Thread replies: 318
Thread images: 59
Thread images: 59
File: Wana Decrypt0r 2.0 WanaCry_Avast.jpg (138KB, 960x715px) Image search:
[Google]
138KB, 960x715px
Save as SMB1_disable.reg and run:Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"SMB1"=dword:00000000
Run these commands in an elevated command prompt:sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
restart
> How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
Make sure your ports are stealth:
https://www.grc.com/shieldsup
Update:
http://forum.oszone.net/thread-257198.html
http://www.wsusoffline.net/
(neither of these methods contain any telemetry or GWX related updates)
>>
File: 1478657737384.gif (2MB, 709x625px) Image search:
[Google]
2MB, 709x625px
>>60384898
>Femanon
>>
>>60384898
Do NOT do this. It literally creates the ransomware on your pc
>>
>>60384941
>not wanting to be a part of the experience
>>
>>60384898
>Run these commands in an elevated command prompt:
Do you really need to block the client?
>>
>>60385000
Yes. If you have any use for the SMB1 protocol the keep it enabled, otherwise disable it. By default it's disabled in W10 altogether, so you should be fine.
>>
Thanks babe.
>>
File: 1494353748492.jpg (88KB, 748x810px) Image search:
[Google]
88KB, 748x810px
>Using wangblows
>>
>windows
>command prompt
Why can't I just click some icon
>>
>>60385067
Save as .bat (each individual line as different .bat file) then right click on it and select run as admin.
>>
>>60385099
h-how
>>
>>60385099
will you be my mommy today?
>>
>>60384898
I use SMBv1 without a password, for compatibility with my retro shitboxes.
>>
>>60385104
paste in Notepad the first line, save as, name it 1.bat
paste in Notepad the second line, save as, name it 2.bat
run 1.bat
run 2.bat
restart
>>
>>60385142
Then make sure your router's ports aren't open and maybe update.
>>
File: 1399402966929.jpg (184KB, 1320x666px) Image search:
[Google]
184KB, 1320x666px
>>60385104
>START C:\Windows\NOTEPAD.EXE
>sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
>save as .bat
>START C:\Windows\NOTEPAD.EXE
>sc.exe config mrxsmb10 start= disabled
>save as .bat
>click stuff
>>
>>60385152
Well, I doubt I'd be posting here if if I didn't know that?
Thanks for trying to educate /g/ btw, but most will take it as bait anyways.
>>
>>60385144
>>60385156
Thank you. I feels like a hacker now
>>
>>60384898
i dont even have any SMB stuff in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters or in win features what do?
>>
>>60384927
He either uses that name to trigger autists, or shes an actual female whoring for attention because shes a female
Both equally disrespectable, at least its easy to filter
>>
>>60385439
Why aren't you on 10?
>>
>>60385554
cuz it just werkz
>>
>>60385439
Read OP post.
>>60385554
>10
Piece of trash.
>>
>>60385611
Hi MS.
>>
>>60384898
>not just disabling incoming connections
>not simply updating your system, since MS fixed this in march
kill yourself.
>>
>>60385722
SMBv1 is old and outdated, you might as well get rid of it. XP-era legacy, nothing modern uses it anymore. It's only a matter of time until new exploits will be found.
>>
>>60385439
In elevated PowerShell:Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
>>
>>60384898
needs javascript for ms site
>>
File: 4d442ba2-8fe1-488e-a727-5e631c170e66..jpg (37KB, 520x480px) Image search:
[Google]
37KB, 520x480px
>>60384898
10-Q QTπ
>>
>>60384927
It's a Russian dude, just namewhoring.
>>
Too complicate accidentally detected system32 and the computer crashed. Can I get my data back or do I have to buy a mac? Can their cloud backup my stuff? It's important pls.
>>
>>60386618
You don't need to visit it, I posted how to disable SMB1
>>60386626
You're welcome (:
>>
http://iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/
>>
>>60386453
not working
>>
>>60384898
SMB2 is vulnerable too.
Just get rid of windows.
>>
>>60387321
>>60387576
>>
Just go behind a router and run windows update you spergs, you don't need to fuck around in the registry and if you cared what services your computer was running in the background you wouldn't be running windows anyhow.
>>
>>60387703
Visit the link, it's not malicious but it is related to the topic.
>>
File: totalprofit.png (13KB, 564x406px) Image search:
[Google]
13KB, 564x406px
>>60384898
https://pastebin.com/JZHZkyWe
Check Profit
>>
File: download.jpg (14KB, 250x250px) Image search:
[Google]
14KB, 250x250px
>>60387793
>>
>>60387683
Or... just install a proper firewall that blocks unsolicited incoming connections.
>>
>>60387861
Or... just get rid of windows and save yourself from the future botnets.
>>
>>60387834
You don't have to but I'm telling ya, you will be shocked.
>>
>>60385013
A client's system has Windows 10, I had to disable it via control panel. Unchecked SMBv1 from Windows Features
>>
>>60384927
>Prototyperaptor - Timeless
>>
>>60387964
>Windows Features
It does not have different versions of SMB listed in Windows Features you sperg
>>
>>60388283
SMBv1 is listed separately in Windows features, actually. SMBv2 and SMBv3 aren't, but those must both be disabled together because they depend on eachother.
>>
File: 3iuy8ye8.jpg (66KB, 490x367px) Image search:
[Google]
66KB, 490x367px
>>60384898
>Grandma has her daily login set as standard or limited user.
