Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Telegraph_Sam on November 29, 2013, 02:11:22 AM
-
Am I right in believing that Avast has yet to come up with a built-in shield to prevent this ransomware from installing itself? There is a little dedicated CryptoPrevent tool in www.snicpa.com/10690 which I have downloaded and installed but there appear to be some problems in getting it to work (in my case).
-
Kaspersky says they protect against this: http://blog.kaspersky.com/cryptolocker-is-bad-news/
http://forum.kaspersky.com/index.php?s=03714328a1131498c4c68be54e9d76c6&showtopic=273487
Not sure it is true.
Of ALL the Malware out there this is the one that scares me the most. :(
Good article from MalwareBytes: http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
-
I read through the MWB article blog. Not easy for the layman to follow some of the arguments, counter-arguments and comments (proper grammar would be a help!!). Having read through the lot what do you consider on balance to be the most convincing lines of action to pursue? I am intending to uninstall my dodgy CryptoPrevent app and download the equivalent zip file from majorgeeks as recommended to me in another forum.
If Avast could come up with a proven effective shield - why can't they emulate CryptoPrevent as part of the next version??? - it would be a major advance and comfort.
-
Hello Telegraph_Sam,
Another on-going article of interest about the Cryptolocker malware can be seen at the Bleeping Computer website via the link below:
http://www.bleepingcomputer.com/forums/t/512668/cryptolocker-developers-charge-10-bitcoins-to-use-new-decryption-service/#entry3196844
Best regards.
-
Deepscreen and hardened mode appear to catch a test version which was run when I installed the Foolishit tool
However, with the way the malware mutates on a daily basis I still installed it
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
-
In theory, using Hardened Mode (Aggressive) should prevent all the ransomware malwares...
-
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)
Essexboy, you've helped me (and so many others) in the past I first want to say thanks for all your efforts....to say "above and beyond" is an understatement. I'd like your opinion on CryptoPrevent.
I assume it is for real since you are recommending but what does it do ?
Can you explain the install, use, maintenance ?...you mention mutation of CryptoLock type malware, does a static solution work ?
I am paranoid this can cause issues ?.....example, if it is "locking things down" does that mean other things may have issue ?...example other recovery efforts by MS O/S tools ?
How about A/V tools, will they see this CryptoPrevent as a virus and removal with muck up the very files I'm protecting ?
My plan now is to do daily backups (already do) of "copying" MyDoc files to SD Card that I now "pull" from laptop (used to leave in) and also "pull" the USB HDD after it's morning receipt of image (Macrium Reflect) of my PC. My biggest concern is that this CryptoPrevent is locking down the very files I'm trying to prevent being "locked" by CryptoLock and if something else goes wrong I'm locked from these files not only on my PC but in my backups.
Also, I'm super paranoid on downloads and installs of these "utils"......so many places put other crud in the installer.....some not seen.
Thus, can you provide a link of a clean installation version of CryptoPrevent ?....I run W7 64-bit.
-
Telegraph-Sam wrote: "there appear to be some problems in getting it to work (in my case)... I am intending to uninstall my dodgy CryptoPrevent app and download the equivalent zip file... "
If CryptoPrevent is having an issue on your system, and if the alternative zip file is truly an equivalent, I would expect it to produce the same results.
After checking into it, I have deployed CryptoPrevent on numerous systems (mostly Win7, one XP) and have not encountered any problems. The only rare issue people are expected to face would be if they have a legitimate program running from one of the restricted directory locations. And if that's the problem, you should be able to handle it via CryptoPrevent's whitelisting mechanism.
On my main/personal PC, I am also running MBAM PRO, which separately offers real-time protection against CryptoLocker.
"If Avast could come up with a proven effective shield - why can't they emulate CryptoPrevent as part of the next version??? - it would be a major advance and comfort."
No program is going to catch everything... we need to rely on layers of protection. As for avast "emulating" CryptoPrevent, I see two issues:
1) The critical research in battling CryptoLocker was done by Lawrence Abrams of Bleeping Computer. There may be an issue of intellectual property rights if avast were simply to include it. CryptoPrevent was written with permission from --- and acknowledgement to --- Mr. Abrams.
2) If, as you report, CryptoPrevent is "buggy" on your system... and if avast were to emulate the same mechanism... you might find yourself in the position of having to disable avast itself --- rather than just the separate CryptoPrevent --- in order to make your system work again. Surely, you wouldn't want that.
