Author Topic: CryptoLocker  (Read 37795 times)

0 Members and 1 Guest are viewing this topic.

techlike99

  • Guest
Re: CryptoLocker
« Reply #15 on: October 17, 2013, 06:18:05 PM »
I'm dealing with this ransomware for a client. I know that Avast already referenced this infection as Win32:Ransom-AQH [Trj], however, the infection on his PC is fresh and somehow managed to bypass Avast guard. I've restored some of the files using Shadow Explorer. For now, it seems the only possible solution, so it saved the day! For those who have the same issue I recommend reading these posts:

http://deletemalware.blogspot.com/2013/10/remove-cryptolocker-virus-and-restore.html

http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/

And also a thread on reddit: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: CryptoLocker
« Reply #16 on: October 18, 2013, 01:03:10 AM »
I'm dealing with this ransomware for a client. I know that Avast already referenced this infection as Win32:Ransom-AQH [Trj], however, the infection on his PC is fresh and somehow managed to bypass Avast guard. I've restored some of the files using Shadow Explorer. For now, it seems the only possible solution, so it saved the day! For those who have the same issue I recommend reading these posts:

http://deletemalware.blogspot.com/2013/10/remove-cryptolocker-virus-and-restore.html

http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/

And also a thread on reddit: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/

If you have the malware exe file (usually not hard to find on the system) you can add it to the virus chest and send it in so the lab can add to the database. Or send to virus (at) avast.com  even though you were able to restore your files it might save someone else some headache
"People who are really serious about software should make their own hardware." - Alan Kay

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 740
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: CryptoLocker
« Reply #17 on: October 23, 2013, 12:11:49 AM »
avast! stops most versions, but there are new zero day constantly being released.  New updates to CryptoLocker including "CryptoPrevent" free utility!

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.foolishit.com/download/cryptoprevent/
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

canetree

  • Guest
Re: CryptoLocker
« Reply #18 on: October 23, 2013, 02:17:06 AM »
Man, this is some nasty stuff. Glad I've been using Macs. Nothing like this out there on OSX as far as I know...

Offline Amgeek

  • Jr. Member
  • **
  • Posts: 45
Re: CryptoLocker
« Reply #19 on: October 31, 2013, 03:25:09 PM »
There we go, everyone run out and drop thousands on a Mac to avoid a $300 loss.

Brilliant, what a deal!!!!!

Glad to see you mentioning the Foolishit  free preventitive, well worth watching.

http://www.foolishit.com/posts/cryptolocker-prevention/

For a few dollars more Malwarebytes pro may also offer some hope.


http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Let's catch these bastards.





canetree

  • Guest
Re: CryptoLocker
« Reply #20 on: October 31, 2013, 05:03:02 PM »
Now now, let's not be hasty. Macs start at $599 for a pretty decent machine, not thousands. As someone who's been building and using PCs since the first IBM PC came out in 1981 and currently have 13 different computers in my work cubicle, I'm going go out on a limb here and say for the average user, Macs are a better machine. The lack of malware is one of many reasons why I recommend them unless you need some customized configuration for gaming or MS based server services.

nannunannu

  • Guest
Re: CryptoLocker
« Reply #21 on: October 31, 2013, 05:15:28 PM »
Or you could just use OpenDNS...

Offline Amgeek

  • Jr. Member
  • **
  • Posts: 45
Re: CryptoLocker
« Reply #22 on: October 31, 2013, 05:26:27 PM »
I do use open DNS but how would that help (document?)?


nannunannu

  • Guest
Re: CryptoLocker
« Reply #23 on: October 31, 2013, 05:30:34 PM »
They've been doing predictive analysis to redirect/block requests to malicious domains...  Blogged about their efforts against cryptolocker about a month ago:

http://labs.umbrella.com/2013/09/25/ripple-effect/

Not perfect, but another layer of protection...

Edit:  I guess I should mention that they've had a low trust thing for a long time against random character domains (that are at least now a common method of hosting malicious code)...  So if one of these domains suddenly shows up on a heat map it gets noticed and blocked quickly.  Again, not perfect, but another layer...
« Last Edit: October 31, 2013, 05:36:10 PM by nannunannu »

Offline Amgeek

  • Jr. Member
  • **
  • Posts: 45
Re: CryptoLocker
« Reply #24 on: October 31, 2013, 05:32:03 PM »
Thanks

Arnold72

  • Guest
Re: CryptoLocker
« Reply #25 on: October 31, 2013, 06:52:58 PM »
A nice clean image on an unconnected external HDD is always handy in these situations.

crocodilo69

  • Guest
Re: CryptoLocker
« Reply #26 on: November 05, 2013, 06:45:17 AM »
Hi All,

Does anyone on here use Avast EndPoint Protection Plus (version 8)?

Apparently there is a tool in Avast called 'Avast Rescue Disk'. This is apparently something you can do BEFORE infection to have a rescue disk in place.

Anyone know if Avast plan on pushing this out to all their products in a future update? Sooner rather than later.?

Would be a useful feature to have.

Good luck to all those having issues with this nasty infection.

FYI: There is also apparently a free tool called 'CryptoPrevent' http://www.foolishit.com/vb6-projects/cryptoprevent/

timnboys

  • Guest
Re: CryptoLocker
« Reply #27 on: December 15, 2013, 10:47:08 PM »
So avast! will stop cryptolocker right? I mean that is why avast included streaming cloud updates right? to stop zero day malware like cryptolocker right?
Please tell me avast! will stop zero day malware like cryptolocker and other malware, because I was considering to buy avast! endpoint protection plus to centrally manage pc's
but I don't know if I want to buy it if you cannot stop zero day malware, that has never been in the wild, I mean isn't that why avast started having a behavior shield and other features that now detects it without having to have a signature right? Please tell me if you could offer me a discount on avast! endpoint protection plus so that I could afford to put it on my pc. And please tell me if I can get a discount to buy the avast endpoint protection plus, could you please tell me whether this will block viruses like cryptolocker and other zero day threats? And also when you buy endpoint protection plus do you get a license file? like in the home editions?
Or do you get something else? because I would prefer a license file if possible.

geoffwhite

  • Guest
Re: CryptoLocker
« Reply #28 on: May 08, 2014, 03:04:47 PM »
I'm a journalist working on a malware story that takes in Cryptolocker - keen to speak to people who've been hit, if anyone would like to get in touch: geoff.white@itn.co.uk

Thanks.