>Grandma's old router has the most up to date ddwrt, tomato or openwrt on it.
>Grandma checks files she wants to open on the internet by searching.
>Grandma uses alt +f4 to close out weird windows.
>Grandma disconnects from the internet by literally unplugging the cables to the modem if alt +f4 does not work.
Good job Grandma!
>>
File: 1456905711444.jpg (25KB, 512x397px) Image search:
[Google]
25KB, 512x397px
>>60384898
>http://forum.oszone.net/thread-257198.html
>most important link
>it's all in russian
am I being rused?
>>
>>60384898
>do this
>can no longer access router page
fug
guess it needed smb1
>>
File: 1484620340006.png (17KB, 882x758px) Image search:
[Google]
17KB, 882x758px
Please someone tell the name of the damn update that I need to install to prevent this.
JUST
THE
NAME
I've read already 15 blogs none of them mentions it, what the fuck is wrong with people.
>>
>>60388903
Are you on Windows 7? Then it's kb4012212
If you're on an another version then the update will have a different number.
>>
>>60388996
Win7 yes, thanks I'll try that.
>>
can't you just deep freeze this shit?
>>
>>60388996
which one is for 8.1?
>>
>SMB is used heavily by the servers at work
What do?
>>
>>60389286
If they are modern Windows servers and the clients are at least Windows Vista, you don't even need SMBv1.
>>
>>60389275
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
>>
>>60389286
Definitely not SMBv1. That's XP-era technology.
>>
>>60385439
rightclick->new->dword->name it SMB1->set it to 0
>>
So how exactly is this getting onto affected targets? Is it just a spontaneous outside attack of some sort, or is it user-instigated?
>>
>>60387661
It's for Windows 10
>>
>>60392498
Unpatched PC game servers are spreading it among other things.
>>
>>60384898
i got all ports as stealth and i am the only windows user in my network, am i secure enough?
>>
>>60385133
Yes, sweetie. Take off your pants.
>>
Fat fuck work colleague purposefully fucked his own pc so he can dodge work.Wish I had his autism.
>>
File: 0R03WIk.jpg (179KB, 600x489px) Image search:
[Google]
179KB, 600x489px
>>60384898
thanks femanon
>>
>>60384898
what's the point of running the commands if you already disabled it in the registry?
also i fail the grc ping reply. what can i do to pass it?
>>
>>60393398
>Wish I had his autism.
https://anonfile.com/D80eF7bab6/_WanaDecryptor_.exe
Don't forget to block the sinkhole server.
>>
File: ohshit.jpg (41KB, 980x511px) Image search:
[Google]
41KB, 980x511px
>>60384898
win10 here, commands denied
wat do i do now? DDDD:
>>
>>60393550
Run cmd as an Administrator
>>
>>60393581
thanks anon totally forgot about that :DDDD
>>
>>60391996
This enough ?
>>
>>60385013
SMB1 is not disabled by default on W10
I literally just had to disable mine hours ago
>>
>>60393492
THere's both client and server for SMB. You only disable server through regedit.
>>60393688
No? I thought it was.
>>
>>60393749
Both my W10 Pro machines had it enabled
>>
>>60385554
Because is garbage and microsoft refuses to listen to their costumers. They dont want people to have control over their os and they dont let you completely opt out of their data mining.
>>
Just update for christ sake are you retarded? This was patched monthes ago
>>
>>60394118
No its not patched months ago you stupid nigger.
I have two W10 PCs on auto-update and SMB1 was open and active.
kys
>>
>>60387887
>Implying the majority of bots aren't running some flavor of linux
>>
Jesus Christ thank you, I feel much safer now.
I still have one problem though, my Windows LTSB keeps saying it's not activated.
How do I activate its almonds?
>>
File: 1361424133946.jpg (25KB, 441x515px) Image search:
[Google]
25KB, 441x515px
>disable SMB1
>install windows 7 updates for first time since August 2015
>android phone and tablet can no longer access PC shared files over LAN
>>
>>60394637
http://www106.zippyshare.com/v/pYCad1fv/file.html
https://forums.mydigitallife.info/threads/microsoft-toolkit-official-kms-solution-for-microsoft-products.28669/
>>
>>60394771
Android does not use SMBv1, you fucked up something else there.
>>
>>60393688
>>60393773
>>60394160
_SMBv1_ IS DISABLED by default, you are mixing something up here.
SMB in general is not though, you might be thinking of that.
>>
File: Screenshot_20170514-010238.png (694KB, 1440x2560px) Image search:
[Google]
694KB, 1440x2560px
>>60385013
>>>60385000
> By default it's disabled in W10 altogether, so you should be fine.
>>
>>60384898
Wait, running WSUS Offline only downloads all the good updates?
So all the updates to avoid posted on http://forums.pixeltailgames.com/t/windows-7-8-windows-updates-to-avoid-telemetry/9977 are NOT in this? So this is possibly the best way to update Windows 7???
>>
>>60394923
Tested this in a VM
So this basically lets you use windows 10 for 180 days before it starts nagging you huh
>>
>>60395820
Learn to read, shitstain!
>>
>>60395061
Then why is windows 10 susceptible to this? Why even release a patch for it for windows 10? All versions of Windows 10 can get this, except 1703 which had the patch built in.
>>
>>60395893
>(neither of these methods contain any telemetry or GWX related updates)
I read that, but is there a file in here that's telling the program which update files to avoid pulling from the servers? I'd just like to be able to see that file/list for myself.
