Jump to content

Clément

Members
  • Content Count

    139
  • Joined

  • Last visited

  • Days Won

    2

Clément last won the day on August 26 2019

Clément had the most liked content!

Community Reputation

62 Excellent

Technical Information

  • Delphi-Version
    Delphi 10.3 Rio

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Clément

    is the site infected?

    Hi, Usually IT departments install a lot of stuff to prevent infection, but once you're infected is another ball game. Check if your firewall is up and running. If you can install ( user permission wise ) a software in your machine, I strongly recommend you to download malwarebytes https://www.malwarebytes.com/ (Personal edition will be just fine ) from a clean machine, copy the installer to a pen-drive and install and run it in your machine. Let it run. Hopefully most of those nasty fellows can be removed. Unfortunately there's no "one antivirus to rule them all", so you might need some other antivirus software to clean it up. If your firewall is NOT active. turn off your machine at once. Don't waste time trying to put it back online, especially if you are in a LAN and have access to other machine in the network. Once windows reboots, your firewall should be up and running again. Don't use your machine without a firewall. If your firewall is deactivated again, shut it down for good and let the IT department deal with it HTH, Clément
  2. Clément

    10.4.1 Released today

    Just updated from 10.4 with Patch 1,2,3 applied. (WebInstall). No problems so far
  3. Clément

    RansomWare blues

    Hi, I'm still looking for the styles... I found this link, they are free, and yet nowhere to be found.. Shouldn't they be included in 10.4? I installed 10.2 and 10.3. The styles are not there ... They should be a free download in the getit manager... https://community.embarcadero.com/article/16642-getit-october-2018
  4. Clément

    RansomWare blues

    Well... yes... I mean, my computer has RDP activated in another port. So basically the ISP router forward the requests from a non-default RDP port to a non-default RDP local port. My computer is not working 24/7. But it can start itself everyday at 8:00 am, and I turn it off when I'm done. So it can stay on from 8:00 to 17:00, or sometimes 23h00. I still have to understand how he managed to create a local account. As far as I can tell, ha managed to overcome 3 firewalls. My ISP Router, my server, and my machine. So he manage to discover the exact ports and his timing was perfect. Or this attack didn't happened all at once. I might have been infected by some virus a few weeks back that remained inactive, or was unable to take action, up until "something" happened and made the hacking possible. Since it's my working machine, I only open my customer email. There's no navigating to suspicious sites or downloading illegal content. The fact is that "somehow" he manage to create a local user account using RDP. And Windows Defender kicked in only after I dropped his connection. If one more minute has passed it would be terrible! I would required a lot more than those 3 VCL Skins... And by the way... this kind of ransomware uses RSA with AES to encrypt contents, the encryption takes place by scanning folders and file alphabetically. I have my Images (Glyphs and Icons) stored in "Images" Folder ( Several GBytes of recoverable data ) that delayed that virus long enough. Just a few folder from my Projects... It ignores executables and any file with less than 5kb . The only thing left unencrypted is a text file with "directions" to contact them. Well, finally I manage to recover all my projects. My most recent backup was from 11/08 the attack took place 12th. In my backup server, my readonly folder tree was unaffected. The problem I had was some files are not included in my backup (like some VCL Skins, Icons, RC files, configurations files, Delphi settings, thirdparty components, etc.. ) A lot of work to rebuild my machine since I have a really hard time believing the antivirus got rid of that virus. I just feel safer destroying partitions and reformatting everything. Brand new Windows 10 installation with Delphi and all its ecosystem.
  5. Clément

    RansomWare blues

    There are a few things I learned from this experience. There was a lot strange traffic in my firewall. I already wrote a batch that will block those traffics automatically. But that wasn't the main issue. When I was remotely accessing my machine, I noticed it was slower than it should. I start searching for processes that were eating all my resources CPU and memory. My antivirus was "normal", all my usual processes were "normal" but yet something was eating over 70% of CPU and 80% memory... I was in task manager and click the Users.. To my surprise, there was another user logged in. Very unusual name something like "yyz==Twe". I never would have created a user like that one. The moment I killed the connection the machine start working normally. The Antivirus warned me there was a Ransomware running asked to run an offline scan, and I restarted the machine. Windows 10 was up to date. How this fellow managed to create a local user in my machine through RDP is beyond me.
  6. Clément

