• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 101
  • Last Modified:

Windows server 2008

Every 15 20 days all my files get encryted word excel pdf gets encrpted. I checked with eset antivirus team they say it is not virus. Cyberoam firewall also denies it is not hacking. I have RDS working . How do i recover the encrypted file and ensure it doesnot re appears again.
Please advise.
0
Sukesh Shukla
Asked:
Sukesh Shukla
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
Every 15 20 days all my files get encrypted word excel pdf gets encrypted

That would be the Cryptowall virus. Make sure you have a good regular backup of good files and then scan thoroughly for malware. When done, scan with Malwarebytes (malwarebytes.org)
0
 
Sukesh ShuklaAuthor Commented:
Sir any tips to ensure that my system is safe from such viruses. Also is there any antivirus that scans or identify such threats. Please advise some good anti malaware too
0
 
John HurstBusiness Consultant (Owner)Commented:
Cryptowall has been out for a while, so any good commercial up-to-date antivirus should be able to protect against it. My clients all use Symantec Endpoint Protection.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Thomas Zucker-ScharffSystems AnalystCommented:
Are you seeing anything like this:

http://www.precisesecurity.com/rogue/cryptolocker-ransomware?

I agree with John, it sounds a lot like Cryptowall, a variant of Cryptolocker.  Your best bet is a clean reinstall (baremetal) from backup - rebuilding the server.  Make sure your baremetal backup is prior to any of these problems.  If you need the files that have been encrypted, you will need to carefully restore them after you have rebuilt the server, preferably in a vm.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Have you tried also using chameleon from MalwareBytes?  Download and run the svchost file in the chameleon directory.
0
 
WORKS2011Austin Tech CompanyCommented:
I personally haven't been able to recover files from this virus and would start from Backups first. You hear it all the time confirm backups are current and up to date. As well instead of using simple file backups use imaging software. I've always been able to recover from backup when this virus hit with professional grade software (I mainly use Storagecraft) and for far less time then fighting the virus.

If you have a simple file backup be careful this will get infected also.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now