?
Solved

Windows server 2008

Posted on 2014-11-25
6
Medium Priority
?
95 Views
Last Modified: 2015-01-29
Every 15 20 days all my files get encryted word excel pdf gets encrpted. I checked with eset antivirus team they say it is not virus. Cyberoam firewall also denies it is not hacking. I have RDS working . How do i recover the encrypted file and ensure it doesnot re appears again.
Please advise.
0
Comment
Question by:Sukesh Shukla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40464601
Every 15 20 days all my files get encrypted word excel pdf gets encrypted

That would be the Cryptowall virus. Make sure you have a good regular backup of good files and then scan thoroughly for malware. When done, scan with Malwarebytes (malwarebytes.org)
0
 

Author Comment

by:Sukesh Shukla
ID: 40464617
Sir any tips to ensure that my system is safe from such viruses. Also is there any antivirus that scans or identify such threats. Please advise some good anti malaware too
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 40464625
Cryptowall has been out for a while, so any good commercial up-to-date antivirus should be able to protect against it. My clients all use Symantec Endpoint Protection.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464633
Are you seeing anything like this:

http://www.precisesecurity.com/rogue/cryptolocker-ransomware?

I agree with John, it sounds a lot like Cryptowall, a variant of Cryptolocker.  Your best bet is a clean reinstall (baremetal) from backup - rebuilding the server.  Make sure your baremetal backup is prior to any of these problems.  If you need the files that have been encrypted, you will need to carefully restore them after you have rebuilt the server, preferably in a vm.
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464639
Have you tried also using chameleon from MalwareBytes?  Download and run the svchost file in the chameleon directory.
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 2000 total points
ID: 40468184
I personally haven't been able to recover files from this virus and would start from Backups first. You hear it all the time confirm backups are current and up to date. As well instead of using simple file backups use imaging software. I've always been able to recover from backup when this virus hit with professional grade software (I mainly use Storagecraft) and for far less time then fighting the virus.

If you have a simple file backup be careful this will get infected also.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses
Course of the Month13 days, 4 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question