softlay.net

From: CHYRON (DSMITHHFX)22 Jul 2017 16:09
To: ALL4 of 7
so I ran an SFC from a known good (purchased) installer dvd (but Pro version) from work, and it returned "Windows Resource Protection did not find any integrity violations".

Still only boots into Safe Mode. Hmph.

Gonna burn the softlay iso next and might essay a scan from that. Probly looking at the oem nuke & reinstall thingy though. :-(
From: CHYRON (DSMITHHFX)22 Jul 2017 16:53
To: ALL5 of 7
OK, so after going through msconfig and setting it to boot normally it... booted normally. I'm guessing dickwad mcfuckface on the phone had set for safe mode and then wanted a hundred bucks to unset it.

I also disabled remote desktop connection in msconfig.

Fuck you, mcfuckface.

I may test out the softlay offering in a virtual machine at work next week. Glad I didn't have to use it.
From: CHYRON (DSMITHHFX)24 Jul 2017 18:33
To: ALL6 of 7
A fresh softlay-sourced Windows 7 install in virtualbox passed a MS Malicious Software Removal Tool scan, so I installed Firefox (which Mrs.D uses) and opened the site she said was the last one she browsed before the attack: http://arizonamountaineeringclub.org.

Nothing happened. I suppose it's possible another malware-infected web site she had browsed earlier was the culprit.

I also opened the actual web page the attack apparently came from, based on her ff history:
http://187679863776586953687908945.win/?a=10012294&offer_key=d26a2baaa128ee148b74161dcfb52443&nrid=3

which (unsurprisingly) returned a 404 not found

Another scan with the Microsoft tool after browsing these sites also turned up nothing.

Conclusion: attack vector unknown.
EDITED: 24 Jul 2017 18:35 by DSMITHHFX
Message 41996.7 was deleted