My BlackArmor NAS110 came with a 1TB 7200 RPM drive.  I ran out of room so I stole a 2TB drive from a new computer I ordered and wanted to use it in the BlackArmor.

To successfully do this, I needed to wipe the partitions from the new drive.  So I hooked it up to my desktop computer using a 2.5/3.5 SATA caddy.

diskpart
list disk
select disk 2
clean

That was the command sequence.  Be careful to select the proper disk or you can wipe the partitions from any drives attached!

Little did I know it was this simple.  At first, I just threw the drive into the BlackArmor NAS110 thinking it’d nuke and pave it and load whatever was necessary.

Nope.

After a few failed attempts, I finally just decided to wipe the disk (not creating a new partition).

If you need information on tearing this case open, head over to http://crapnas.blogspot.com/2010/04/opening-box.html.

I knew I was heading in the right direction because after wiping partitions and then booting it up in the BlackArmor, it rebooted after about 30 seconds of being on with an Amber light.  After the bootup, I hear disk activity and no Amber light — no IP yet, so I think it’s formatting the drive at this point.  2TB may take a hot minute.

I generally use a quick command like net statistics server|more on a Windows machine to quickly grab the uptime.  I decided to put together a small uptime utility that will report the uptime of the system using, you guessed, uptime command.

Drop the uptime.exe into your %PATH%; either something like %WINDIR% or %WINDIR%System32 folder.

The code is available on Github at http://github.com/rjkreider/uptime if you want to take a peek at the code.

Here’s the obligatory screenshot…

I’ll also put a direct download link that is stored on my server.  This is dated 12/19/2016, so check Github to make sure you have the latest.  I may have found a bug, or someone may have found a bug, and things may have changed since I initially published this article.

Download ZIP – uptime.zip

Seems there is a bug in the NVIDIA Experience application.  I have a GTX 1050 mini installed on my home PC and have been experiencing the same issue.

As of 12/17 latest update to NVIDIA Experience, the bug is still there.  Simply click Continue – but you’ll see it every reboot or launch of the NVIDIA Experience application.

There are a few workarounds, I’ll highlight below, that I found on the NVIDIA forums regarding this error.

Workaround 1 – Disk Management

  1. Press Win+R and type diskmgmt.msc – hit enter
  2. Right click on the removable disk (most likely labeled D) and change drive letter to F or whatever available letter.
  3. Reboot

Workaround 2 – Registry

Open the Registry Editor (regedit.exe) and modify errormode and set the value to 2.

Note:  Make sure you revert this back to its default value when/if NVIDIA updates their software to resolve this issue.

  1. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlWindowserrormode

 

Sometimes it happens.  I intend to send a binary file to an FTP server and forget to change the mode to BINARY before starting the transfer.

It’s really easy to do… and it was a natural habit type of thing back in the day when I used FTP frequently…

ftp www.xyz.com
user
pass
hash
binary

Simple and straight forward.  Anyway, I screwed up the other day and thought all was lost after a few .tgz files I transferred over to a server via FTP were not extractable.  I deleted my source before verifying my file transfers, stupid me.

Anyway, a tool that worked like a champ, Windows and Linux, is fixgz.  fixgz attempts to fix a binary file transferred in ascii mode by

  • removing each extra CR when it followed by LF.  So if you ever get a corrupted file after transferring via FTP in the wrong format, give this a whirl.

fixgz.c

/* fixgz attempts to fix a binary file transferred in ascii mode by
 * removing each extra CR when it followed by LF.
 * usage: fixgz  bad.gz fixed.gz
 * WARNING: the output file name must be different from the input file name!

 * Copyright 1998 Jean-loup Gailly <jloup@gzip.org>
 *   This software is provided 'as-is', without any express or implied
 * warranty.  In no event will the author be held liable for any damages
 * arising from the use of this software.

 * Permission is granted to anyone to use this software for any purpose,
 * including commercial applications, and to alter it and redistribute it
 * freely.
 */

#include

int main(argc, argv)
     int argc;
     char **argv;
{
    int c1, c2; /* input bytes */
    FILE *in;   /* corrupted input file */
    FILE *out;  /* fixed output file */

    if (argc <= 2) {
	fprintf(stderr, "usage: fixgz bad.gz fixed.gz
");
	exit(1);
    }
    if (!strcmp(argv[1], argv[2])) {
	fprintf(stderr, "input and output files must be different
");
	exit(1);
    }
    in  = fopen(argv[1], "rb");
    if (in == NULL) {
	fprintf(stderr, "fixgz: cannot open %s
", argv[1]);
	exit(1);
    }
    out = fopen(argv[2], "wb");
    if (in == NULL) {
	fprintf(stderr, "fixgz: cannot create %s
", argv[2]);
	exit(1);
    }

    c1 = fgetc(in);

    while ((c2 = fgetc(in)) != EOF) {
	if (c1 != '
' || c2 != '
') {
	    fputc(c1, out);
	}
	c1 = c2;
    }
    if (c1 != EOF) {
	fputc(c1, out);
    }
    exit(0);
    return 0; /* avoid warning */
}

width=600

Break-fix call on a CrySiS Ransomware infection.  It’s actually not CrySiS, but a fork of it, which is not decryptable at this time.  CrySiS shut down its operation a month or so ago and dumped the master encryption key so victims could decrypt their files.  Not so much with this variant.

After infection, it drops a JPEG file in the user’s folder C:UsersVictimINFORMATION HOoW TO DECRYYPT FILES.jpg.

It encrypts files and renames them with .[stopper@india.com].wallet

width=584

It drops a file on the desktop named STOPPER.txt:

Attentiion!!!
All your filess are encrypted!
To decrypt your files, please contact us by email:stopper@india.com

The method of infection was from unauthorized access (brute-force) RDP connection.

It also drops AnonCrpt.exe on the desktop, 274KB file size;  A quick analysis from VirusTotal shows the results below:

VirusTotal detection results from AnonCrpt.exe

As mentioned earlier, there is not a way to decrypt this currently.

Stay safe.

s
search
c
compose new post
r
reply
e
edit
t
go to top
j
go to the next post or comment
k
go to the previous post or comment
o
toggle comment visibility
esc
cancel edit post or comment