Author Topic: CryptoLocker latest  (Read 20600 times)

0 Members and 1 Guest are viewing this topic.

thekochs

  • Guest
Re: CryptoLocker latest
« Reply #15 on: November 29, 2013, 05:56:25 PM »
MBAM is anti-MALWARE, and its authors have taken great pains to make it compatible with just about any anti-VIRUS program.   If you check our signatures here, you'll find many people happily running MBAM PRO along with avast.

I have run the PRO (realtime) version along with avast8 on both WinXP and Win7.   I did NOT have to set-up any exclusions in either program... they're running just fine together for me.

Having said that, MBAM does offer a detailed suggestion (setting up mutual exclusions in each program), SHOULD you find there's a conflict of slow-down:  https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry417798

Thx, are you also running CryptoPrevent ?
Any chance you have the installer you can zip/post ?......the server is down.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #16 on: November 29, 2013, 06:12:05 PM »
Yes, I am using CryptoPrevent.   "Running" isn't an accurate description:  It runs once, sets up its restrictions/policies, and automatically protects you without continually "running".

No, this forum will not accept .exe nor .zip files ---
Allowed file types for upload are: txt, jpg, gif, png, log

Just keep trying the CryptoPrevent site.   The problem is that it's being bombarded by so many people, it can't handle all the requests.

CrytoPrevent offers two versions:  a .ZIP file, from which you have to extract the executable; and an .exe file which offers setup/installer, which places easy-to-find links to CryptoPrevent on your START Menu and Control Panel (Add/Remove).   If you know/remember where you extracted/unzipped the file, I see no real need for an acutual "installation".
« Last Edit: November 29, 2013, 06:38:01 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #17 on: November 29, 2013, 06:51:43 PM »
It's the easiest thing to use:

Download it.   Run the executable program (after extracting it from the .ZIP file, or directly from the START Menu if you opted for the installer);
Click the APPLY button (accepting the checked defaults).
And basically you're done.

Periodicially [e.g., once a week], you can use its updater function to check for updates, and APPLY them as well (on top of the exisiting protection).

Hopefully, you won't encounter any problems (blocking of legitimate programs).

Basically, the CryptoLOCKER malware is running itself from non-standard locations/directories.   What CryptoPrevent does is "instruct" Windows not to allow ANY programs to run from these locations [unless whitelisted].   So it's Windows itself that's subsequently running and doing the actual blocking.

Can this be defeated, if the CryptoLOCKER malware "gets wise" and places itself in alternative locations?   Yes, that would certainly seem possible.   But it has yet to do so.  And if/when it does, we can hope that CryptoPrevent will add protection for these locations as well (if practical).
« Last Edit: November 29, 2013, 06:55:55 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: CryptoLocker latest
« Reply #18 on: November 29, 2013, 07:30:35 PM »
Cryptoprevent is hosted on Majorgeeks  http://www.majorgeeks.com/files/details/cryptoprevent.html

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
Re: CryptoLocker latest
« Reply #19 on: November 29, 2013, 08:18:14 PM »
I installed it on my XP machine with no apparent problems.
However, on my Win7, the test function froze.... test thru very quickly on XP,stalled on Win7
After numerous tries and restarts, I uninstalled with Revo.
Wonder why?

Telegraph_Sam

  • Guest
Re: CryptoLocker latest
« Reply #20 on: November 29, 2013, 10:25:45 PM »
I downloaded the CryptoPrevent zip file (into XP) from majorgeeks and with some guesswork it seems to be doing what it says on the tin. It would probably have worked first time if the presentation on the original website had been a bit clearer (which file to download).  The "test" is very quick, probably designed to be so.  I have asked what the significance is of the unticked option "Block Temp Extracted Executables in Archive Files", and whether I should tick it "for good measure" whatever it does.  Can I now stop wondering about upgrading to MWB Pro?

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #21 on: November 30, 2013, 12:07:01 AM »
Quoting Corrine Chorney (Microsoft MVP in Computer Security):  "Temp Extracted Executables in Archive Files refers to executables (e.g., .exe, .pdf) that are opened directly from a downloaded .zip, .rar, etc. rather than extracting first.  An executable that is opened directly from the "archive" is opened in a temp file".

