Cryptolocker (Ransomeware)....a real Nasty

[DeeCeeDee]

Cryptolocker....for those who are unaware of it can read the link provided or research it for yourselves.

http://techtalk.pcpitstop.com/2013/12/17/right-way-handle-cryptolocker/?leo-fightcryptolocker=

"The right way to deal with CryptoLocker is to treat it just like any other malware. Remember, only you can prevent malware. Don’t open email attachments that you aren’t absolutely certain are safe, and as I understand it CryptoLocker currently propagates most commonly via email attachments."......quote from Leo A. Notenboom (www.askleo.com)
 

[Michael (alan1998)]

Wrong Section.

And We all know the effects of Cyrptolocker.

[CCV]

Ok.. Wrong section, but I have a question?

From http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19530796.aspx

Fortunately, users of Malwarebytes Anti-Malware Pro are protected from Crytolocker via the PRO version's realtime malware-execution-prevention and blocking of malware sites and servers.

True, or false?

Edit:
A reply, from the same source..

It is said that avast! will detect it if Hardened Mode is set to Agressive and PUP cofiguration is active since it is a ransonware.

The language is unclear to me. Heuristic sensitivity can be set to high and PUP scan activated on Web Shield settings. Would that help? 

[CCV]

Wrong Section.

And We all know the effects of Cyrptolocker.

So.. What is the right section? We may "know the effects", but defence appears to be more a matter of education than anything else.
It hasn't magically gone away, as far as I can tell, and it has gained more means of distribution than OP suggests. Therefore, I would like to pursue this matter further.

(P.S. I did try PM to alan1998, but not sure it went through.)
 

[essexboy]

Fortunately, users of Malwarebytes Anti-Malware Pro are protected from Crytolocker via the PRO version's realtime malware-execution-prevention and blocking of malware sites and servers

That is a bit sweeping, if I was writing that I would add the proviso "of currently known versions"

Avast with hardened mode set to aggressive blocks the test file provided by FoolishIT as part of their protection system.  This blocks files, via system permissions settings, from  running from known (again that word) running locations

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

[Michael (alan1998)]

I'm tpying with a fractured arm. So my typing will suck.

In repsonse to you PM. It should probably be in the General Section. THis forum is for people who ar currently infected w/ cryptolocker.

I say this because it's a discussion, not trying to aim at removing the malware. In which case, just run MBAM. The encrypted files currently have no way of being deccryted short of hacking the server that is hosting the keys. Which no one knows of.

Since I cn't test this. Is their not a way you can retrieve the password via Wireshark since the malware has to send out the key? Intercept that key and you should be good to go. Or is that an early type of cryptolocker?

[CCV]

@ alan1998 Ouch! Your typing doesn't seem to suffer so much.
Um, Wireshark.. I don't know what that is but, I saw it mentioned on a very long Bleeping Computer thread about Cryptolocker. Someone suggested that approach, but I didn't see any definitive answer that it worked at all.

Anyway, the key, as always, is try to avoid being infected in the first place. I don't remember all the avenues, but PDF downloads aren't always what they purport to be (Save as dialogue should warn you, I would've thought) and the latest thing is via infected USB drives.
Sites that require you to install software to view video content, for example, is another, and fake alert sites.. - as well as the old email attachment trick.

A Limited (not Admistrator) User Account, apparently, offers some protection - because, Cryptolocker can only run "as Administrator".
Unhide known extensions so you can see if a 'doc' or 'pdf' is actually an .exe before you open it, is another suggestion. Nothing is 100% tho, so always keep a recent "cold storage" clean backup for insurance.

Yes, as you say, it is a discussion only. Any chance the Mods can move the thread?

@ essexboy
As I understand it, Cryptolocker is only as good as the latest update too.
Something called HitmanPro.Alert with CryptoGuard [beta] looks promising - provided it kicks in before any encryption (which I'm not absolutely sure about).
Found it mentioned on http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

[Michael (alan1998)]

@ alan1998 Ouch! Your typing doesn't seem to suffer so much.
Um, Wireshark.. I don't know what that is but, I saw it mentioned on a very long Bleeping Computer thread about Cryptolocker. Someone suggested that approach, but I didn't see any definitive answer that it worked at all.

Anyway, the key, as always, is try to avoid being infected in the first place. I don't remember all the avenues, but PDF downloads aren't always what they purport to be (Save as dialogue should warn you, I would've thought) and the latest thing is via infected USB drives.
Sites that require you to install software to view video content, for example, is another, and fake alert sites.. - as well as the old email attachment trick.

A Limited (not Admistrator) User Account, apparently, offers some protection - because, Cryptolocker can only run "as Administrator".
Unhide known extensions so you can see if a 'doc' or 'pdf' is actually an .exe before you open it, is another suggestion. Nothing is 100% tho, so always keep a recent "cold storage" clean backup for insurance.

Yes, as you say, it is a discussion only. Any chance the Mods can move the thread?

@ essexboy
As I understand it, Cryptolocker is only as good as the latest update too.
Something called HitmanPro.Alert with CryptoGuard [beta] looks promising - provided it kicks in before any encryption (which I'm not absolutely sure about).
Found it mentioned on http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

WireShark intercepts all connections to any website if I understand correctly. So, Cryptolocker is contacting it's "Home". So WireShark will intercept all the info that it sends. So for Cryptolocker it would send a Passcode ( hvxbu-v fn2h- vhu-c d). So now you have the code you Should be able to decrypt any files. However, I heard as a apart to prevent this they use some sort of activation payment thing. So, it could or may not work.

And you want this moved? Reported to mod to be moved.

Also, as for typing, I'm trying to correct most of it