Author Topic: CryptoLocker latest  (Read 16623 times)

0 Members and 1 Guest are viewing this topic.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #30 on: November 30, 2013, 04:22:06 AM »
thekochs

1. you can enter your license code into the free version to upgrade it to the PRO version, without having to uninstall the Free one first:  Hit the PROTECTION tab, and toward the bottom, hit ACTIVATE.   Then fill-in the product ID and KEY as requested, and hit (the newer) ACTIVATE button.

2. yes, you can set MBAM PRO for daily [or other regularly-scheduled] scanning, by clicking on the SETTINGS tab, then Scheduler Settings, and ADDing a scan [or a check for updates] by specifying your choice of parameters.
Personally, I am NOT a fan of routine scanning on a system that I strive to keep squeaky clean.   I trust myself more than I want to allow for the possibility of a false positive in over-scanning.  As such, I neither scan daily with Avast, nor with MBAM.   But that's just me.   If you feel more comfortable with daily scans, then it's your decision to do so.
Yes, it would be best to separate a daily MBAM scan from a daily AVAST scan... no need having them hog your CPU, and fight over disk access!

I *HAVE* scheduled MBAM to check for updates every hour.

3) Which of the MBAM scans are you running?   Believe it or not, the QUICK scan is highly efficient, and will probably catch just about all the malware on your system!   If the QUICK scan comes up clean, I'd say you're 97+% safe... perhaps even more so.  As such, there's little need to ever run a FULL [lengthy] scan with MBAM... unless you really insist... "once in a blue moon".
By the way, MBAM PRO also offers a "Flash" scan, which tests just the most sensitive areas, really quickly.

4) I mentioned auto-updates of database in my response to (2).
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #31 on: November 30, 2013, 04:33:05 AM »
Digmor,

HelloWorld2 is the test program that CryptoPrevent creates to test itself.  When you hit the test button, it (temporarily, as best as I can tell) creates HelloWorld2.exe in a monitored area [for example,  C:\Users\your name\AppData\Roaming\ ] and tries to run it from there.   If blocked, the test is successful.  After you run a successful test, you can see this result displayed by clicking the Event Log button, then Blocked Events.   Click on the date/time in the left-hand column, to display the details of the Test Event in the right-hand column.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline digmor crusher

  • Sr. Member
  • ****
  • Posts: 206
Re: CryptoLocker latest
« Reply #32 on: November 30, 2013, 04:35:41 AM »
Thats what I sort of thought ky, yup, test was successful too.

Thanks.

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
Re: CryptoLocker latest
« Reply #33 on: November 30, 2013, 01:29:53 PM »
Any idea why the CryptoPrevent test hangs when I run it on my Win7 machine? I am using Online Armor... worked OK on my XP.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #34 on: November 30, 2013, 02:13:02 PM »
All I can say is that the test is running fine on my Win7x64 Pro SP1 system, with lots of additional security as per my signature.   So you might consider the differences (e.g., the online armor you mentioned) to try to pin-down the conflict.

Can you temporarily disable online armor [going offline first, if you wish, for protection] to see what happens?   If that turns out to be the culprit, I assume there's a way you can instruct online armor to allow/whitelist things?

And while I assume you did this, after running/APPLYing CryptoPrevent's security, did you reboot before trying to run the test?   It shouldn't be necessary, but I'm just grasping for ideas here.
« Last Edit: November 30, 2013, 02:23:33 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: CryptoLocker latest
« Reply #35 on: November 30, 2013, 03:41:43 PM »
Couple Questions before I install CryptoPrevent.
1) After installed if there is new item "installed" how do you Whitelist ?
    I assume if a "bad" items comes up you can Whitelist it ?....if so, how ?
2) If you ever want to undo the group policies this sets up....say it mucks something up valid in the futures, can you ?, how ?

Thx.
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline The Sniggler

  • Full Member
  • ***
  • Posts: 120
Re: CryptoLocker latest
« Reply #36 on: November 30, 2013, 04:07:06 PM »

Thanks for reply... Online Armor is on both XP and Win764 systems. Followed instructions here, yes rebooted.  OA gave permission to CryptoPreventer. Tried again, no luck. Seems to work OK until test, then just hangs. Reinstalled, undid policies, and finally deleted.

All I can say is that the test is running fine on my Win7x64 Pro SP1 system, with lots of additional security as per my signature.   So you might consider the differences (e.g., the online armor you mentioned) to try to pin-down the conflict.

Can you temporarily disable online armor [going offline first, if you wish, for protection] to see what happens?   If that turns out to be the culprit, I assume there's a way you can instruct online armor to allow/whitelist things?

And while I assume you did this, after running/APPLYing CryptoPrevent's security, did you reboot before trying to run the test?   It shouldn't be necessary, but I'm just grasping for ideas here.

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #37 on: November 30, 2013, 06:11:34 PM »
Thekochs:

Borrowing essexboy's screenshot:

1) There's a whitelist option on the top menu, to allow you to add (or remove) individual items to (or from) CryptoPrevent's protection.   Click on Whitelist, then Whitelist Editor.   You can then browse through each of the protected directory areas, to locate/select, and whitelist any files you feel necessary.   Likewise, it's easy to remove [De-Whitelist] anything from the whitelist.

