136,.31392E30362E32303136,.6FKR8d,.73i87A,.777,.7h9r,.7z.en crypted,.7zipper,.8637,.8lock8,.96e2,.a19,.a5zfn,.A95436@YA.RU,.A9V9AHU4,.aaa,.abc,.adk,.ADMIN@BADADMIN.XYZ, .ADR,.AES,.aes_ni_0day,.AES256,.aesir,.AES-NI,.AFD,.aga,.airacropencrypted!,.akaibvn,.Alcatraz,.amba,.amnes ia,.android,.angelamerkel,.AngleWare,.anon,.ap19,.asdasdasd,.ATLAS,.axx,.B10CKED,.b5c6,.bagi,.BarRax,.bart, .bart.zip,.better_call_saul,.bitkangoroo,.bitstak,.bleep,.bleepYourFiles,.bloc,.blocatto,.bloccato,.block_file 12,.blocked,.braincrypt,.breaking bad,.breaking_bad,.bript,.btc,.btc.kkk.fun.gws,.btcbtcbtc,.btc-help-you,.btc ware,.C0rp0r@c@0Xr@,.canihelpyou,.cawwcca,.cbf,.ccc,.CCCRRRPPP,.CEBER3,.cerber,.cerber2,.cerber3,.cfk,.chifr ator@qq_com,.CHIP,.CIFGKSAFFSFYGHD,.clf,.cloud,.code,.coded,.coin,.comrade,.CONFICKER,.Contact_Here_To_Recover _Your_Files.txt,.CONTACT_TARINEOZA@GMAIL.COM,.corrupted,.coverton,.CRADLE,.crashed,.cRh8,.crime,.crinf,.criptik o,.criptokod,.cripttt,.crjocker,.crjoker,.crptrgr,.CRPTXXX,.CRRRT,.cry,.cryp1,.crypt,.crypt1,.crypt38,.cryp ted,.crypted_file,.CRYPTED000007,.crypto,.CRYPTOBOSS,.CRYPTOBYTE,.cryptolocker,.CRYPTOSHIEL,.CRYPTOSHIELD,.cryp totorlocker,.CryptoTorLocker2015!,.cryptowall,.cryptowin,.crypttt,.cryptz,.crypz,.CrySiS,.CTB2,.ctbl,.CTBL2, .czvxce,.d4nk,.da_vinci_code,.DALE,.damage,.DARKCRY,.darkness,.dCrypt,.decrypt2017,.decryptional,.ded,.deria, .DEXTER,.dharma,.Do_not_change_the_file_name.cryp,.domino,.donation1@protonmail.ch.12345,.doomed,.duhust,.dxxd, .dyatel@qq_com,.ecc,.eclr,.edgel,.eky,.encedRSA,.EnCiPhErEd,.encoderpass,.ENCR,.encrypt,.Encrypted,.encrypted .locked,.encryptedAES,.encryptedped,.encryptedRSA,.encryptedyourfiles,.EncrypTile,.enigma,.enjey,.epic,.evil,. evillock,.exotic,.exploit,.exx,.ezz,.FailedAccess,.fantom,.fartplz,.file0locked,.filegofprencrp,.fileiscrypted hard,.filock,.firecrypt,.FLATCHER3@INDIA.COM.000G,.flyper,.frtrss,.fuck,.Fuck_You,.fucked,.fuckyourdata,.fun, .gangbang,.gefickt,.gembok,.GETREKT,.GG,.globe,.good,.gruzin@qq_com,.GSupport3,.gui,.gws,.gws.porno,.h3ll,. ha3,.HakunaMatata,.hannah,.happy,.happydayzz,.Harzhuangzi,.hasp,.haters,.hb15,.hcked,.heisenberg,.helpdecrypt @india.com,.helpdecrypt@ukr.net,.helpdecrypt@ukr.net,.helpdecrypt@ukr_net,.helpmeencedfiles,.helppme@india.com., .HELPPME@INDIA.COM.ID83994902,.herbst,.hnumkhotep,.hnumkhotep@india.com.hnumkhotep,.hnyear,.How_To_Decrypt.txt,.Ho w_To_Get_Back.txt,.htrs,.hush,.hydracrypt_ID,.hydracryptID,.iaufkakfhsaraf,.id-3044989498_x3m,.ID-7ES642406.C RY,.infected,.isis,.IWANT,.I'WANT MONEY,.iwanthelpuuu,.jaff,.jeepdayz@india.com,.JEEPERS,.jey,.jse,.justbtcwi llhelpyou,.k0stya,.keepcalm,.kencf,.keybtc@inbox,.keybtc@inbox_com,.KEYH0LES,.KEYHOLES,.KEYZ,.KEYZ.KEYH0LES,.k