>>
>>60395966
Seriously, is this whole WSUS thing pulling updates from Windows official or is it a private server maintained by people who know which updates are bad?
I mean, there's an "exclude" folder with a text file labeled "ExcludeList", but in it is a list of files for updates like Office and Windows 10 and things I don't have. None of it mentions the list of things from pixeltailgames.
Can I just add them to this list to be doubly sure that it's not installing the bad updates?
>>
does a computer that's not up to date pose a risk to a computer on the same network that is up to date?
>>
>>60395027
Is it app-dependent, or OS-wide? I use ES File Explorer Pro.
>>
File: 1268181956597.jpg (76KB, 548x438px) Image search:
[Google]
76KB, 548x438px
>>60396391
For fuck's sake, someone.
WSUS Offline updates.
No telemetry bullshit?
Answer.
Please.
>>
File: aceca2a9241da737ecb5f1c298de1d93.png (172KB, 449x336px) Image search:
[Google]
172KB, 449x336px
>>60396936
AHHHHHHHHHHHHHHHHHHhhhhhhhh
>>
>>60395877
That's how kms activation works. Can be redone for an infinite amount of times
>>60395820
>Wait, running WSUS Offline only downloads all the good updates?
Yes, I tested.
Neither of these were pulled
get-hotfix -id KB971033,KB2902907,KB2922324,KB2952664,KB2976978,KB2977759,KB2990214,KB3012973,KB3014460,KB3015249,KB3021917,KB3022345,KB3035583,KB3044374,KB3050265,KB3050267,KB3065987,KB3068708,KB3072318,KB3075249,KB3075851,KB3075853,KB3080149,KB3123862,KB3150513,KB3139923,KB3081954
>>60396391
>is this whole WSUS thing pulling updates from Windows official
yes
>>
File: _hyax0rsz.jpg (18KB, 1478x75px) Image search:
[Google]
18KB, 1478x75px
>>
How do you disable SMB on XP?
>>
>>60398997
>XP
Download the newest patch Microsoft put up.
Pretty sure that fixes it.
>>
>>60396542
this
>>
>>60399032
I'm not going to install anything from Microsoft.
>>
>>60399062
lmao
>>
File: hqdefault.jpg (15KB, 480x360px) Image search:
[Google]
15KB, 480x360px
>>60399062
>"I'm not going to install anything from Microsoft."
>Has Windows XP installed
>>
>>60399077
Why is that funny? I don't trust them.
>>
File: Windows 10 tcpdump.webm (3MB, 1280x648px) Image search:
[Google]
3MB, 1280x648px
>>60384898
>unironically using a backdoored OS
kys winfags
>>
File: 1486175376340.jpg (106KB, 1280x720px) Image search:
[Google]
106KB, 1280x720px
>>60399062
>>
>>60399108
Past/present.
>>
>>60399113
>>60399153
Congratulations, you're still retarded.
>>
>>60399166
How old are you?
>>
File: capture.png (16KB, 412x370px) Image search:
[Google]
16KB, 412x370px
Default is disabled they say.
>>
>>60395061
smbv1 isn't actually disabled by default yet. It will be soon, though.
>>
>>60399471
https://twitter.com/NerdPyle/status/863297941930246145
>>
File: 1483959075961.png (74KB, 286x312px) Image search:
[Google]
74KB, 286x312px
>>60399493
>You are talking about SMB1. Which is older than you are.
>>
File: botnet.jpg (132KB, 500x647px) Image search:
[Google]
132KB, 500x647px
>>60399145
You idiots using Windows, you are using an already backoored OS you niggers >>>/wsg/1688307
>>
>>60385152
>and maybe update.
>plot twist
>the update servers were running a vulnerable samba and now all updates are infected too
>updating ANYTHING will now infect you with wcrypt
>>
>windows server
ok that's nice, let us know when you're done playing with your toys.
>>
>>60399471
Yeah turned off mine and my moms.
>>
>>60385144
This literally doesnt work. The notepad files simply dont convert to executable files. Ands no theyre not being saved as xxxx.bat.txt
>>
>>60384898
>/g/ fem
no its always a larping tranny
>>
Okay, so I have a Windows Server 2003 I need to fix. Is there a patch to fix it yet?
>>
File: 1398065283252.jpg (109KB, 460x553px) Image search:
[Google]
109KB, 460x553px
How do i know if I am infected?
>>
File: tfw youre next.jpg (278KB, 969x883px) Image search:
[Google]
278KB, 969x883px
How do I hide ports on a zyxel router? They show up as "closed" and in the settings there's only an option to forward them.
>>
Is there a big list of Win7 updates I shouldn't install / remove? I'd rather not have telemetry shit
>>
>>60400144
Are you kidding?
Has a big red dialog box popped up telling you that your files are encrypted and to get fucked pay 300 dollars, yet?
If not, then you're not infected. Fix yourself anyway.
>>
>>60400144
What are you, Retarded or something?
>>60400148
Get out faggot
>>60400155
Checked
>>
>>60400168
updooted :DDD
>>
>>60400196
Yes
>>
>>60400152
I don't know te hee
>>
File: 1306913541634.jpg (12KB, 185x301px) Image search:
[Google]
12KB, 185x301px
>>60400155
>>60400168
I... I... expected the virus to be dormant in my machine before popping up
Beside common sense what can I do to be safe? I'm kind of alarmed because I use lots of direct download sites but ublock and the like have kept me safe so far.
>>
>>60400258
Install the fix.