So that says WHAT they are.   As for whether to check that box, CryptoPrevent's author, in the changelog to version 2.5, stated that he left "Temp Extracted Executable protection unchecked by default and [furthermore,] implemented a warning when checking this item, as [checking it] can cause issues with some apps/installations."

Personally, I have heeded that advice and left it UNchecked, accepting all the defaults.  But others --- perhaps not noticing the author's disclaimer --- HAVE checked it.

Keep in mind that CryptoPrevent only protects against CryptoLocker --- it makes no attempt to protect against other forms of malware.   [It might "accidentally" catch other malware, if, like CryptoLocker, they choose to run from one of the "locked"/protected directories.]   In contrast, MBAM PRO offers protection against MANY forms of malware.   Its creative team focus on the prevalent, more-stubborn, toughest malware, that often can make its way (undetected) passed many/most anti-virus programs.   That's its niche.   MBAM is not an anti-virus program --- it does not look for typical viruses.   Rather, it is specifically written to COMPLEMENT whatever anti-virus program the user prefers.

Just so we understand, the FREE version of MBAM is a complete SCANNER and REMOVER.   It is not a trial, its scanner/removal features are not limited.   It's a great program for everyone to have, to attempt to repair a bad situation after the infection has set in.
The "limitation" in the free version is that it does not offer up-front protection.   THAT'S the critical function of the PRO/paid version:  It will prevent infection from setting-in in the first place, both my monitoring files as they're executed, as well as monitoring URLs, blocking those it believes to be bad.   It's a one-time investment per machine (with the right to transfer that license from one machine to another, provided you "retire" usage of MBAM PRO on the former).   

If you check various malware-removal forums, you'll see that MBAM [Free] is often the first tool they use to try to remove an infection.  Any infection that MBAM Free can remove, after the fact, could have been prevented, had the person been using MBAM PRO!   In my opinion, it's worth every penny.   Indeed, it's the only paid program that I strongly advocate --- in general, I think free programs (including of course, Avast), do a very good job.

EDIT / P.S.  If you're considering MBAM PRO, now is the time to buy --- they're running a "Black Friday" 40% off sale this weekend (through Dec. 2nd):  http://www.malwarebytes.org/blackfriday/
« Last Edit: November 30, 2013, 12:31:27 AM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Telegraph_Sam

  • Guest
Re: CryptoLocker latest
« Reply #22 on: November 30, 2013, 12:31:38 AM »
I understood from reading the CryptoPrevent text that it could well prevent other malware though it doesn't make a point of this as a general AV program does.  The fact remains that we are advised not to run more than one AV program but MWB Pro appears to be the exception.  As does Lavasoft Ad-Aware I seem to recall (I've installed it on this basis).  I used to use Spybot and Spywareblaster but I believe (?) that this is no longer active .. The point comes where you have to ask where to draw the line!

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #23 on: November 30, 2013, 01:23:50 AM »
Each person has to decide how much security he/she is comfortable running.   As you can see from my signature, I choose to run a lot.  Yet, as best as I can tell, there are no conflicts nor any noticeable slow down.

Yes, the advice NOT to run more than one REAL-TIME anti-VIRUS program still holds.   But CryptoPrevent does NOT run in real-time.   It sets-up "policy restrictions" in the registry, and then lets Windows handle these.   SpywareBlaster, which you mentioned, behaves similarly:  it sets various restrictions (cookies, ActiveX, restricted sites), and then let your browser (e.g., IE) take care of implementing them.   SpywareBlaster is still around, and can be used in conjunction with most other programs.

Lavasoft --- which used to be just "Ad Aware" --- has grown into a full-fledged anti-virus suite.   This fuller progam should NOT be used in conjunction with Avast.   [Some people may "pick-and-choose" to run only certain components of each (e.g., a firewall), but that gets complicated, and can potentially be problematic.]