ilit,.killedXXX,.kimcilware,.kimcilware.locked,.kirked,.kkk,.kok,.korrektor]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File group added successfully. Adding/replacing File Group [CryptoBlockerGroup2] with monitored file [.kostya,.kr3,.kraken,.kratos,.krypted,.L0CK ED,.lambda.l0cked,.LAMBDA.LOCKED,.lambda_l0cked,.LCKD,.LeChiffre,.legion,.lesli,.letmetrydecfiles,.lfk,.LOCK75 ,.lock93,.locked,.locked-,.LOCKED.txt,.locked3,.Locked-by-Mafia,.Lockify,.LOCKOUT,.locky,.LOL!,.LOLI,.loptr ,.lovewindows,.loveyouisreal,.magic,.magic_software_syndicate,.maktub,.MATRIX,.MAYA,.medal,.MERRY,.micro,.MIK OYAN,.MOLE,.MRCR1,.msj,.nalog@qq_com,.neitrino,.nemo-hacks.at.sigaint.org,.news,.NM4,.no_more_ransom,.nochance ,.noproblemwedecfiles,.nuclear55,.NUMBERDOT,.odcodc,.odin,.okean,.okokokokok,.OMG!,.one,.one-we_can-help_you, .ONION,.only-we_can-help_you,.oops,.oor,.openforyou@india.com,.oplata@qq_com,.oshit,.osiris,.otherinformation, .owned,.p5tkjw,.padcrypt,.PAY,.paybtcs,.paycyka,.payfordecrypt,.payfornature@india.com.crypted,.paymds,.paymrts ,.payms,.paymst,.payransom,.paytounlock,.pdcr,.PEGS1,.pizda@qq_com,.pizdec,.pky,.plauge17,.PoAr2w,.porno,.p orno.pornoransom,.pornoransom,.POSHKODER,.potato,.powerfulldecrypt,.powned,.pr0tect,.psh,.purge,.pzdc,.R.i.P, .R16M01D05,.R4A,.R5A,.RAD,.RADAMANT,.raid10,.ranranranran,.RANSOM,.RARE1,.razarac,.razy,.razy1337,.RDM,.rdm k,.Read_Me.Txt,.realfs0ciety,.rekt,.relock@qq_com,.remind,.REVENGE,.rip,.RMCM1,.rnsmwr,.rokku,.RRK,.RSNSloc ked,.RSplited,.rtyrtyrty,.ryp,.sage,.SALSA222,.sanction,.scl,.SecureCrypte,.SecureCrypted,.SERP,.serpent,.sg ood,.shifr,.shino,.shit,.sifreli,.Silent,.SKJDTHGHH,.slvpawned,.son,.sport,.sshxkej,.stn,.SUPERCRYPT,.surpr ise,.szesnl,.szf,.TheTrumpLockerf,.TheTrumpLockerp,.theva,.thor,.tmp.exe,.toxcrypt,.troyancoder@qq_com,.trun, .ttt,.tzu,.uDz2j8mv,.UIWIX,.uk-dealer@sigaint.org,.unavailable,.unbrecryptID,.usr0,.vault,.VBRANSOM,.vCrypt 1,.vdul,.velikasrbija,.Venusf,.venusp,.VforVendetta,.viki,.vindows,.vscrypt,.vvv,.vxLock,.wallet,.warn_walle t,.wcry,.WCRYT,.weareyourfriends,.weencedufiles,.wflx,.whatthefuck,.Where_my_files.txt,.Whereisyourfiles,.wincr y,.windows10,.wncry,.wncrypt,.wncryt,.wnry,.WORMKILLER@INDIA.COM.XTBL,.wowreadfordecryp,.wowwhereismyfiles,.WRN Y,.wuciwug,.WWW,.x0lzs3c,.x3m,.x3mpro,.XBTL,.xcrypt,.xncrypt,.xorist,.xort,.XRNT,.xrtn,.xtbl,.xxx,.xyz,. Yakes,.youransom,.yourransom,.YTBL,.Z81928819,.zc3791,.zcrypt,.zendr4,.zepto,.Zimbra,.ZINO,.zorro,.zXz,.zyc rypt,.zyklon,.zypto,.zzz,.Zzzz,.zzzzz,.кибер разветвитель,.암호화됨,.