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212
Then disable SMB1
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
>>
>>60399925
>has "Hide known file extensions" enabled
>doesn't notice that only the supposedly .bat files are showing their extension
>says it doesn't work
>>
If my pc is the only one in my network and i dont check emails or download shit from the Internet can i still get infected? I also don't have any ports open
>>
>>60400328
It's not likely, get patched anyway.
>>
File: your face when choose face when 2.jpg (415KB, 1575x899px) Image search:
[Google]
415KB, 1575x899px
>>60400258
Dude, it happens very quickly. There's no point in ransomware that lurks in your ocmputer for ages. It would risk being detected and removed. The whole point is to cripple your files to extort money.
I wonder how many normies have lost all the photos they've had of their children because of ransomware...
>>
>>60400346
Im running a pirated win 7 and i have been checking for updates for 5 hours in windows updater and it hasnt found any updates from around march
>>
>>60400382
Here's the problem with checking in the updater: If you wait too long, it has to get all the update stacks from previous years. This could literally take hours or days as it sifts through thousands of updates.
Instead, just get this standalone and run it. You can sleep easy after that:
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212
And then get a standalone updater so you can keep updated and not worry about this shit:
http://download.wsusoffline.net/
>>
>>60400442
Thanks man sorry for bothering you guys with my retardness but im not really good at this whole security stuff i just thought blocking ports and firewall would be enough
>>
>>60400490
It is usually, in fact if you just block incoming 445 in this instance; you'll be mostly safe.
That said, you should still apply the fix.
>>
>>60400380
there was like 22k dollarydoos in payments last reported
>>
Please support my patreon
>>
>>60400561
post ur blockchain qt ;)
>>
>>60387576
Clicked, nothing happened...just a dead page.
>>
File: 1460915641250.png (56KB, 244x262px) Image search:
[Google]
56KB, 244x262px
>>60400601
it's the address that the malware uses to shut itself down if it's responding because it thinks it's in a sandbox enviro, some guy found out, registered it and is now internet famous
ya dingus
>>
>>60400561
r
u
a
gril?
>>
File: 1467317409999.jpg (173KB, 688x1032px) Image search:
[Google]
173KB, 688x1032px
I can't find SMB1 and 2 on the resgistry
What does that mean?
>>
>>60400803
You're not looking in the right place.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters <-- Go to this key/folder in regedit.
>>
File: medium.jpg (8KB, 64x64px) Image search:
[Google]
8KB, 64x64px
>>60400803
It means you are falling for /g/ memes.
>>
File: bad things.png (66KB, 1441x758px) Image search:
[Google]
66KB, 1441x758px
>>60400838
>>60400849
been there, done that
>>
>>60400803
Just do the registry add described here:
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
The Powershell part is the quickest way. Run Powershell as admin obviously.
>>
>>60401006
>Windows 10
Oh, it's not even in that anymore.
>>
>>60401006
Pretty sure you need to create a new DWORD named SMB and SMBv1 and set the value to 0
After that, restart your computer.
>>
If anyone falls for this they deserve what's coming to them.
>>
>>60384898
I use SMB daily, fuck off, just update your os daily you morons
>>
File: 0116128e9808d6ef4a18ebc475fc628f.png (368KB, 800x800px) Image search:
[Google]
368KB, 800x800px
decided to just do it and turn on PaX already
no issues so far save for virtualbox freezing and ffmpeg needing a flag change
it is comfy here in linux land
>>
>>60399113
>Why is that funny? I don't trust them.
Yet you run Windows. Don't patch then. Common sense got you this far. All malware are memes. None of them do real stuffs.
>>
File: MinotauroVsSucy.png (1MB, 1088x620px) Image search:
[Google]
1MB, 1088x620px
>>60400668
A very cheap solution.
But it worked.
>>
anyone have the full text of the popup? Im wondering how it figures out when a person sends btc...
>>
>>60395909
Because smb2 is also a vulnerability
>>
disables it through power shell
am i saved?
>>
>>60388593
Wow I wish my granddad had l33t sk1ll5 like this.
>>
>>60393509
Just the url string being there makes me anxious. Sort of like standing next to a long drop.
>>
File: i am the famous hacker known as 4chan.png (23KB, 869x635px) Image search:
[Google]
23KB, 869x635px
>>60402861
forgot pic
>>
>>60384898
Is version 1703 + bitdefender + malwarebytes enough to defend myself from these ransomwares?
Should I bother disable smb1?
>>
>>60401006
EDITOR DEL REGISTRO
>>
>>60403122
Equipo
>>
>>60402938
>Is version 1703 + bitdefender + malwarebytes enough to defend myself from these ransomwares?
No.
>>
why not just block inbound tcp 445 on shit you can't patch and call it a day
>>
File: keeyen.png (1MB, 727x660px) Image search:
[Google]
1MB, 727x660px
>>60385039
Gotta wangblows for RealOne player dude.
>>
>>60384898
And the FBI wanted Apple to build an exploit to break into iPhones, remember? Imagine the screams if that had been stolen along with all the others. Comey said it wouldn't happen. But can you believe him?
>>
File: 1488984938079.jpg (71KB, 600x600px) Image search:
[Google]
71KB, 600x600px
Femanon here
>>
wtf i ran the bat and my computer wont boot to windows anymore help??
>>
>>60404216
Which bat?
>>
>>60404224
the bat inside your vagina
>>
Is disabling macros overdone or actually important? I can't do any office shit without it.
