Solved

Windows server 2008

Posted on 2014-11-25
6
86 Views
Last Modified: 2015-01-29
Every 15 20 days all my files get encryted word excel pdf gets encrpted. I checked with eset antivirus team they say it is not virus. Cyberoam firewall also denies it is not hacking. I have RDS working . How do i recover the encrypted file and ensure it doesnot re appears again.
Please advise.
0
Comment
Question by:Sukesh Shukla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 40464601
Every 15 20 days all my files get encrypted word excel pdf gets encrypted

That would be the Cryptowall virus. Make sure you have a good regular backup of good files and then scan thoroughly for malware. When done, scan with Malwarebytes (malwarebytes.org)
0
 

Author Comment

by:Sukesh Shukla
ID: 40464617
Sir any tips to ensure that my system is safe from such viruses. Also is there any antivirus that scans or identify such threats. Please advise some good anti malaware too
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40464625
Cryptowall has been out for a while, so any good commercial up-to-date antivirus should be able to protect against it. My clients all use Symantec Endpoint Protection.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464633
Are you seeing anything like this:

http://www.precisesecurity.com/rogue/cryptolocker-ransomware?

I agree with John, it sounds a lot like Cryptowall, a variant of Cryptolocker.  Your best bet is a clean reinstall (baremetal) from backup - rebuilding the server.  Make sure your baremetal backup is prior to any of these problems.  If you need the files that have been encrypted, you will need to carefully restore them after you have rebuilt the server, preferably in a vm.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40464639
Have you tried also using chameleon from MalwareBytes?  Download and run the svchost file in the chameleon directory.
0
 
LVL 17

Accepted Solution

by:
WORKS2011 earned 500 total points
ID: 40468184
I personally haven't been able to recover files from this virus and would start from Backups first. You hear it all the time confirm backups are current and up to date. As well instead of using simple file backups use imaging software. I've always been able to recover from backup when this virus hit with professional grade software (I mainly use Storagecraft) and for far less time then fighting the virus.

If you have a simple file backup be careful this will get infected also.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question