Solved

Windows server 2008

Posted on 2014-11-25
6
82 Views
Last Modified: 2015-01-29
Every 15 20 days all my files get encryted word excel pdf gets encrpted. I checked with eset antivirus team they say it is not virus. Cyberoam firewall also denies it is not hacking. I have RDS working . How do i recover the encrypted file and ensure it doesnot re appears again.
Please advise.
0
Comment
Question by:Sukesh Shukla
6 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 40464601
Every 15 20 days all my files get encrypted word excel pdf gets encrypted

That would be the Cryptowall virus. Make sure you have a good regular backup of good files and then scan thoroughly for malware. When done, scan with Malwarebytes (malwarebytes.org)
0
 

Author Comment

by:Sukesh Shukla
ID: 40464617
Sir any tips to ensure that my system is safe from such viruses. Also is there any antivirus that scans or identify such threats. Please advise some good anti malaware too
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40464625
Cryptowall has been out for a while, so any good commercial up-to-date antivirus should be able to protect against it. My clients all use Symantec Endpoint Protection.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464633
Are you seeing anything like this:

http://www.precisesecurity.com/rogue/cryptolocker-ransomware?

I agree with John, it sounds a lot like Cryptowall, a variant of Cryptolocker.  Your best bet is a clean reinstall (baremetal) from backup - rebuilding the server.  Make sure your baremetal backup is prior to any of these problems.  If you need the files that have been encrypted, you will need to carefully restore them after you have rebuilt the server, preferably in a vm.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464639
Have you tried also using chameleon from MalwareBytes?  Download and run the svchost file in the chameleon directory.
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 40468184
I personally haven't been able to recover files from this virus and would start from Backups first. You hear it all the time confirm backups are current and up to date. As well instead of using simple file backups use imaging software. I've always been able to recover from backup when this virus hit with professional grade software (I mainly use Storagecraft) and for far less time then fighting the virus.

If you have a simple file backup be careful this will get infected also.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now