>>
>>60404331
Keep macros enabled only if you need them Normally you're fine with them, unless you open any file you donwnload from the internet
>>
>>60384898
Where i can download this virus?
>>
>>60404448
Search for wanadecryptor in the /g/ archive.
>>
>>60404448
I have no idea.
>>
>SMB
Does this men SAMBA is compromised?
>>
>>
>>60404655
No. SAMBA is a completely different implementation.
>>
>>60400442
Trying to do this but when I try to update it tells me "The update is not applicable to your computer."
>>
>>60404734
This is because you need four updates:
> [1] Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/3102810
> [2] How to update the Windows Update Agent to the latest version
https://support.microsoft.com/en-us/kb/949104
> [3] April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/3020369
> [4] July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
https://support.microsoft.com/en-us/kb/3172605
Avoid:
KB2952664
KB3021917
KB3068708
KB3080149
KB3184143
KB971033
Full list of bad updates (not sent anymore). Actual powershell command to check your system (run as admin)
get-hotfix -id KB971033,KB2902907,KB2922324,KB2952664,KB2976978,KB2977759,KB2990214,KB3012973,KB3014460,KB3015249,KB3021917,KB3022345,KB3035583,KB3044374,KB3050265,KB3050267,KB3065987,KB3068708,KB3072318,KB3075249,KB3075851,KB3075853,KB3080149,KB3123862,KB3150513,KB3139923,KB3081954
To uninstall an update (i.e 2952664). In powershell as admin:
wusa /uninstall /kb:2952664
>>
So can I do this on XP? I can't get the update because SP3 fucks with my PC. What can I do?
>>
Our Exchange server is 2003 because my boss had no budget for upgrades the past 2 years.
We don't want to reboot the Exchange server during work hours because 200 retards will phone up complaining they can't access email for 10 minutes.
(We're putting Exchange 2013 on a 2012 R2 server next month)
I've applied the patch from the Microsoft repo.
How can I check and see if it's disabled SMB without a reboot?
>>
>>60404852
I get an error code when trying to uninstall those updates 0x8000ffff. I already have customer experience improvement program turned off, is that affecting it?
>>
>>60399541
Still haven't updeted my OS!
https://www.youtube.com/watch?v=_CL6n0FJZpk
Still clean.
https://www.youtube.com/watch?v=-JfEJq56IwI
>>
>>60404982
just go into the firewall exceptions on the server and make sure file and printer sharing is disabled
>>
>>60405271
>I already have customer experience improvement program turned off, is that affecting it?
No. It must be something else with your system. There are ways of cleaning Windows Update, but I'm unawae how it can be done.
Is your system SP1 (7601)?
>>
>>60405460
SP1 yea but not exactly sure what version number.
If I leave those updates alone will they still have telemetry active?
>>
>>60405833
No. But I'd suggest maybe do a clean install some time.
http://mirror.corenoc.de/digitalrivercontent.net/
DAZ Loader:
http://www74.zippyshare.com/v/dSpULQGy/file.html
Microsoft Toolkit:
http://www106.zippyshare.com/v/pYCad1fv/file.html
Also, version number is shown when you open CMD, or type winver in start menu
>>
>>60400707
Yes now gibs me money
>>60400570
What
>>
>>60405892
I think should be able to delete them through the normal windows update, I only got that error when using the powershell commands.
>>
>>60405892
>>60406054
Oh and yea it is SP1 7601.
>>
File: IMG_20161214_091216.jpg (796KB, 2340x4160px) Image search:
[Google]
796KB, 2340x4160px
>>60406054
Powershell me daddy
>>
>>60404910
get a firewall and block TCP ports 137 138 139 445
and get an antivirus
>>
>>60388996
>>60388903
Where the fuck do I download it?
Just got a new computer but it's on a CPU microsoft doesn't want windows 7 on anymore, so I'm not sure I can get the update from the updater tool. Used one of those batch downloaders but it didn't grab this one
>>
>>60406054
Ofcourse, removal works through Control Panel as well.
>>
>>60405401
>make sure file and printer sharing is disabled
that might not prevent the exploit, it's called an exploit for a reason
>>
>>60400295
First links's not working, clicking download and then the package name causes it to fail
Did microsoft's own servers die?
>>
>>60406206
if you can't so the SMB socket on TCP 445 you can't exploit SMB
>>
>>60404852
Wait, do I need to download the Service Pack 1? If so which one do I download because there are three exe and I don't know which to download.
>>
>>60406415
post a screenshot of what you don't understand you faglord
>>
As a wins 10 pro user who hasn't updated since probably late last year because every fucking update breaks shit and ruins my settings, what should I do to protect myself here? I really don't want to update, I have too much shit at risk to be fucked up by wins updates. Does disabling this smb1 shit really work? So many people tell me wins 10 isn't affected, and so many people say it is. This whole shit is a shit storm of people not knowing what's what and what's true. I've updated every other PC in my house running wins 10 so I'm safe there from it spreading on my network from other PCs if they got infected.
>>
I don't see the point of the R5 over the R4. I mean the R4 is still good, cases aren't going anywhere. Anything tragic I missed?
>>
>>60406458
get the specific update here
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
also
>>60406181
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
>>
>>60384898
What's the point of this shit?
>>
>>60406538
Will that update ONLY touch the exploit and fix it? Will it fuck with anything else on my system?
>>
Which GNU/Linux should I use to be safe?