已加密,@gmailcom,@india.com,[cryptservice@ inbox.ru],[cryptsvc@mail.ru].,[lavandos@dr.com].wallet,_.rmd,_crypt,_help_instruct.,_HELPinstructions.html,* HOWDO_text.bmp,_HOWDO_text.html,_luck,_nullbyte,_READ_THISFILE_,recover.,_ryp,steaveiwalker@india.com, _WHAT_is.html,+recover+.,bingo@opensourcemail.org,cerber2,decipher,decrypt my file.,decrypt your file.,de cryptmyfiles.,drakosho_new@aol.com,EdgeLocker.exe,files_are_encrypted.,-filesencrypted.html,garryweber@protonm ail.ch,gmail.crypt,help_restore.,HERMES,how_to_recover.,info@kraken.cc_worldcza@email.cz,install_tor.,keem ail.me,maestro@pizzacrypts.info,opentoyou@india.com,qq_com,rec0ver.,-recover-.,recover_instruction.,recov er}-.,restore_fi.,ukr.net,want your files back.,warning-!!.,.~,@_USE_TOFIX.txt,@Please_Read_Me@.txt,@Wana Decryptor@.,@WARNING_FILES_ARE_ENCRYPTED..txt,[amanda_sofost@india.com].wallet,[KASISKI],_!!!README!!!*,!!!READM E!!!* .txt,_!!!README!!!*.hta,__HOWDOtext.html,README.hta,_README.jpg,_Adatok_visszaallitasahoz_utasitasok .txt,_DECRYPTINFO.html,_DECRYPT_INFO_szesnl.html,_H_e_l_p_RECOVER_INSTRUCTIONS.html,_H_e_l_p_RECOVER_INSTRUCTIONS.p ng,_H_e_l_p_RECOVER_INSTRUCTIONS.txt,_H_e_l_p_RECOVER_INSTRUCTIONS+.html,_H_e_l_p_RECOVER_INSTRUCTIONS+.png,_H_e_lp RECOVER_INSTRUCTIONS+.txt,_HELP_HELPHELP,_HELP_HELPHELP.hta,_HELP_HELPHELP.jpg,_help_instruct.,_HELP_instruc tions.bmp,_HELP_instructions.txt,_HELP_RecoverFiles.html,_how_recover.html]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File group added successfully. Adding/replacing File Group [CryptoBlockerGroup3] with monitored file [_how_recover.txt,_how_recover.txt,_how_recover+ .html,_how_recover+.txt,_HOW_TO_Decrypt.bmp,_HOWDO_text.html,_Locky_recover_instructions.bmp,_Locky_recover_instruction s.txt,_READ_THI$FILE,README.hta,README.hta,_RECOVER_INSTRUCTIONS.ini,_ryp,_secret_code.txt,_WHAT_is.html,0HELP DECRYPT_FILES.HTM,000-IF-YOU-WANT-DEC-FILES.html,000-No-PROBLEM-WE-DEC-FILES.html,000-PLEASE-READ-WE-HELP.html,001-READ- FOR-DECRYPT-FILES.html,009-READ-FOR-DECCCC-FILESSS.html,4-14-2016-INFECTION.TXT,About_Files.txt,Aescrypt.exe,AllFilesAre Locked.bmp,ASSISTANCE_IN_RECOVERY.txt,ATLAS_FILES.txt,ATTENTION!!!.txt,ATTENTION.url,bahij2@india.com,BitCryptorFileLis t.txt,BTC_DECRYPT_FILES.txt,BUYUNLOCKCODE,BUYUNLOCKCODE.txt,C-email--.odcodc,Coin.Locker.txt,COME_RIPRISTINARE_I_FILE. ,Comment débloquer mes fichiers.txt,Como descriptografar seus arquivos.txt,COMO_ABRIR_ARQUIVOS.txt,COMO_RESTAURAR_ARCHI VOS.html,COMO_RESTAURAR_ARCHIVOS.txt,confirmation.key,crjoker.html,cryptinfo.txt,cryptolocker.,CryptoRansomware.exe,Cry tp0l0cker.dll,Crytp0l0cker.exe,Crytp0l0cker.Upack.dll,Cversions.2.db,Cyber SpLiTTer Vbs.exe,DALE_FILES.TXT,damage@india. com,de_crypt_readme.,de_crypt_readme.bmp,de_crypt_readme.html,de_crypt_readme.txt,decipher_ne@outlook.com,Decrypt