Latest virus

I am sure that this is too vague of a question but one of friends told me he ran into a very bad virus. Supposedly it adds code to PDFs, pictures, word documents, etc.

Sorry if this is a silly question.
LVL 1
Bert2005Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

XGISCommented:
Hello Bert2005...no question is silly...although you may get some silly advice!!!!...hopefully this will not be that advice..

PDF's and Word documents that allow macros and executable code can be a fatal flaw but most of these methods of injection have been dealt with and secured.  Vulnerabilities will always exist even in a standard text email that looks innocent but opens doors you never knew existed with the simple action of a mouse click.

I use MS Security Essentials  which is good enough for most things but it like any virus software does not always tell you what is affecting your system.  I find blocking programs like internet security packages generally ask too many questions about files and eventually cause complacency in the user.  eg you get sick of making decisions about whether or not you should allow something to enter or run and you end up allowing something to run and be permanently allowed based on the app that provides the decision options.

My policy is to run a FULL scan, at least of your C drive after you have been on the web a lot, and have had a lot of popups based on your browsing activities.    1st dump the cookies and history of all browsers you use.  Then run a full scan.  Ensure the documents and files that you have received are also scanned, eg located on your data drive D.

Once you are cleared then you can proceed to access banking portals etc..   It doesnt matter what software you use  I have seen even the best ones pick up a virus at least 3-5 years after it was stored...

My bet for now would be bit defender cause its top of the pops and doesn't use 50% of your valuable computing power like some protectors.  Always use a demo before you buy just in case it is too much to handle.  I only use MS Security Essentials, its for free, and updated daily.  Finally it comes back to the user to make the decisions about their system security.  Computers are not that smart!

hope this helps
0
Bert2005Author Commented:
OK, thanks to both of you.
0
XGISCommented:
Hello Bert2005,

If you do want to see the array of possibilities you are dealing with visit one or more of the top antivirus companies that display information about the plethora of infections that appear each day, hour, minute...

Symantec

McAfee

Its a big field...lots of bugs.. Map
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

aadihCommented:
Scan with Malwarebytes Antimalware (free).  Also run TDSSKiller (free).
0
Bert2005Author Commented:
Thanks. I am still working on it. Malwarebytes is definitely a nice program. It didn't find anything, though.
0
XGISCommented:
Hello Bert 2005,, you didn't actually say you thought you had the virus, just that a friend said it was floating in cyberspace...  What symptoms do you have that make you think you are infected?
0
Bert2005Author Commented:
I do not have any symptoms. I was a bit confused and probably should have tried to re ask my question. I find it hard to ask the experts to name a virus when I don't even have a name other than my friend contracted it and said it took hours to try to fix. He just ended up restoring from external hard drives.

I figured if anyone would know about new extremely dangerous viruses, it would be on here. I thought someone would have heard about. I apologize for being unclear.
0
younghvCommented:
Bert 2005 -
Did your friend contract one of the "Ransomware" varieties? That is when various documents are encrypted by the malware and you have to pay a 'fee' to get the key to restore them.

One of the latest variants (CryptoLocker) is particularly insidious and I haven't yet seen any successful restoration advice.

The infection is easy to repair, but the decryption is bridge too far.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bert2005Author Commented:
Yes! That is the virus. Thanks for naming it. So, you are saying that once contracted, you can  fix the virus, but the not the files which have been encrypted.

I am to believe that if I unfortunately contract this virus, I should not pay the fee, which I wouldn't have anyway.

Other than practicing safe practices when it comes to viruses, is there a particular way that this virus enters your computer, such as web sites, attachments and so on?

I have ESET NOD32 Business version, which updates about every two hours. Do you think it would recognize it yet?
0
XGISCommented:
Hello Bert 2005, not to worry, pls advise what antivirus  software you are using, if any, is it up to date, and have you scanned the files you think may be infected, or have you done a complete scan.  

Even if you do get a name for it it will probably be varied in name by tomorrow so it can get around undetected for as long as possible.  

As long as you have some protection in place you should get peace of mind.

Like younghv said your mate might have been coerced by ransom ware or he might have got one of those emails that say there is a bug around, sending fear into the email community and making them feel obliged to forward it to their friends....and some virus maker gets their jollies.

Run a full scan, on your system and you should be right to go.

Probably the ones you should worry about are the bugs that record your browser keystrokes when you browse and they send your typed data direct to a server that scans them for logins or credit card details.  That way they don't need to hack or destroy your machine or decrypt anything.  That being said ensure you at least have your firewall on.

This is why you should regularly delete your cookies and all history including passwords from every browser you use.  Also consider turning on the "delete browser history" on exit in your "internet options".    