>>
>>60406700
gentoo
>>
>>60406193
https://ptpb.pw/YRuv
>>
>>60406524
wrong thread
>>
>>60406456
I'm serious I have to download SP1 before I can do anything?
>>
>>60406415
Get an iso with SP1 integrated. Microsoft released them. See here: >>60405892
>>
what's this?
should i be worried? i'm on Windows 10 v1607 and am up to date
>>
>>60406574
i also want to know this
>>
>>60406947
Yes. Only Win10 after the Creators Update (Build 17xx) is safe.
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429
>>
>>60406748
>unable to connect
>>
>>60407246
i've heard the creators update was trashing performance in some things, plus i'm on enterprise and didn't think that it was released for that yet
with that link do i just download the 4th one? it says that was all last updated in march
>>
>>60384898
Or you could simply use latest software with installed security patches.
>>
File: 1494854677994.jpg (4MB, 6024x5624px) Image search:
[Google]
4MB, 6024x5624px
>>60384898
>unironically using windows
>>60384927
It's a guy who lives in Ukraine.
>>
Pisses me off that I have to abandon SMB1
I still use it for an old Windows 98 PC that I keep for DOS games and 90s Windows titles.
SMB1 made it easy to transfer stuff form one PC to another since browsing the web on the 98 pc was a bit trying.
Guess I'll have to setup an FTP server on the 98 PC and push/pull files from it with that.
>>
>install the specific update
>"we couldn't complete the changes - undoing changes"
welp, it was a good run
>>
>>60406807
you could just block the ports with firewall, or disable SMB in registry, use antivirus...
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
for the patch you apparently need SP1
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
you faggot download this
http://www.microsoft.com/downloads/details.aspx?familyid=9be3154c-bcd5-4391-a121-c96a1aaa71e2
or for 64bit version
http://www.microsoft.com/downloads/details.aspx?familyid=bda43604-eff9-4539-afab-556eeb7e6b78
>>
Is turning off SMB1 enough?
My computer is pretty old and buggy as fuck it crashes randomly at times and i can't update windows.
>>
>>60407323
ISOs are out for Enterprise too
en_windows_10_enterprise_version_1703_updated_march_2017_x64_dvd_10189290.iso
en_windows_10_enterprise_version_1703_updated_march_2017_x86_dvd_10188981.iso
>>
>disable SMB1
>get the virus a few days later
Doesn't work guys. Ditch windows.
>>
>>60406193
Ok
>>60406458
Cry
>>
>>60407591
you could just download the specific patch
what win version and language do you have?
>>
>>60407645
windows 8.1
either swedish or english i thinks.
anyway i think i tried to install it before but it just seems to be loadin infinitly how long is it supposed to take?
>>
File: 1464147889497.jpg (266KB, 1024x768px) Image search:
[Google]
266KB, 1024x768px
>>60407699
mfw people who use windows dont even know how to USE windows
you have to manually disable bits and windows update via cmd before installing individual updates
>>
>>60407645
Updates are not language specific since Windows 7 sp1
>>
So I need to disable SMB1 only? How about SMB2 and SMB3?
>>
>>60407815
Only SMB1.
And delete System32 while you're at it.
>>
>>60407860
Thanks friend ;)
>>
>>60407815
Actually it does not work blocking a protocol, why belive a woman, they only want the attention, update to March 2017 using wusu offline
>>
>>60408007
Wsus offline *
>>
>>60407545
>Pisses me off that I have to abandon SMB1
If you're updated, you should be fine with SMB1 enabled. Especially if you keep those ports stealthy (or closed at least)
>>60407591
For remote exploitation, yes
>>60407815
>How about SMB2 and SMB3?
No, those are fine.
>>60408007
>>60408025
>can't even spell properly
That's why you're inferior to women, shitface.
>>
>>60407605
.. am i just supposed to google that exactly?
not sure what to do with this
>>
Is my anime folders safe now?
>>
>>60408149
/Should/ be safe, yes. But given how much cryptolocker software is just far too scary, I'm leaning on the side of caution and just dumping SMB1.
Main reason why I liked using it on the Win98 setup was being able to mount as drive letters. Lets me take my DosBox games folder and other stuff thats on my main PC, mount it on the Windows 98 one and play it from there. But transferring via thumbdrive or FTP isn't that inconvenient.
>>
>>60408149
>women
>4chan
Lmao
>>
File: 4chan_alexa.png (61KB, 1161x1107px) Image search:
[Google]
61KB, 1161x1107px
>>60408531
>>
>>60407629
hey bud go kill yourself
>>
>>60402560
That's the thing. I haven't seen any evidence that they can see who sends the buttcoins. I.e. whoever is paying is getting cucked and whoever released all this is a double idiot for not knowing the psychology of ransomeware extortion.
>>
>>60408597
>Alexa
here's your (you)
>>
>>60408395
Should, but with all ports stealth/closed, the only way of getting hijacked by any ransomware is if you execute it by yourself. I personally disabled SMB1 because I don't have any use to it, but if I had, then I'd keep it enabled without worrying too much about it.
>>
File: t_h_i_n_k_i_n_g.png (176KB, 1280x720px) Image search:
[Google]
176KB, 1280x720px
>>60408395
Or maybe just use a patched version?
>>60408658
False, the port needs to be closed not stealth...