All Files .bmp,decrypt explanations.html,decrypt_Globe.exe,DECRYPT_INFO.txt,DECRYPT_INFORMATION.html,decrypt_instruct., DECRYPT_INSTRUCTION.HTML,DECRYPT_INSTRUCTION.TXT,DECRYPT_INSTRUCTION.URL,DECRYPT_INSTRUCTIONS.html,DECRYPT_INSTRUCTIONS. TXT,DECRYPT_ReadMe.TXT,DECRYPT_Readme.TXT.ReadMe,DECRYPT_ReadMe1.TXT,DECRYPT_YOUR_FILES.HTML,DECRYPT_YOUR_FILES.txt,Decr yptAllFiles.txt,DecryptAllFiles.txt,decrypted_files.dat,DecryptFile.txt,decrypt-instruct.,DECRYPTION INSTRUCTIONS.txt ,DECRYPTION_HOWTO.Notepad,decypt_your_files.html,default32643264.bmp,default432643264.jpg,DESIFROVANIPOKYNY.html,Deskto pOsiris.*,DesktopOsiris.htm,DOSYALARINIZA ULAŞMAK İÇİN AÇINIZ.html,EMAIL_recipient.zip,email-salazar_slytherin10@yahoo .com.ver-.id--.randomname-,email-vpupkin3@aol.com,enc_files.txt,encryptor_raas_readme_liesmich.txt,enigma.hta,enigm a_encr.txt,ENTSCHLUSSELNHINWEISE.html,exit.hhr.obleep,fattura.js,File Decrypt Help.html,file0locked.js,FILES_BACK.txt ,FILESAREGONE.TXT,firstransomware.exe,GetYouFiles.txt,GJENOPPRETTING_AV_FILER.html,GJENOPPRETTING_AV_FILER.txt,Hacked_Re ad_me_to_decrypt_files.html,HELLOTHERE.TXT,Help Decrypt.html,help_decrypt.,HELP_DECRYPT.HTML,HELP_DECRYPT.lnk,HELP_DEC RYPT.PNG,Help_Decrypt.txt,HELP_DECRYPT.URL,help_decrypt_your_files.html,helpfile.,help_instructions.,HELP_ME_PLEASE .txt,help_recover.,HELP_RECOVER_FILES.txt,help_recover_instructions.bmp,help_recover_instructions.html,helprecover instructions.txt,help_recover_instructions+.BMP,help_recover_instructions+.html,help_recover_instructions+.txt,help_ restore.,HELP_RESTORE_FILES.txt,HELP_RESTOREFILES.,HELP_RESTOREFILES.TXT,HELP_TO_DECRYPT_YOUR_FILES.txt,HELP_TO _SAVE_FILES.bmp,HELP_TO_SAVE_FILES.txt,help_your_file.,HELP_YOUR_FILES.html,HELP_YOUR_FILES.PNG,HELP_YOUR_FILES.TXT,HE LP_YOURFILES.HTML,HELPDECRYPT.TXT,HELPDECYPRT_YOUR_FILES.HTML,help-file-decrypt.enc,HELP-ME-ENCED-FILES.html,How decrypt files.hta,How Decrypt My Files.lnk,how to decrypt aes files.lnk,HOW TO DECRYPT FILES.HTML,HOW TO DECRYPT FILES.txt,How to decrypt LeChiffre files.html,How to decrypt your data.txt,How to decrypt your files.jpg,How to decrypt your files.txt ,how to decrypt.,How to get data back.txt,how to get data.txt,How to restore files.hta,how_decrypt.gif,HOW_DECRYPT.HTM L,HOW_DECRYPT.TXT,HOW_DECRYPT.URL,How_Decrypt_My_Files,HOW_OPEN_FILES.hta,how_recover.,HOW_RETURN_FILES.TXT,how_to_dec rypt.,HOW_TO_DECRYPT.HTML,HOW_TO_DECRYPT_FILES.html,HOW_TO_DECRYPT_FILES.TXT,How_to_decrypt_your_files.jpg,HOW_TOFIX !.TXT,how_to_recover.,How_To_Recover_Files.txt,How_to_restore_files.hta,HOW_TO_RESTORE_FILES.html,HOW_TO_RESTORE_FILES .txt,HOW_TO_RESTORE_YOUR_DATA.html,how_to_unlock.,HOW_TO_UNLOCK_FILESREADME.txt,HowDecrypt.gif,HowDecrypt.txt,howre cover+.txt,howto_recover_file.txt,HOWTO_RECOVERFILES.,HOWTO_RECOVERFILES.TXT]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File group added successfully. Adding/replacing File Group [CryptoBlockerGroup4] with monitored file [howto_restore.,Howto_RESTORE_FILES.html,Howto_R estore_FILES.TXT,howtodecrypt.,howtodecryptaesfiles.txt,HOW-TO-DECRYPT-FILES.HTML,HowtoRESTORE_FILES.txt,HUR_DEKRYPTER A_FILER.html,HUR_DEKRYPTERA_FILER.txt,HVORDAN_DU_GENDANNER_FILER.html,HVORDAN_DU_GENDANNER_FILER.txt,HWID Lock.exe,IAMRE ADYTOPAY.TXT,IF_WANT_FILES_BACK_PLS_READ.html,IHAVEYOURSECRET.KEY,IMPORTANT READ ME.txt,Important!.txt,IMPORTANT.README, install_tor.,INSTALL_TOR.URL,INSTRUCCIONES.txt,INSTRUCCIONES_DESCIFRADO.html,INSTRUCCIONES_DESCIFRADO.TXT,INSTRUCTION RESTORE FILE.TXT,INSTRUCTION_FOR_HELPING_FILE_RECOVERY.txt,Instructionaga.txt,INSTRUCTIONS_DE_DECRYPTAGE.html,ISTRUZIONI _DECRITTAZIONE.html,KryptoLocker_README.txt,last_chance.txt,lblBitcoinInfoMain.txt,lblFinallyText.txt,lblMain.txt,LEER_I NMEDIATAMENTE.txt,locked.bmp,loptr-.htm,maxcrypt.bmp,MENSAGEM.txt,MERRY_I_LOVE_YOU_BRUCE.hta,message.txt,NFS-e1025-715 2.exe,NOTE;!!!-ODZYSKAJ-PLIKI-!!!.TXT,OKSOWATHAPPENDTOYOURFILES.TXT,OKU.TXT,ONTSLEUTELINGS_INSTRUCTIES.html,oor.,OSIRIS -.,OSIRIS-.htm,PadCrypt.exe,padcryptUninstaller.exe,paycrypt.bmp,Payment_Advice.mht,Payment_Instructions.jpg,PAYMENT- INSTRUCTIONS.TXT,PLEASE-READIT-IF_YOU-WANT.html,popcorn_time.exe,pronk.txt,qwer.html,qwer2.html,Rans0m_N0te_Read_ME.txt, ransomed.html,READ IF YOU WANT YOUR FILES BACK.html,Read Me (How Decrypt) !!!!.txt,READ ME ABOUT DECRYPTION.txt,READ ME FOR DECRYPT.txt,READ TO UNLOCK FILES.salsa..html,Read.txt,READ@My.txt,READ_IT.txt,READ_IT_FOR_GET_YOUR_FILE.txt,README !.txt,READ_ME_TO_DECRYPT_YOU_INFORMA.jjj,Read_this_file.txt,READ_THIS_TO_DECRYPT.html,ReadDecryptFilesHere.txt,README H OW TO DECRYPT YOUR FILES.HTML,README!!!.txt,readme.hta,readme_decrypt.,ReadME_DecryptHelp.html,README_DECRYPT_HYDRA ID.txt,README_DECRYPT_HYRDAID.txt,README_DECRYPT_UMBREID.jpg,README_DECRYPT_UMBREID.txt,readme_for_decrypt. ,README_HOW_TO_UNLOCK.HTML,README_HOW_TO_UNLOCK.TXT,readme_liesmich_encryptor_raas.txt,README_RECOVERFILES.html,READ ME_RECOVERFILES.png,README_RECOVERFILES.txt,README_TO_RECURE_YOUR_FILES.txt,READ-READ-READ.html,READTHISNOW!!!.TXT ,Receipt.exe,recover.bmp,recover.txt,recoverfile.txt,RECOVERY_FILE.txt,recovery_file.txt,RECOVERY_FILES.txt,recovery_k ey.txt,recovery+.,Recovery+.html,Recovery+.txt,recoveryfile.txt,Recupere seus arquivos aqui.txt,redchip2.exe,RESTOR E_CORUPTED_FILES.HTML,RESTORE_FILES.HTML,restore_files.txt,RESTOREFILES.,RESTOREFILES.txt,RESTORE-12345-FILES.TXT ,restorefiles.txt,rtext.txt,Runsome.exe,Sarah_G@ausi.com___,SECRET.KEY,SECRETIDHERE.KEY,SHTODELATVAM.txt,SIFRE_COZME_TA LIMATI.html,strongcrypt.bmp,Survey Locker.exe,svchosd.exe,t.wry,taskdl.exe,taskhsvc.exe,tasksche.exe,taskse.exe,ThxForYu rTyme.txt,tor.exe,tox.html,TRY-READ-ME-TO-DEC.html,UnblockFiles.vbs,unCrypte@outlook.com,UNLOCK_FILES_INSTRUCTIONS.html ,UNLOCK_FILESINSTRUCTIONS.txt,Vape Launcher.exe,vault.hta,vault.key,vault.txt,VictemKey_,VIP72.exe,Wannacry.exe,Wann aCrypt 4.0.exe,wcry.exe,wcry.zip,WE-MUST-DEC-FILES.html,What happen to my files.txt,WHERE-YOUR-FILES.html,wie_zum_Wieder herstellen_von_Dateien.txt,winclwp.jpg,WindowsApplication1.exe,xort.txt,YOUGOTHACKED.TXT,Your files are locked !!!!.txt, Your files are locked !!!.txt,Your files are locked !!.txt,Your files are locked !.txt,Your files encrypted by our frien ds !!! txt,Your files encrypted by our friends !!!.txt,YOUR_FILES.HTML,YOUR_FILES.url,YOUR_FILES_ARE_DEAD.hta,YOUR_FILES _ARE_ENCRYPTED.HTML,YOUR_FILES_ARE_ENCRYPTED.TXT,YOUR_FILES_ARE_LOCKED.txt,YourID.txt,zcrypt.exe,ZINO_NOTE.TXT,zXz.html, zycrypt.,zzzzzzzzzzzzzzzzzyyy,КАК_РАСШИФРОВАТЬ_ФАЙЛЫ.txt]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File group added successfully. Adding/replacing File Screen Template [CryptoBlockerTemplate] with Event Notification [] and Command Notification []..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

Template added successfully. Adding/replacing File Screens.. Adding/replacing File Screen for [C:] with Source Template [CryptoBlockerTemplate]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File screen successfully created for "C:\". Adding/replacing File Screen for [D:] with Source Template [CryptoBlockerTemplate]..

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File screen deleted successfully.

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

File screen successfully created for "D:\".

PS C:\Users\administrator.test\Desktop\CryptoBlocker-master>

chrisloup commented 7 years ago

This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in t he FileServerResourceManager module to administer File Server Resource Manager functionality.

^^^ this deprecation error also exists in 2012, ie: if you fix it for 2012, you'll fix it for future win2016+ server editions.

davidande commented 7 years ago

Check my script: FSRM_NoCrypto_2016.ps1 https://github.com/davidande/FSRM-ANTICRYPTO You will find what You need

gma commented 1 year ago

Any chance somebody could close this? It's showing up in my issues list, presumably because somebody @-mentioned me by accident when pasting output into a comment.