• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 644
  • Last Modified:

solution for cryptolocker

can you suggest if the following solution is reliabele to knock out the cryptolocker error?

http://pctuneup.org/cryptolocker-virus-removal/?gclid=CPGsjvDf77oCFZMDOgodsHMAjg

would you use it?
0
25112
Asked:
25112
6 Solutions
 
EMJSRCommented:
No, not really.

Malwarebytes detects Cryptolocker just as well and removes it, and if you have Malwarebytes Pro, it even prevents it.

While this method might work and while the virus can be removed, it will still not help decrypting your data, because you need the private encryption key, and sadly that is stored on the server of the attackers. Removing Cryptolocker is not really a problem, undoing the encryption is, and so far, unless you pay the money (maybe using a one-time payment card), we have not yet found a way to undo this, and a few of our clients had this virus.

Good backup is the ultimate solution. Ideally an image based backup.
0
 
Nick RhodeIT DirectorCommented:
You can refer to the Cryptolocker section within the guide :)

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html

Cryptolocker is a pain in the rump and as stated above a good backup is usually the best scenario.  I know there was a previous post of a solution that has decrypted some of the files but not all of them.  I will post again if I find it.
0
 
aadihCommented:
Without a backup image, there is no sure way. :-(
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
jcimarronCommented:
25112--
See this E-E thread (especially my post :) )
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28297517.html

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Read the section on "What should you do when you discover your computer is infected with CryptoLocker "
0
 
25112Author Commented:
wow.. hard to believe this has already affected me (in spite of having the latest mcafee)

1)
i took a flash drive and copied the main documents away and tested in another pc.. documetns, pdf etc are gone.. but text/audio is not affected. is there an official list of documents this virus touches and which ones it does not care about?

1a) i have took off the internet on this machine

2)
seems like system restore is disabled by group policy... so i cant do anything there.

3)i downloaded the latest malwarebytes from the website and in safe mode installed it.. but it said it cant update malwarebytes and it is some xyz number of days old..  i still ran it.. it ran for 6 minutes and found 1 files infected: PUM.Hijack.DisplayProperties  under HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemNoDispScrSavPage

is it OK to just say "Remove Selected" here?

my goal here is to just get rid of the virus 100% from this machine.
a)just save as many files as possibly can
b)then run some tool on each other pc on the network to make sure they are not affected or any shared folders etc.

is there a malwarebytes download that is already uptodate and does not have to connect to internet? so I can scan better and know for sure everything is taken care of.

in the above circumstance, what do you recommend for me?
0
 
jcimarronCommented:
25112--
The best advice I can give you is to follow the steps in the two links I posted in http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28297517.html

If you have a backup from an earlier date, the best thing you can do is to format and reinstall Windows and then use to backup to repopulate the new Windows.

Otherwise, you can download MalwareBytes (preferentially MB Pro) to a USB thumbdrive and run it from there.  And yes, you can Remove Selected.  But if you have already run MalwareBytes, I am not sure you will catch more.  But do NOT run MalwareBytes in Safe Mode.

Good luck.
0
 
25112Author Commented:
>>  But do NOT run MalwareBytes in Safe Mode
thanks for this.. i did not know it.. what is the reason?

>>download MalwareBytes (preferentially MB Pro) to a USB thumbdrive and run it from there.

it does not have the latest updates.. any solution for that?
0
 
jcimarronCommented:
25112--
Malware often is not active in Safe Mode.
https://helpdesk.malwarebytes.org/entries/21892442-Should-I-scan-with-Malwarebytes-Anti-Malware-in-Safe-Mode-
If you have the ability to download MBam (I assume from another PC) you must be able to access the internet to get the update.
0
 
25112Author Commented:
OK.. thanks. I have removed the recommended files from malwarebytes.
now, in terms of making sure all the other pcs in the network are clean, is running malwarebytes on each one of them suffice to rule out any infection into the network?
0
 
FutureTechSysDOTcomCommented:
"wow.. hard to believe this has already affected me (in spite of having the latest mcafee)"

This is part of the problem.  "Back in the day" we all used McAfee and Norton because they were the best.  That is because it was John McAfee and Peter Norton, who knew what they were doing.  They sold the companies, which kept the name but that's about it.

Look into Vipre or Sophos antivirus for the future.
0
 
jcimarronCommented:
25112--I did not know you were on a network and cannot advise if other PC's on the network have been infected.  However, there is no harm in installing and running MalwareBytes on all these PC's.  

So where do you stand on the infected PC?  Have you done all you plan to do?
0
 
25112Author Commented:
>>Look into Vipre or Sophos antivirus for the future.

thanks.. we were just about to switch to avast after this incident.. does that come close to Vipre or Sophos that is mentioned here?
0
 
25112Author Commented:
>>So where do you stand on the infected PC?  Have you done all you plan to do?

yes. THANKS.

the pc is back and running and malwarebytes has given a clean bill for all of PCs.

we have lost some data.. but as I understand from the discussions we are too late for that, and even if we pay 300$ it is not a guarentee.
0
 
jcimarronCommented:
25112--
I am glad to have helped.  You did a good job!
0
 
jcimarronCommented:
25115--
Don't forget to close this thread.  
http://support.experts-exchange.com/customer/portal/articles/608621
0
 
25112Author Commented:
yes, in celebration, missed this one.. thanks kindly for the reminder!
0
 
jcimarronCommented:
25112--
You are welcome!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now