-
CryptoPrevent can be downloaded from http://www.foolishit.com/vb6-projects/cryptoprevent/
(download links are toward the bottom of the page).
Definitive Guide to CryptoLocker (by Lawrence Abrams [aka "Grinler" ]): http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
-
There is nothing bundled with the programme, you can get it either direct from Foolishit or MajorGeeks
What it does is put in a group policy to disable files running from appdata or any double extensions
In most instances I have come across it is an e-mail attachment with a PDF.EXE double extension so the usual rules of scanning any attachment before you even think of opening it apply
But as usual there are several look alike programmes so do not download from anywhere bar certified sites
I have installed it on my 8.1 system so it does work. There was a recent update to the programme but a manual check every few weeks should suffice using the programme updater
A little explanation here http://krebsonsecurity.com/tag/cryptoprevent/ and here http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
FoolishIT appears to be down at the moment, not sure why
-
Great link.....thx: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#shadow
If you use Software Restriction Policies, or CryptoPrevent, to block CryptoLocker you may find that some legitimate applications no longer run. This is because some companies mistakenly install their applications under a user's profile rather than in the Program Files folder where they belong. Due to this, the Software Restriction Policies will prevent those applications from running.
Thankfully, when Microsoft designed Software Restriction Policies they made it so a Path Rule that specifies a program is allowed to run overrides any path rules that may block it. Therefore, if a Software Restriction Policy is blocking a legitimate program, you will need to use the manual steps given above to add a Path Rule that allows the program to run. To do this you will need to create a Path Rule for a particular program's executable and set the Security Level to Unrestricted instead of Disallowed as shown in the image below
So how many programs did you guys find that you had to add good programs to ?
What happens when you try to run something that is not permitted ?....on-screen error or do you have to go into Event Viewer ?
I'm an IT guy but this seems like there would be a lot manual entries ?
Also, when you install a new program is there only a problem if not in Program Files ?
New Path Rule.... You should then add a Path Rule for each of the items listed below.
Can you expand on the how-to of the above........doesn't really lay it out on what you enter for a new program...perhaps couple examples.
Thx !
P.S Because of the severity of this to all Windows PCs it would seem Microsoft would be working on a security update to block this...any rumors or threads on this in the O/S forums ?
-
As it stands in the two weeks that I have had the programme on my system I have not had to do anything at all.. All my normal programmes, plus a few specialist ones run perfectly
Although with the foolishit programme an easier way is to undo cryptoprevent
Run the affected programme and then re-apply cryptoprevent and it will automatically add that programme
-
On my main/personal PC, I am also running MBAM PRO, which separately offers real-time protection against CryptoLocker.
Can you run "real time" MBAM PRO with real time Avast ?......I thought having two A/Vs was a big NO-NO ?
I know MBAM is MW & Avast A/V.....but those lines are real cloudy now-a-days.
-
As it stands in the two weeks that I have had the programme on my system I have not had to do anything at all.. All my normal programmes, plus a few specialist ones run perfectly
Although with the foolishit programme an easier way is to undo cryptoprevent
Run the affected programme and then re-apply cryptoprevent and it will automatically add that programme
Thx, now if their Server would come up I could get the installer....any chance to attached in ZIP to this thread ?
-
MBAM is anti-MALWARE, and its authors have taken great pains to make it compatible with just about any anti-VIRUS program. If you check our signatures here, you'll find many people happily running MBAM PRO along with avast.
I have run the PRO (realtime) version along with avast8 on both WinXP and Win7. I did NOT have to set-up any exclusions in either program... they're running just fine together for me.
Having said that, MBAM does offer a detailed suggestion (setting up mutual exclusions in each program), SHOULD you find there's a conflict or slow-down: https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry417798
-
MBAM is anti-MALWARE, and its authors have taken great pains to make it compatible with just about any anti-VIRUS program. If you check our signatures here, you'll find many people happily running MBAM PRO along with avast.
I have run the PRO (realtime) version along with avast8 on both WinXP and Win7. I did NOT have to set-up any exclusions in either program... they're running just fine together for me.
Having said that, MBAM does offer a detailed suggestion (setting up mutual exclusions in each program), SHOULD you find there's a conflict of slow-down: https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry417798
Thx, are you also running CryptoPrevent ?
Any chance you have the installer you can zip/post ?......the server is down.
-
Yes, I am using CryptoPrevent. "Running" isn't an accurate description: It runs once, sets up its restrictions/policies, and automatically protects you without continually "running".