2) There's an UNDO button (bottom left), to completely remove all of CryptoPrevent's protection.

By the way, an alternative/simpler way to add new items to the whitelist is:
a) UNDO CryptoPrevent's protection.   Depending on your O/S [and "flukes"], you may have to close/reopen CryptoPrevent, or log off/on your account, or reboot... but these might not actually be required.
b) install the new items that CryptroPrevent was blocking.
c) APPLY CryptoPrevent's protection again, which should now automatically whitelist the new items you've added.



« Last Edit: November 30, 2013, 06:28:08 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #38 on: November 30, 2013, 07:10:06 PM »
Sniggler,

If you're willing, try the following:
Run CryptoPrevent again on your win7, and APPLY its protection.
then make a COPY of the file C:\Windows\system32\cmd.exe
and PASTE the copy in C:\Users\your_user_name\AppData\Roaming

Then click on the file there to see if it runs, or if it's "blocked by group policy".   If it's blocked, then that proves CryptoPrevent has done it's job, even if the test function isn't working properly.  If the command prompt appears, then there's a functional problem with CryptoPrevent on your system.
« Last Edit: November 30, 2013, 08:03:30 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline Telegraph_Sam

  • Full Member
  • ***
  • Posts: 101
Re: CryptoLocker latest
« Reply #39 on: December 15, 2013, 01:36:57 AM »
Referring back to my original post No1: I have installed CryptoPrevent and put my trust in its protection.  But just last week there was a feature in ComputerActive on CryptoLocker from which I quote:
"CryptoLocker isn't difficult to remove - any up-to-date antivirus or malware scanner will recognise it, then quarantine or remove it".  This would almost imply that if you have your Avast definitions up to date (and are not previously CryptoLocked) you have nothing to worry about.  I fear that life may not be so simple but would welcome feedback from those in the know.
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2234
Re: CryptoLocker latest
« Reply #40 on: December 15, 2013, 01:40:44 AM »
Referring back to my original post No1: I have installed CryptoPrevent and put my trust in its protection.  But just last week there was a feature in ComputerActive on CryptoLocker from which I quote:
"CryptoLocker isn't difficult to remove - any up-to-date antivirus or malware scanner will recognise it, then quarantine or remove it".  This would almost imply that if you have your Avast definitions up to date (and are not previously CryptoLocked) you have nothing to worry about.  I fear that life may not be so simple but would welcome feedback from those in the know.

New variants are released all day so it's best to have layers of protection. Once a PC is infected with Cryptolocker, the files are "encrypted" meaning even if the infection is removed the files won't be of any use. If you use CryptoPrevent you should be fine but you can also enabled Hardened mode on Avast.
« Last Edit: December 15, 2013, 01:56:25 AM by Alikhan »
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84414
  • No support PMs thanks
Re: CryptoLocker latest
« Reply #41 on: December 15, 2013, 01:45:50 AM »
For me this is just one of hundreds of good reasons why every user should be using drive imaging software as part of their backup and recovery strategy.

Drive Imaging software makes an exact copy of your hard drive/partitions, this should be run periodically and I would say not less than once a week.

This way if you experience a serious problem and this doesn't have to mean a virus/malware attack, you restore the last drive image.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.10.2442 (build 20.10.5824.618) UI-1.0.591/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Telegraph_Sam

  • Full Member
  • ***
  • Posts: 101
Re: CryptoLocker latest
« Reply #42 on: December 15, 2013, 01:47:08 AM »
I am on the point of uninstalling my current Avast and installing v. 2008.  I haven't been aware of "Hardened Mode".  Where do I find it?  Once found I assume that it is just a matter of ticking a box?  Is there any downside associated with being hardenend?
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84414
  • No support PMs thanks
Re: CryptoLocker latest
« Reply #43 on: December 15, 2013, 01:52:02 AM »
I am on the point of uninstalling my current Avast and installing v. 2008.  I haven't been aware of "Hardened Mode".  Where do I find it?  Once found I assume that it is just a matter of ticking a box?  Is there any downside associated with being hardenend?

From the avastUI > Settings > Antivirus - scroll down to Hardened Mode and enable it - Moderate setting is what many would go for (I did), but it appears to be somewhat more noisy than the Aggressive setting.

See RejZoR's description on the effects of and use of the avast! Hardened Mode - http://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.10.2442 (build 20.10.5824.618) UI-1.0.591/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: CryptoLocker latest
« Reply #44 on: December 15, 2013, 01:54:40 AM »
Alikhan wrote:  Once a PC is infected with Cryptolocker, the files are "decrypted" meaning even if the infection is removed the files won't be of any use.

That should have said ENcrypted or encoded.   The encryption is, for all practical purposes, impossible to decode (except by the crooks who encoded it).  So yes, even if the malware is "easily" removable, you are left with scrambled, unusable files.

I continue to use CryptoPrevent on all my systems, as well as MBAM PRO on my primary computer.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]