    RansomWare blues

    LOL!! Don't worry I have precedence ... I founded DHS when I was still in high school,Turbo Pascal and Turbo C++ ruled the world ( a long time ago , in a galaxy far away... ) ...
  7. Clément

    RansomWare blues

    I already check GetIt manager. It's not there. I installed from the WebInstaller.. Maybe ISO installer has more styles
  8. Clément

    RansomWare blues

    Windows share that's created by the backup application only when the backup is ready to be copied. This was a full backup copy day, so it took longer to copy. What saved me was 2 things actually. 1) A folder that only a windows user (usrBackup) has write access to it. Every other domain user has read only access 2) A rather large glyph collection. My drive C was completelly lost.
  9. Clément

    RansomWare blues

    I got very lucky! Even my backup server got infected
  10. Clément

    RansomWare blues

    I got a [pgpopen@foxmail.com].pgp that forced me to reformat my machine. I have successfully installed 10.4, installed all components and libraries... loaded my project and ... I'm missing some VCL styles 😥 What happened to : [BRCC32 Error] dhsPinger.vrc(71): file not found: C:\Users\Public\Documents\Embarcadero\Studio\21.0\Styles\AquaLightSlate2.vsf [BRCC32 Error] dhsPinger.vrc(73): file not found: C:\Users\Public\Documents\Embarcadero\Studio\21.0\Styles\Glossy2.vsf [BRCC32 Error] dhsPinger.vrc(76): file not found: C:\Users\Public\Documents\Embarcadero\Studio\21.0\Styles\ZirconSE.vsf I installed all VCL Styles (GetIt Manager), went to DelphiStyles.com, search Embarcadero Blogs, CodeRage... where are those styles? Clément
  11. Well, my last options option is Windows Service with microservice, but it is so close to another HTTP server that it might be better to just get it done.
  12. The users are remote. Most request (99.5% 🙄 ) will be handled by the HTTP Server and it's modules. But there's always that customer that requires some special attention. In this case I must complement the request with a call to a "microservice" Everyone will request the same action, but, for this customer, I must execute an extra call. This extra call is very customer specific, so I don't want to include it in the main service, I want to execute it either by simple EXE, or by DLL, or by another service.... But from what I saw, I'll have to write another server to call those microservices. That arquitecture gave me some ideas I will use CreateProcess. Since this process will not required any interaction, I see no reason it can't run in the same service session.
  13. Hi Arnaud. The HTTP server is compiled with some functionalities that are common for the customers that will access that server. Customers can be are either small companies or individuals. Each company can have many employee and each will have to a "user" to log in the client app and make requests. The "common" functionalities can group Companies in the same segment for example. Those companies will access the same HTTP Server compiled with modules, so if you wish, monolithic. What I need is to address specific needs from some customers. And for those I wish to execute an "app". And this app will be called from this HTTP server.
  14. Hi, I wrote a Windows Service (REST HTTP Server) does a lot of stuff 😎. Several users (hopefully) will be connected and each might need to call this "app" from their own thread. Well, I would like to avoid compiling those modules into the main Service, because they will get changed a lot more often than the service itself. Some modules are specific to some users. A few details about this app: No form, no console no user interaction are required. I just need to pass a command line with some parameters ( 4 or 5 actually) and the "app" should run, do the thing, and return to the service. My options are: 1) Small executable with the required modules: ... just a log file to guide me (or my user). Will be called from the service with the required parameters (command line) 2) Write a DLL and load and unload it when there's an update (don't like the idea, but it works) 3) Write another Windows Service with the required modules. As both services share the same machine, communication between them should not be a problem. 4) Mix options 3 and 1 to build a powerfull architecture ( not required right now ). Do you guys have another option? A preferred one? TIA, Clément
  15. Clément

    Reproducible AV in Sydney

    Let's hope E. can fixed it on the next patch. Very annoying!
×