No, this forum will not accept .exe nor .zip files ---
Allowed file types for upload are: txt, jpg, gif, png, log
Just keep trying the CryptoPrevent site. The problem is that it's being bombarded by so many people, it can't handle all the requests.
CrytoPrevent offers two versions: a .ZIP file, from which you have to extract the executable; and an .exe file which offers setup/installer, which places easy-to-find links to CryptoPrevent on your START Menu and Control Panel (Add/Remove). If you know/remember where you extracted/unzipped the file, I see no real need for an acutual "installation".
-
It's the easiest thing to use:
Download it. Run the executable program (after extracting it from the .ZIP file, or directly from the START Menu if you opted for the installer);
Click the APPLY button (accepting the checked defaults).
And basically you're done.
Periodicially [e.g., once a week], you can use its updater function to check for updates, and APPLY them as well (on top of the exisiting protection).
Hopefully, you won't encounter any problems (blocking of legitimate programs).
Basically, the CryptoLOCKER malware is running itself from non-standard locations/directories. What CryptoPrevent does is "instruct" Windows not to allow ANY programs to run from these locations [unless whitelisted]. So it's Windows itself that's subsequently running and doing the actual blocking.
Can this be defeated, if the CryptoLOCKER malware "gets wise" and places itself in alternative locations? Yes, that would certainly seem possible. But it has yet to do so. And if/when it does, we can hope that CryptoPrevent will add protection for these locations as well (if practical).
-
Cryptoprevent is hosted on Majorgeeks http://www.majorgeeks.com/files/details/cryptoprevent.html
-
I installed it on my XP machine with no apparent problems.
However, on my Win7, the test function froze.... test thru very quickly on XP,stalled on Win7
After numerous tries and restarts, I uninstalled with Revo.
Wonder why?
-
I downloaded the CryptoPrevent zip file (into XP) from majorgeeks and with some guesswork it seems to be doing what it says on the tin. It would probably have worked first time if the presentation on the original website had been a bit clearer (which file to download). The "test" is very quick, probably designed to be so. I have asked what the significance is of the unticked option "Block Temp Extracted Executables in Archive Files", and whether I should tick it "for good measure" whatever it does. Can I now stop wondering about upgrading to MWB Pro?
-
Quoting Corrine Chorney (Microsoft MVP in Computer Security): "Temp Extracted Executables in Archive Files refers to executables (e.g., .exe, .pdf) that are opened directly from a downloaded .zip, .rar, etc. rather than extracting first. An executable that is opened directly from the "archive" is opened in a temp file".
So that says WHAT they are. As for whether to check that box, CryptoPrevent's author, in the changelog to version 2.5, stated that he left "Temp Extracted Executable protection unchecked by default and [furthermore,] implemented a warning when checking this item, as [checking it] can cause issues with some apps/installations."
Personally, I have heeded that advice and left it UNchecked, accepting all the defaults. But others --- perhaps not noticing the author's disclaimer --- HAVE checked it.
Keep in mind that CryptoPrevent only protects against CryptoLocker --- it makes no attempt to protect against other forms of malware. [It might "accidentally" catch other malware, if, like CryptoLocker, they choose to run from one of the "locked"/protected directories.] In contrast, MBAM PRO offers protection against MANY forms of malware. Its creative team focus on the prevalent, more-stubborn, toughest malware, that often can make its way (undetected) passed many/most anti-virus programs. That's its niche. MBAM is not an anti-virus program --- it does not look for typical viruses. Rather, it is specifically written to COMPLEMENT whatever anti-virus program the user prefers.
Just so we understand, the FREE version of MBAM is a complete SCANNER and REMOVER. It is not a trial, its scanner/removal features are not limited. It's a great program for everyone to have, to attempt to repair a bad situation after the infection has set in.
The "limitation" in the free version is that it does not offer up-front protection. THAT'S the critical function of the PRO/paid version: It will prevent infection from setting-in in the first place, both my monitoring files as they're executed, as well as monitoring URLs, blocking those it believes to be bad. It's a one-time investment per machine (with the right to transfer that license from one machine to another, provided you "retire" usage of MBAM PRO on the former).
If you check various malware-removal forums, you'll see that MBAM [Free] is often the first tool they use to try to remove an infection. Any infection that MBAM Free can remove, after the fact, could have been prevented, had the person been using MBAM PRO! In my opinion, it's worth every penny. Indeed, it's the only paid program that I strongly advocate --- in general, I think free programs (including of course, Avast), do a very good job.
