Ernesto
asked on
iv got locky virus in my server
please help i got Locky in my server is destroy several files
is any way to clean it
is any way to recover the files?
please experts
is any way to clean it
is any way to recover the files?
please experts
Restoring from backup is the only way to recover the files that have been affected by locky safely and surely. I've heard of some other ways, but from what I've read they're chancy and not fully tested.
Do you have a good, uninfected backup of the files that were affected by locky?
Do you have a good, uninfected backup of the files that were affected by locky?
You can clean the virus off but the files will need to be restored from backup.
This EE thread has more details/discussion.
This EE thread has more details/discussion.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
how to be sure to rid of .locky
whats the steps
regards
whats the steps
regards
Re-image the PC's that have been infected.
ASKER
how to do that?
What do you do when you setup a new PC? Normally you have an image with the OS and all the software you need, then you just restore that image to the new PC and it is ready for use.
ASKER
it is a server is any software to clean up the server, im trying kasperski
regards
regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oh man, i have malwerbytes premium installed in the server and pass thru
if i run malwarebytes and result is 0 threts its that the virus is rid off?
regards
what to do whit .locky files
delete them?
or keep them in order to see if recover with recuva?
regards
if i run malwarebytes and result is 0 threts its that the virus is rid off?
regards
what to do whit .locky files
delete them?
or keep them in order to see if recover with recuva?
regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so the damage is done,
is not spread more files?
kasperski and malwarebites says is clean?
what to do?
is not spread more files?
kasperski and malwarebites says is clean?
what to do?
As I already said earlier, it isn't the server that is infected, or it shouldn't be if it is used properly as a server. It is one or more of the connected workstations. The Virus is running on one of those PC's and encrypts all files it can, including those it has access to on servers. So you must concentrate on keeping the PC's in question off the LAN and just setting them up with a fresh OS.
ASKER
ok i identify the machines and i rid off the network,
the virus i think it spread by a network drive, is any way to avoid in the future that my server get infected, what is the proper way to shere it the most saftley way
regards
the virus i think it spread by a network drive, is any way to avoid in the future that my server get infected, what is the proper way to shere it the most saftley way
regards
In my first comment I explained about what measures should be taken to avoid future infections.
lock down your endpoint and prevent unauthorized USB from use. There is appl and device control in HIPS like Symantec, McAfee, DeviceLock etc
The ransomware does not by default in its initial version has symptom showing the spread through network drive though they will encrypt files from network drive. If there are such files of its exe found in network drive then it may be spread from network and it also means it can be a new version of this family.
I suspect someone has use internet in those infected machine or the infected USB drive is shared among the machines..
The ransomware does not by default in its initial version has symptom showing the spread through network drive though they will encrypt files from network drive. If there are such files of its exe found in network drive then it may be spread from network and it also means it can be a new version of this family.
I suspect someone has use internet in those infected machine or the infected USB drive is shared among the machines..
ASKER
thank you all
ASKER
are them for trust?
i have a chance?
please
regards