search

nexxai / CryptoBlocker

A script to deploy File Server Resource Manager and associated scripts to block infected users
GNU General Public License v2.0
200 stars 73 forks source link

Started to recieved an Import Error #79

Closed JackRegan closed 5 years ago

JackRegan commented 5 years ago

Looks like something changed in the download file 20/21 May.

Have started to get 0x80070057, The parameter is incorrect. on the Set-FsrmFileGroup command.

I keep all the historical files. The file from 19th May works with no errors.

Data still inputs so looks like something odd in the txt download.

Anyone else got this? ..

nexxai commented 5 years ago

Can you diff the two files and provide the results here?

JackRegan commented 5 years ago

Between 19th and todays file :

    !!!instruction_rnsmw!!!.txt
    !instructi0ns!.txt
    !qh24_info!.rtf
    *. robbinhood
    *.+jabber-theone@safetyjabber.com
    *.4k
    *.666decrypt666
    *.[bitcharity@protonmail.com].com
    *.[blellockr@godzym.me].bkc
    *.[costelloh@aol.com].phoenix
    *.[crypt1style@aol.com].mers
    *.[donovantudor@aol.com].bat
    *.[enigma1crypt@aol.com].eth
    *.[epta.mcold@gmail.com],
    *.[id-xxxxxxxxx][remarkpaul77@cock.li].jsworm>ransom
    *.[sssdkvnsdfitd]
    *.[sssdkvnsdfitd]>ransom
    *.[starcrypt@tutanota.com].omerta
    *.[w_unblock24@qq.com].ws
    *.[zoro4747@gmx.de].zoro
    *.aa1
    *.aes128ctr
    *.berost
    *.bkc
    *.bmn63
    *.bmn63!ransom
    *.bufas
    *.carcn
    *.cheetah
    *.codnat
    *.codnat!ransom
    *.codnat1
    *.codnet
    *.codnet1
    *.condat
    *.ddos
    *.docm
    *.docm!demonstration
    *.docm!ransom
    *.dotmap
    *.drweb
    *.dutan
    *.enc_robbinhood
    *.ezdz
    *.fedasot
    *.ferosas
    *.forasom
    *.fordan
    *.fordan!ransom
    *.fredd
    *.ge010gic
    *.ge0l0gic
    *.ge0l0gic!
    *.ge0l0gic_readme.txt
    *.ggghjmngfd
    *.grovat
    *.guesswho!ransom
    *.hceem
    *.hceem!ransom
    *.hofos
    *.hrosas
    *.hrosas!ransom
    *.id-.[enigma1crypt@aol.com].eth.
    *.id-92ddb5dc.[enigma1crypt@aol.com].eth.
    *.id-[********].[donovantudor@aol.com].bat
    *.id-xxxxxxx.[crypt1style@aol.com].mers>ransom
    *.id-xxxxxxxx.[bitcharity@protonmail.com].com!ransom
    *.id[xxxxxxxx-0001].[costelloh@aol.com].phoenix!ransom
    *.igami!ransom
    *.jack
    *.jzphmsfs
    *.ke3q
    *.kes$
    *.kiratos
    *.lockhelp@qq.gate
    *.major.ransom
    *.mamba
    *.mars
    *.mers
    *.mira
    *.ms13
    *.n7ys81w
    *.navi
    *.nhcr
    *.non
    *.non!ransom
    *.onyc
    *.oookjyhctvdf
    *.open_readme.txt.ke3q
    *.pig4444
    *.pig4444!ransom
    *.plut
    *.prodecryptor
    *.prodecryptor!ransom
    *.qbix
    *.qbtex
    *.qh24
    *.radman
    *.recry1
    *.refols
    *.robinhood!ransom
    *.roldat
    *.sarut
    *.sarut!ransom
    *.todarius
    *.todarius!ransom
    *.vally
    *.wal
    *.xxxxx!ransom
    *.yg
    *.yum
    *.zoro
    *.ztsysjz
    *.{killback@protonmail.com}kbk
    *.{killback@protonmail.com}kbk!ransom
    *[remarkpaul77@cock.li].jsworm
    *decryptoroperator@qq.com
    *ymayka-email@yahoo.com.cryptotes
    .codnat
    .codnat1
    .eth
    .jack
    .nampohyu
    .non
    .plut
    [+]
    [lockhelp@qq.com].gate
    _crypted_readme.html
    decrypt-files.html
    decryptyourdata@qq.com
    howtobackfiles.txt
    instructions with your files.txt
    locked.*
    not
    note
    note:
    ransom
    read_me.mars
    readme-prodecryptor@gmail.com.txt
    restore_hceem_data.txt
    инструкция по расшифровке.txt

I'm going to start working through and see which is the issue. I assume no-one else is having import issues ..

JackRegan commented 5 years ago

it's this entry causing the error

note:

Which looks to be coming from a file merge process in the script. So not a source problem.

Appologies

nexxai commented 5 years ago

@JackRegan No problem - I just wanted to make sure we weren't actually sending bad data out. Thanks for clarifying!