EDIT / P.S. If you're considering MBAM PRO, now is the time to buy --- they're running a "Black Friday" 40% off sale this weekend (through Dec. 2nd): http://www.malwarebytes.org/blackfriday/
-
I understood from reading the CryptoPrevent text that it could well prevent other malware though it doesn't make a point of this as a general AV program does. The fact remains that we are advised not to run more than one AV program but MWB Pro appears to be the exception. As does Lavasoft Ad-Aware I seem to recall (I've installed it on this basis). I used to use Spybot and Spywareblaster but I believe (?) that this is no longer active .. The point comes where you have to ask where to draw the line!
-
Each person has to decide how much security he/she is comfortable running. As you can see from my signature, I choose to run a lot. Yet, as best as I can tell, there are no conflicts nor any noticeable slow down.
Yes, the advice NOT to run more than one REAL-TIME anti-VIRUS program still holds. But CryptoPrevent does NOT run in real-time. It sets-up "policy restrictions" in the registry, and then lets Windows handle these. SpywareBlaster, which you mentioned, behaves similarly: it sets various restrictions (cookies, ActiveX, restricted sites), and then let your browser (e.g., IE) take care of implementing them. SpywareBlaster is still around, and can be used in conjunction with most other programs.
Lavasoft --- which used to be just "Ad Aware" --- has grown into a full-fledged anti-virus suite. This fuller progam should NOT be used in conjunction with Avast. [Some people may "pick-and-choose" to run only certain components of each (e.g., a firewall), but that gets complicated, and can potentially be problematic.]
MBAM should not conflict with avast, nor any other anti-virus program. SAS (SuperAntiSpyware) is a popular alternative to MBAM that has its ardent fans. Those who prefer to run SAS PRO/realtime [instead of MBAM PRO], along with an anti-virus, may certainly do so.
-
I have run the PRO (realtime) version along with avast8 on both WinXP and Win7. I did NOT have to set-up any exclusions in either program... they're running just fine together for me.
Having said that, MBAM does offer a detailed suggestion (setting up mutual exclusions in each program), SHOULD you find there's a conflict or slow-down: https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry417798
I think I'll take the Black Friday $14 Lifetime License per PC plunge....I read the FAQ and the exclusions for Avast are for Avast6....any change for Avast 8 ?.......I have not upgraded to Avast 9......way the forum is reading it'll be a LONG while before I do that. :)
-
Concerning the mutual [or even "one-sided"] exclusions between MBAM PRO and avast, I would suggest you try running both together "as is"... and only worry about exclusions in the event something doesn't seem right [e.g., you have an actual conflict, or things seem to be "dragging"/slow. I have made no exclusions in either program, and all seems well here.
Yes, the exclusion list was written specifically for avast6, but I believe if you check them out, it should transfer-over straightforwardly to avast8.
-
Any side effects to using Cryptoprevent? I remember Chrome installed and ran in the applocal up to relatively recently. They now by default install it in program files, but I that leaves tens of millions of users. Anything else people should look out for?
-
Concerning the mutual [or even "one-sided"] exclusions between MBAM PRO and avast, I would suggest you try running both together "as is"... and only worry about exclusions in the event something doesn't seem right [e.g., you have an actual conflict, or things seem to be "dragging"/slow. I have made no exclusions in either program, and all seems well here.
Yes, the exclusion list was written specifically for avast6, but I believe if you check them out, it should transfer-over straightforwardly to avast8.
Just bought dozen licenses at $14 each.....great deal for lifetime...wow !
I'm sure dumb question(s)
1) Uninstall MBAM Free Scanner before I install the Pro, correct ?
2) I usually have Avast do scan daily 5am.....I assume I can/will do a MBAM scan daily, do you ?
If so, I assume you can schedule in Pro ?
If so, I assume to run the Avast & MBAM scans at different times ?
3) MBAM scan in Free takes awhile.......I have W7 64bit clean I5 machines.....but think it runs longer than an Avast scan.
How long do you see the scans being in MBAM ?
4) MBAM Pro auto-updates its malware database like Avast for Virus DB ?....obviously MBAM Free you have to do this manually.
.....going to use Avast8 + MBAM Pro + CryptoPrevent on all of my home and office W7 64bit PCs.
Thx !
-
Decided to try Cryptoprevent, after installation tried the test, Avast popped up and I set an exclusion, had to do this twice. When I checked the exclusions in hardened mode there was one for helloworld.exe, when I close Avast and opened 5 minutes later this exclusion was gone. Not surprised exclusion was gone as this version is so buggy, none of my exclusions stick, but has anyone heard of helloworld and could somebody check to see if this happened to them why trying Cryptoprevent?