MBAM should not conflict with avast, nor any other anti-virus program.   SAS (SuperAntiSpyware) is a popular alternative to MBAM that has its ardent fans.   Those who prefer to run SAS PRO/realtime [instead of MBAM PRO], along with an anti-virus, may certainly do so.
« Last Edit: November 30, 2013, 01:39:26 AM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

thekochs

  • Guest
Re: CryptoLocker latest
« Reply #24 on: November 30, 2013, 02:30:06 AM »
I have run the PRO (realtime) version along with avast8 on both WinXP and Win7.   I did NOT have to set-up any exclusions in either program... they're running just fine together for me.
Having said that, MBAM does offer a detailed suggestion (setting up mutual exclusions in each program), SHOULD you find there's a conflict or slow-down:  https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry417798

I think I'll take the Black Friday $14 Lifetime License per PC plunge....I read the FAQ and the exclusions for Avast are for Avast6....any change for Avast 8 ?.......I have not upgraded to Avast 9......way the forum is reading it'll be a LONG while before I do that. :)

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #25 on: November 30, 2013, 02:39:22 AM »
Concerning the mutual [or even "one-sided"] exclusions between MBAM PRO and avast, I would suggest you try running both together "as is"... and only worry about exclusions in the event something doesn't seem right [e.g., you have an actual conflict, or things seem to be "dragging"/slow.   I have made no exclusions in either program, and all seems well here.

Yes, the exclusion list was written specifically for avast6, but I believe if you check them out, it should transfer-over straightforwardly to avast8.   
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Alievitan

  • Guest
Re: CryptoLocker latest
« Reply #26 on: November 30, 2013, 02:51:00 AM »
Any side effects to using Cryptoprevent?  I remember Chrome installed and ran in the applocal up to relatively recently.  They now by default install it in program files, but I that leaves tens of millions of users.  Anything else people should look out for?

thekochs

  • Guest
Re: CryptoLocker latest
« Reply #27 on: November 30, 2013, 02:55:12 AM »
Concerning the mutual [or even "one-sided"] exclusions between MBAM PRO and avast, I would suggest you try running both together "as is"... and only worry about exclusions in the event something doesn't seem right [e.g., you have an actual conflict, or things seem to be "dragging"/slow.   I have made no exclusions in either program, and all seems well here.

Yes, the exclusion list was written specifically for avast6, but I believe if you check them out, it should transfer-over straightforwardly to avast8.   

Just bought dozen licenses at $14 each.....great deal for lifetime...wow !
I'm sure dumb question(s)
1) Uninstall MBAM Free Scanner before I install the Pro, correct ?
2) I usually have Avast do scan daily 5am.....I assume I can/will do a MBAM scan daily, do you ?
    If so, I assume you can schedule in Pro ?
    If so, I assume to run the Avast & MBAM scans at different times ?
3) MBAM scan in Free takes awhile.......I have W7 64bit clean I5 machines.....but think it runs longer than an Avast scan.
    How long do you see the scans being in MBAM ?
4) MBAM Pro auto-updates its malware database like Avast for Virus DB ?....obviously MBAM Free you have to do this manually.

.....going to use Avast8 + MBAM Pro + CryptoPrevent on all of my home and office W7 64bit PCs.

Thx !

« Last Edit: November 30, 2013, 02:57:36 AM by thekochs »

Offline digmor crusher

  • Sr. Member
  • ****
  • Posts: 214
Re: CryptoLocker latest
« Reply #28 on: November 30, 2013, 03:50:11 AM »
Decided to try Cryptoprevent, after installation tried the test, Avast popped up and I set an exclusion, had to do this twice. When I checked the exclusions in hardened mode there was one for helloworld.exe, when I close Avast and opened 5 minutes later this exclusion was gone. Not surprised exclusion was gone as this version is so buggy, none of my exclusions stick, but has anyone heard of helloworld and could somebody check to see if this happened to them why trying Cryptoprevent?

Thanks.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #29 on: November 30, 2013, 03:53:19 AM »
Alievitan,
the first time you run CryptoPrevent, if you accept the default settings, it will "whitelist" any programs you already have located in the "protected" directories.   So for example, if Chrome was present there, it would be whitelisted, and allowed to run in the future.   CryptoPrevent seeks to limit NEW applications... presumably malware... that suddenly pop-up unexpectedly in these non-standard locations.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]