>>
>>60408007
This, blocking a port is plain stupid
>>
>>60408007
I did this, if someone is wondering it would take like a day to do, but you'll be up to date
>>60408149
Muh feelings
>>
>>60408825
as expected of /g/
>>
File: Captura.png (41KB, 650x327px) Image search:
[Google]
41KB, 650x327px
>>6040800
thanks cis white male
Not a bad idea the wsus offline thingy, specially if you own more than one windows 7 device... It takes from fresh install to latest update like 2 hours besides you don't need to be downloading again and again.
I would definitely recommend it to anyone with more than one 7 system
>pic related
>>
>>60408825
Ports should be stealth. Stealth port implies it is also closed.
>>
>>60409117
Stealth ≠ closed, it just drops the connection
>>
>>60409114
I posted in the OP. Simplix pack is cleaner though. It alows you to uninstall updates too after it finishes. It's 7 only.
>>
>>60409114
You're welcome Paco
>>60409117
No it doesn't implies it's closed, just rejects pings
>>
>>60409134
Closed explicitely states that the port is closed to whoever ties to connect. Stealth sends no response, making anyone who is scanning the network believe that your IP is unallocated.
>>
>>60409149
>>>60409114 (You)
>I posted in the OP. Simplix pack is cleaner though. It alows you to uninstall updates too after it finishes. It's 7 only.
>>60409165
>>>60409114 (You)
>You're welcome Paco
>>>60409117
>No it doesn't implies it's closed, just rejects pings
Mommy daddy stop arguing please
>>
File: 1457057418160.jpg (37KB, 600x313px) Image search:
[Google]
37KB, 600x313px
>>60409171
It sends a drop response, as specified in the tcp protocol, meanwhile a closed port does not answer back
>>
>>60409149
>Being this butthurt
>>
This is why women are not taken seriously they get triggered by anything
>>
File: FireShot Screen Capture #012 - 'GRC I ShieldsUP! — Internet Vulnerability Profiling ' - www_grc_com_x_ne_dll_rh1dkyd2.png (134KB, 1903x1107px) Image search:
[Google]
134KB, 1903x1107px
>>60384898
implying i havent done every possible thing to secure my pc and modem,it like i am in a board with normies..oh.
>>
I have an old laptop with Windows XP (not updated since 2013) connected to internet and I don't get anything. Why?
>>
>>60409349
Likely because you're behind a device that does not have the SMB port open (your router) and no devices on your LAN have the virus
>>
>>60409349
>I don't get anything
Anything what? Infected? People like to overblow things like this. You don't get infected just bringing an unpatched PC online. By default all those ports should be stealthy. Unless you deliberately execute the malware, there's no other way it can happen.
>>
>>60409349
That's not how worms work
Cycle is the following
1) vulnerable computer is infected via exploit (usually email with poisoned pdf
2) infected computer propagates the ransomware using the smb protocol to all the vulnerable computers in the network
Can't get infected by just connecting to the Internet, you need
A) open an infected email / website / package
B) connect that xp machine to a network that has an infected client
>>60409442
Chillax
>>
>>60409349
This is a good explanation
>>60409453
BTW the 666kb package looks devilish
>>
Retina Display doesn't have this problem
>>
>>60409442
Na man, the scary thing about this virus is that it does not require user execution for it to happen. If an infected computer is on your LAN (or VPN) and you both have SMB1 enabled you'll get infected if you're not up to date on patches.
But since most people don't have open SMB ports exposed to the internet, the only other way of getting it is by being dumb and downloading something with it rolled in. So really, for most it's not a concern.
>>
File: hqdefault.jpg (10KB, 480x360px) Image search:
[Google]
10KB, 480x360px
My father is in another city and he's too computer illiterate to do this stuff on his W10 install
Is it enough for him to just update to the latest security patch?
>>
How it actually works for anyone new to the thread like >>60409349 :
1. Retard user opens email attachment and says yes to things (compromised pdf, word document, .js file, etc.), or clicks a dodgy hyperlink
2. Ransomware is then downloaded to the user's computer and installed
3. Ransomware starts encrypting user files; when it finishes it brings up the payment screen
4. While 3. is happening, ransomware also scans the local network for PCs on port 445 and attempts to exploit the vulnerability in SMB that everyone is talking about
5. If it's successful, go to step 2 again, otherwise end
Note that this vulnerability only has bearing on the spread of the worm WITHIN a network, and not the initial infection.
That said it could also potentially infect you from the internet if you either had a public IP, were DMZ'd, or had port 445 forwarded, and had no firewall rule to block it on your PC.
If port 445 inbound is blocked on a machine, the vulernability cannot be exploited on it.
If the vulnerability is patched, whether port 445 is blocked or not is irrelevant.
>>
>>60409577
Yup. thats all thats really needed
Also, install Teamviewer on that PC, makes taking care of family PC problems WAY WAY easier then trying to talk them thru it on the phone
>>
>>60409577
>Is it enough for him to just update to the latest security patch?
Yes, it's enough.
But you can als send him a .zip file with that reg and two bat files and tell him to execute them in order. Note the commands are different on W10, you'll find them on that link in the OP.
>>
>>60409577
Yes.
>>
You deserve what you get if you leave port 445 exposed to the internet.
Most machines are already safe from this just by virtue of being behind a NAT firewall.
>>
>>60409577
Windows 10 is safe
>>
>>60409631
>You deserve what you get if you leave port 445 exposed to the internet
I'm not sure why anyone would do this ever.
Setting up a VPN for SMB access is always the FAR FAR better option then exposing SMB it self to the outside network
>>
>>60409655
Unless patched, it's not. SMB1 is enabled on 10 by default.
