Solved

solution for cryptolocker

Posted on 2013-11-20
17
599 Views
Last Modified: 2013-12-02
can you suggest if the following solution is reliabele to knock out the cryptolocker error?

http://pctuneup.org/cryptolocker-virus-removal/?gclid=CPGsjvDf77oCFZMDOgodsHMAjg

would you use it?
0
Comment
Question by:25112
17 Comments
 
LVL 9

Accepted Solution

by:
EMJSR earned 84 total points
ID: 39663716
No, not really.

Malwarebytes detects Cryptolocker just as well and removes it, and if you have Malwarebytes Pro, it even prevents it.

While this method might work and while the virus can be removed, it will still not help decrypting your data, because you need the private encryption key, and sadly that is stored on the server of the attackers. Removing Cryptolocker is not really a problem, undoing the encryption is, and so far, unless you pay the money (maybe using a one-time payment card), we have not yet found a way to undo this, and a few of our clients had this virus.

Good backup is the ultimate solution. Ideally an image based backup.
0
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 84 total points
ID: 39663730
You can refer to the Cryptolocker section within the guide :)

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html

Cryptolocker is a pain in the rump and as stated above a good backup is usually the best scenario.  I know there was a previous post of a solution that has decrypted some of the files but not all of them.  I will post again if I find it.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39663744
Without a backup image, there is no sure way. :-(
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 332 total points
ID: 39663914
25112--
See this E-E thread (especially my post :) )
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28297517.html

" http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Read the section on "What should you do when you discover your computer is infected with CryptoLocker "
0
 
LVL 5

Author Comment

by:25112
ID: 39664455
wow.. hard to believe this has already affected me (in spite of having the latest mcafee)

1)
i took a flash drive and copied the main documents away and tested in another pc.. documetns, pdf etc are gone.. but text/audio is not affected. is there an official list of documents this virus touches and which ones it does not care about?

1a) i have took off the internet on this machine

2)
seems like system restore is disabled by group policy... so i cant do anything there.

3)i downloaded the latest malwarebytes from the website and in safe mode installed it.. but it said it cant update malwarebytes and it is some xyz number of days old..  i still ran it.. it ran for 6 minutes and found 1 files infected: PUM.Hijack.DisplayProperties  under HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemNoDispScrSavPage

is it OK to just say "Remove Selected" here?

my goal here is to just get rid of the virus 100% from this machine.
a)just save as many files as possibly can
b)then run some tool on each other pc on the network to make sure they are not affected or any shared folders etc.

is there a malwarebytes download that is already uptodate and does not have to connect to internet? so I can scan better and know for sure everything is taken care of.

in the above circumstance, what do you recommend for me?
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 332 total points
ID: 39664485
25112--
The best advice I can give you is to follow the steps in the two links I posted in http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28297517.html

If you have a backup from an earlier date, the best thing you can do is to format and reinstall Windows and then use to backup to repopulate the new Windows.

Otherwise, you can download MalwareBytes (preferentially MB Pro) to a USB thumbdrive and run it from there.  And yes, you can Remove Selected.  But if you have already run MalwareBytes, I am not sure you will catch more.  But do NOT run MalwareBytes in Safe Mode.

Good luck.
0
 
LVL 5

Author Comment

by:25112
ID: 39664557
>>  But do NOT run MalwareBytes in Safe Mode
thanks for this.. i did not know it.. what is the reason?

>>download MalwareBytes (preferentially MB Pro) to a USB thumbdrive and run it from there.

it does not have the latest updates.. any solution for that?
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 332 total points
ID: 39664575
25112--
Malware often is not active in Safe Mode.
https://helpdesk.malwarebytes.org/entries/21892442-Should-I-scan-with-Malwarebytes-Anti-Malware-in-Safe-Mode-
If you have the ability to download MBam (I assume from another PC) you must be able to access the internet to get the update.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 5

Author Comment

by:25112
ID: 39664744
OK.. thanks. I have removed the recommended files from malwarebytes.
now, in terms of making sure all the other pcs in the network are clean, is running malwarebytes on each one of them suffice to rule out any infection into the network?
0
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39666223
"wow.. hard to believe this has already affected me (in spite of having the latest mcafee)"

This is part of the problem.  "Back in the day" we all used McAfee and Norton because they were the best.  That is because it was John McAfee and Peter Norton, who knew what they were doing.  They sold the companies, which kept the name but that's about it.

Look into Vipre or Sophos antivirus for the future.
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 332 total points
ID: 39666349
25112--I did not know you were on a network and cannot advise if other PC's on the network have been infected.  However, there is no harm in installing and running MalwareBytes on all these PC's.  

So where do you stand on the infected PC?  Have you done all you plan to do?
0
 
LVL 5

Author Comment

by:25112
ID: 39666723
>>Look into Vipre or Sophos antivirus for the future.

thanks.. we were just about to switch to avast after this incident.. does that come close to Vipre or Sophos that is mentioned here?
0
 
LVL 5

Author Comment

by:25112
ID: 39666734
>>So where do you stand on the infected PC?  Have you done all you plan to do?

yes. THANKS.

the pc is back and running and malwarebytes has given a clean bill for all of PCs.

we have lost some data.. but as I understand from the discussions we are too late for that, and even if we pay 300$ it is not a guarentee.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39666895
25112--
I am glad to have helped.  You did a good job!
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39669529
25115--
Don't forget to close this thread.  
http://support.experts-exchange.com/customer/portal/articles/608621
0
 
LVL 5

Author Comment

by:25112
ID: 39690265
yes, in celebration, missed this one.. thanks kindly for the reminder!
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39690316
25112--
You are welcome!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now