Crypto Locker Virus
A customer had the misfortune of being infected with the Cryptolocker virus. Fortunately we had installed Carbonite on his computer, and the Carbonite folks were able to mount a previous backup. The restore will take several days, but he won't lose everything.
My problem is that neither Malwarebytes nor SuperAntispyware detected any viruses on the computer. the Emsisoft Emergency Kit detected a Trojan and cleaned it. The Eset Online Scanner finds over 13, 000 instances of the Win32/Filecoder CRTrojan - essentially the popups associated with the virus. But, Eset Onlline Scanner will not run to completion, and when I stop it, I am offered the opportunity to delete the viruses that were found. I delete them, however, when I run the scanner again, I get just bout the same number of hits.
Is there another good scanner or a way to make the Eset Scanner run to completion?
Am I at a point where we might be better off reformatting the hard drive and starting from scratch?
My problem is that neither Malwarebytes nor SuperAntispyware detected any viruses on the computer. the Emsisoft Emergency Kit detected a Trojan and cleaned it. The Eset Online Scanner finds over 13, 000 instances of the Win32/Filecoder CRTrojan - essentially the popups associated with the virus. But, Eset Onlline Scanner will not run to completion, and when I stop it, I am offered the opportunity to delete the viruses that were found. I delete them, however, when I run the scanner again, I get just bout the same number of hits.
Is there another good scanner or a way to make the Eset Scanner run to completion?
Am I at a point where we might be better off reformatting the hard drive and starting from scratch?
No scanner I know if will detect cryptolocker virii, most importantly because it is not truly a virus. Cryptolocker type malware is an encryption algorithm. Your best defense are good backups with veining control.
ASKER
What I was trying to delete was part of the payload. A TXT file and an HTML file that produce the popup asking for the ransom. There were over 19000 of them. Having cleaned the virus, I was able to do a Windows Search and manually delete all files found.
I installed and ran Symantec EndPoint 12.1 it found a trace. The Eset online scanner ran clean.
I am still in process of restoring the files from Carbonite to a clean disk. The download was at 32% before the power company decided that they needed to replace a utility pole outside my house. Now I am at 40% of the remaining 68%.
I will report my results after I put the files back on the user's computer.
I installed and ran Symantec EndPoint 12.1 it found a trace. The Eset online scanner ran clean.
I am still in process of restoring the files from Carbonite to a clean disk. The download was at 32% before the power company decided that they needed to replace a utility pole outside my house. Now I am at 40% of the remaining 68%.
I will report my results after I put the files back on the user's computer.
ASKER
The Carbonite restore finished while my customer was on vacation (a concept that I need to work on). I am scheduled to see him tomorrow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is my own comment. I am closing this, but the solution was my own.
First, have you tried Avast? It's my personal favorite anti-virus. The free edition is an excellent anti-virus that detects many things I am not able to find with other software.
Second, once infected, always infected. If you have backups of everything, reinstall and restore from the backups. I know that this is an annoying process, but it may be necessary when facing particularly annoying viruses like CryptoLocker.