Also store your important passwords and usernames in a software like keepass that encrypts those details. Then make sure you delete any emails that contain username and password info.  Make sure you don't forget your KeePass master password.
0
younghvCommented:
I've been reading about this a lot over the past few days. Apparently the most common vector is from email attachments. Of course, those are about the oldest of all infection sources - but still (obviously) very effective.

After doing my research, I did a fresh backup of all my data/doc/photo/music, etc files (everything I might want to see tomorrow) to an external drive and locked it in my safe.

I also made sure that none of the accounts I regularly use on any computer are 'Administrator' accounts. That part has always been my recommendation, and my practice, but I found 2 of 7 systems where I had been doing regular work with an Admin account.

Kicked myself several times over that foolishness.

Bottom line:
Do a fresh backup, use an account with no privileges.

A lot more details are in this EE Article that I first wrote several ago and have updated frequently:
http://www.experts-exchange.com/A_1958.html MALWARE - "An Ounce of Prevention..."
0
XGISCommented:
Check this link to see that eset has been all over it since 20th Sept 2013...
Cryptolocker
0
Bert2005Author Commented:
ESET is what I use, and I have run it on all computers and the server. If you delete all your cookies, etc., then you have to start from scratch every time you log in. I guess it is a risk benefit type of thing.
0
Bert2005Author Commented:
Well, that does make me feel better, however I don't think I could run my computer without RDP.
0
younghvCommented:
@XGIS:
All of the main anti-malware vendors are "all over" CryptoLocker for prevention. For those who have been infected, the malware repair is also quite common.

The problem is for those who have been infected and had their files encrypted. In which case they just don't have many options.
0
XGISCommented:
Here is another message from an eset rep...
agoretsky

The smart thing to do is make a backup of your active information.  Make sure you also start storing your work, photos and files on a data drive and NEVER the C Drive.

If your OS is win7 or 8 it is easy to replace your default user libraries with ones that "Include a Folder" that is stored on your separate DATA drive eg D

Data Drive Library Pre Construction
0
XGISCommented:
@younghv - thanks for the heads up
@Bert2005
RDP as in Remote Desktop Connection?  
It should not be affected by dumping your browser cookies.....
RDP always forgets anything useful anyway

ever tried Team Viewer? It rocks
0
Bert2005Author Commented:
I have tried Team Viewer. It's just with the latest RDC and the default gateway, it's hard to beat at least for me.

There is a lot of information on that site you shared.  I have a LOT of backups, most connected with SATA III. I would have a hard time disconnecting them all each night.  

Is Facebook (which I abhor anyway) a good way to pick up this virus. I know it's a bad idea to let staff have local admin rights. Maybe they should all be just users?
0
XGISCommented:
Hello Bert2005
Your question is now changing topic and probably should be a new post.
I do understand your angst...it is a crazy virus and looks nasty in its intentions, actions and resolution...  Assuming you did pay these freaks who says they are not scraping those details as well. Double win for the bad guys. I read in a post that ole mate paid and got nothing in return,,,extortion at its best.
My question now is does it infect only your C drive like most bugs or does it migrate to data drives spontaneously or do you need to open files on the data drive. eg if users operated off files on the d drive and they were backed up would they be infected.
I wonder if bit locker encryption provided by MS would prevent this virus action or is it a "wrapper" that simply bypasses bitlocker?
I am sure facebook could be a vector but you would expect them to implement some hectic firewalls.  I fully agree with your ideas on facebook...
0
XGISCommented:
With regard to backups you may need to spend some $ and get an extra drive that backs up your backup drives.  If you get infected you would probably know about it. If you were not around during the infection time and your backups were overwritten then you could revert to the backup of your backup.  By delaying the frequency of backup-backup to say one a week at the most you would only lose a weeks work.  At $50 a Tb its a small price to pay for peace of mind.  Incremental backup is king on big drives which should reduce your overall downtime, then you only have to plug it in once a week.
0
Bert2005Author Commented:
Thanks to both of you. XGIS you wrote some much longer posts but actually your asking about the intent of my question kind of got everyone on the right track especially younghv.

I am just throwing this out there for fun, but I think that following up on backups and the best way to do them was an important part of the question given it is the best way to keep yourself safe with this virus and all viruses. I was just following the topic as written by the poster above. Of course, I guess that can get the question off topic as well. And Remote Desktop Connection is awesome.

Thanks again.

Bert
0
XGISCommented:
Thankyou to you Bert2005
Your ? made me think about the lack of preparedness I had for that kind of scenario, especially if it jumps from drive to drive and across backups. These types of attacks have been around for sometime, eg 5+ years and I always see FedEx and other common carrier emails.   Subsequently I got a 4tb and backup up my last 15 years of files, as my backup backup, that lives in the fireproof safe and will only come out once a week.  Cheers Aaron
0
Bert2005Author Commented:
Hi Aaron,

The only thing I am trying to figure out is what's to keep my backup from backing up the computer that is newly infected. I guess I just have to lose a day.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.