Thanks.
-
Alievitan,
the first time you run CryptoPrevent, if you accept the default settings, it will "whitelist" any programs you already have located in the "protected" directories. So for example, if Chrome was present there, it would be whitelisted, and allowed to run in the future. CryptoPrevent seeks to limit NEW applications... presumably malware... that suddenly pop-up unexpectedly in these non-standard locations.
-
thekochs
1. you can enter your license code into the free version to upgrade it to the PRO version, without having to uninstall the Free one first: Hit the PROTECTION tab, and toward the bottom, hit ACTIVATE. Then fill-in the product ID and KEY as requested, and hit (the newer) ACTIVATE button.
2. yes, you can set MBAM PRO for daily [or other regularly-scheduled] scanning, by clicking on the SETTINGS tab, then Scheduler Settings, and ADDing a scan [or a check for updates] by specifying your choice of parameters.
Personally, I am NOT a fan of routine scanning on a system that I strive to keep squeaky clean. I trust myself more than I want to allow for the possibility of a false positive in over-scanning. As such, I neither scan daily with Avast, nor with MBAM. But that's just me. If you feel more comfortable with daily scans, then it's your decision to do so.
Yes, it would be best to separate a daily MBAM scan from a daily AVAST scan... no need having them hog your CPU, and fight over disk access!
I *HAVE* scheduled MBAM to check for updates every hour.
3) Which of the MBAM scans are you running? Believe it or not, the QUICK scan is highly efficient, and will probably catch just about all the malware on your system! If the QUICK scan comes up clean, I'd say you're 97+% safe... perhaps even more so. As such, there's little need to ever run a FULL [lengthy] scan with MBAM... unless you really insist... "once in a blue moon".
By the way, MBAM PRO also offers a "Flash" scan, which tests just the most sensitive areas, really quickly.
4) I mentioned auto-updates of database in my response to (2).
-
Digmor,
HelloWorld2 is the test program that CryptoPrevent creates to test itself. When you hit the test button, it (temporarily, as best as I can tell) creates HelloWorld2.exe in a monitored area [for example, C:\Users\your name\AppData\Roaming\ ] and tries to run it from there. If blocked, the test is successful. After you run a successful test, you can see this result displayed by clicking the Event Log button, then Blocked Events. Click on the date/time in the left-hand column, to display the details of the Test Event in the right-hand column.
-
Thats what I sort of thought ky, yup, test was successful too.
Thanks.
-
Any idea why the CryptoPrevent test hangs when I run it on my Win7 machine? I am using Online Armor... worked OK on my XP.
-
All I can say is that the test is running fine on my Win7x64 Pro SP1 system, with lots of additional security as per my signature. So you might consider the differences (e.g., the online armor you mentioned) to try to pin-down the conflict.
Can you temporarily disable online armor [going offline first, if you wish, for protection] to see what happens? If that turns out to be the culprit, I assume there's a way you can instruct online armor to allow/whitelist things?
And while I assume you did this, after running/APPLYing CryptoPrevent's security, did you reboot before trying to run the test? It shouldn't be necessary, but I'm just grasping for ideas here.
-
Couple Questions before I install CryptoPrevent.
1) After installed if there is new item "installed" how do you Whitelist ?
I assume if a "bad" items comes up you can Whitelist it ?....if so, how ?
2) If you ever want to undo the group policies this sets up....say it mucks something up valid in the futures, can you ?, how ?
Thx.
-
Thanks for reply... Online Armor is on both XP and Win764 systems. Followed instructions here, yes rebooted. OA gave permission to CryptoPreventer. Tried again, no luck. Seems to work OK until test, then just hangs. Reinstalled, undid policies, and finally deleted.
All I can say is that the test is running fine on my Win7x64 Pro SP1 system, with lots of additional security as per my signature. So you might consider the differences (e.g., the online armor you mentioned) to try to pin-down the conflict.
Can you temporarily disable online armor [going offline first, if you wish, for protection] to see what happens? If that turns out to be the culprit, I assume there's a way you can instruct online armor to allow/whitelist things?
And while I assume you did this, after running/APPLYing CryptoPrevent's security, did you reboot before trying to run the test? It shouldn't be necessary, but I'm just grasping for ideas here.