>>
>>60409685
Windows 10 can be assumed safe because for the always updated policy, which applies since anon stated it's for an computer illiterate (like you) that couldn't disable it
>>
this is hilarious
https://twitter.com/actual_ransom
>>
>>60409717
>$53,890.54 USD
how people can be this dumb?
>>
This windows 7 computer I am using hasnt been updated in like a year.
Is it safe to turn on updates? Every time I update my pc it fucks things up, like it makes it slower etc.
>>
haven't updated winshit 7 since 2015, found 75 updates
is there any specific infamous update that i should avoid?
>>
>>60409871
just disable SMBv1 on turn on/off features
>>
>>60409871
Use wsus offline or download sp1 + 4012212
>>
>>60389275
kb4012216
>>60406193
google>windows update catalog
>>
When I had my server rebuilt in January because of a hard drive failure, the host reinstalled windows 2k8, but they also blocked port 445.
What did they mean by this?
Did they /know/?
Also I had port 135 open, how fucked am I? This is a pc directly on a public IP.
>>
File: 1056stealthedports.png (123KB, 459x473px) Image search:
[Google]
123KB, 459x473px
>>60408388
>>
File: winsmb.png (53KB, 763x594px) Image search:
[Google]
53KB, 763x594px
>>60409883
I dont even have that
>>
>>60409915
port 445 is well know for causing issues.
https://www.grc.com/port_445.htm
>For the security reasons described above, port 445 has been causing so many problems that many ISPs are taking security matters into their own hands and blocking this port on behalf of their users. If our port checking shows your port 445 as "stealth" while you are not being otherwise protected by a NAT router or personal firewall, your ISP is probably preventing port 445 traffic from reaching you.
>>
>>60409962
Look under print faggot
>>
search this on googleintitle:"index of" "@[email protected]"
and laugh
>>
>>60409991
nope, not there
>>
>>60409877
See: >>60404852
>Avoid:
>>
>>60409962
Read OP post. Regedit and CMD are the only options to disable SMB1 in 7. (It's also possible through GPEdit)
>>
>SC servicechangesomething CORRECT
did I do gud
>>
>update win7
>suddenly fonts are corrupted
Goddamn it. Had to do a system restore and roll back a few days because no amount of Googling gave me an answer.
Desire to change to Mint increases.
>>
>>60410190
corrupted, corrupted how? unusable fonts or weird artifacting? good chance it's your video driver.
>>
>>60384898
using a win 7 not updated since 2009
but using noscript an ublock how risky is this
>>
>>60410447
Its not a web browser exploit, it's exploiting a windows service on by default.
>>
>>60410394
Weird artifacting and misaligned text, like they start before a border and get cut. I updated video drivers to see if it was that but nothing changed.
>>
File: braz-pizzaria--cambui.jpg (63KB, 640x425px) Image search:
[Google]
63KB, 640x425px
>>60388996
>kb4012212
Not him but my windows update don't show that update, shows hundreds of older retroactive updates. windows update is running at 25% cpu usage and download progress is 0% after 2 hours.
When this finally finish, next week, i'll be already infected. Fuck this shit. I'm downloading Ubuntu. Now it will be a pain in the ass to configure samba in it.
What is a decent video player for Ubuntu? Please don't tell me Kmplayer or VLC.
>>
It's genuinely nice seeing /g/ come together and help instead of being fuckwads to new people all the time :^)
>>
>>60410688
Could be a caching issue (Truetype is vector based, and precompiles it in to various sizes in bitmap format for faster rendering).
Clearing the font cache can resole issue like that if drivers didn't do the trick. Its usually one or the other.
>>
>>60384898
Thanks,Lori
>>
>>60410754
Samba config in ubuntu isn't particularly difficult.
More hassle than windows, for sure, but once you got it set you can forget about it.
>>
If two windows pcs are on the same lan and one is infected - can the infection spread to the other machine even if vulns have been patched?
Im asking for a friend :)
>>
>>60410982
If you're patched, you're golden.
Still not a bad idea to disable SMB1 for insurance.
>>
Win7 installed the May 2017 security round-up but not the March one, is that enough?
How do you stop the wsus offline tool installing all the backported botnet updates on Win7?
>>
File: 1486342376988.png (866KB, 900x702px) Image search:
[Google]
866KB, 900x702px
I've got an idea
infect google's servers with this
>>
Is there a way to do this without a restart? Asking for a friend
>>
>>60411388
I asked my friend. He said no cus wangblows.... Blows.
>>
File: 1493125287781.png (129KB, 314x278px) Image search:
[Google]
129KB, 314x278px
I used Tron to remove the junk from Windows, but I can see I'm on version 1607, which supposedly doesn't have the patch from Windows which fixes the vulnerability. I thought Tron was supposed to make it so you only received the most important security updates?
>>
>>60410025
>.br
they deserve it
>>
>>60410447
At least get a SP1 iso >>60405892
>>60410847
>Lori
?
>>60411307
>Win7 installed the May 2017 security round-up but not the March one, is that enough?
No. May one does not contain March or April fixes
>>60410982
>can the infection spread to the other machine even if vulns have been patched?
No
>>
>>60411586
>No. May one does not contain March or April fixes
Aren't the security rollups sopposed to be retroactive?
Windows updates seem to skip over the old updates that you skipped though, how do you get it to reinstall those?
>>
>>60411586
i have sp1
and i have disabled SMBv1
Thread posts: 318
Thread images: 59
Thread images: 59