-
Thekochs:
Borrowing essexboy's screenshot:
1) There's a whitelist option on the top menu, to allow you to add (or remove) individual items to (or from) CryptoPrevent's protection. Click on Whitelist, then Whitelist Editor. You can then browse through each of the protected directory areas, to locate/select, and whitelist any files you feel necessary. Likewise, it's easy to remove [De-Whitelist] anything from the whitelist.
2) There's an UNDO button (bottom left), to completely remove all of CryptoPrevent's protection.
By the way, an alternative/simpler way to add new items to the whitelist is:
a) UNDO CryptoPrevent's protection. Depending on your O/S [and "flukes"], you may have to close/reopen CryptoPrevent, or log off/on your account, or reboot... but these might not actually be required.
b) install the new items that CryptroPrevent was blocking.
c) APPLY CryptoPrevent's protection again, which should now automatically whitelist the new items you've added.
-
Sniggler,
If you're willing, try the following:
Run CryptoPrevent again on your win7, and APPLY its protection.
then make a COPY of the file C:\Windows\system32\cmd.exe
and PASTE the copy in C:\Users\your_user_name\AppData\Roaming
Then click on the file there to see if it runs, or if it's "blocked by group policy". If it's blocked, then that proves CryptoPrevent has done it's job, even if the test function isn't working properly. If the command prompt appears, then there's a functional problem with CryptoPrevent on your system.
-
Referring back to my original post No1: I have installed CryptoPrevent and put my trust in its protection. But just last week there was a feature in ComputerActive on CryptoLocker from which I quote:
"CryptoLocker isn't difficult to remove - any up-to-date antivirus or malware scanner will recognise it, then quarantine or remove it". This would almost imply that if you have your Avast definitions up to date (and are not previously CryptoLocked) you have nothing to worry about. I fear that life may not be so simple but would welcome feedback from those in the know.
-
Referring back to my original post No1: I have installed CryptoPrevent and put my trust in its protection. But just last week there was a feature in ComputerActive on CryptoLocker from which I quote:
"CryptoLocker isn't difficult to remove - any up-to-date antivirus or malware scanner will recognise it, then quarantine or remove it". This would almost imply that if you have your Avast definitions up to date (and are not previously CryptoLocked) you have nothing to worry about. I fear that life may not be so simple but would welcome feedback from those in the know.
New variants are released all day so it's best to have layers of protection. Once a PC is infected with Cryptolocker, the files are "encrypted" meaning even if the infection is removed the files won't be of any use. If you use CryptoPrevent you should be fine but you can also enabled Hardened mode on Avast.
-
For me this is just one of hundreds of good reasons why every user should be using drive imaging software as part of their backup and recovery strategy.
Drive Imaging software makes an exact copy of your hard drive/partitions, this should be run periodically and I would say not less than once a week.
This way if you experience a serious problem and this doesn't have to mean a virus/malware attack, you restore the last drive image.
-
I am on the point of uninstalling my current Avast and installing v. 2008. I haven't been aware of "Hardened Mode". Where do I find it? Once found I assume that it is just a matter of ticking a box? Is there any downside associated with being hardenend?
-
I am on the point of uninstalling my current Avast and installing v. 2008. I haven't been aware of "Hardened Mode". Where do I find it? Once found I assume that it is just a matter of ticking a box? Is there any downside associated with being hardenend?
From the avastUI > Settings > Antivirus - scroll down to Hardened Mode and enable it - Moderate setting is what many would go for (I did), but it appears to be somewhat more noisy than the Aggressive setting.
See RejZoR's description on the effects of and use of the avast! Hardened Mode - http://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485 (http://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485).
-
Alikhan wrote: Once a PC is infected with Cryptolocker, the files are "decrypted" meaning even if the infection is removed the files won't be of any use.
That should have said ENcrypted or encoded. The encryption is, for all practical purposes, impossible to decode (except by the crooks who encoded it). So yes, even if the malware is "easily" removable, you are left with scrambled, unusable files.
I continue to use CryptoPrevent on all my systems, as well as MBAM PRO on my primary computer.
-
Alikhan wrote: Once a PC is infected with Cryptolocker, the files are "decrypted" meaning even if the infection is removed the files won't be of any use.
That should have said ENcrypted or encoded. The encryption is, for all practical purposes, impossible to decode (except by the crooks who encoded it). So yes, even if the malware is "easily" removable, you are left with scrambled, unusable files.
I continue to use CryptoPrevent on all my systems, as well as MBAM PRO on my primary computer.
Ah, my mistake lol. Never reread it. Anyways, edited it. Thanks.