Beastman007
Active Member
Thats a pretty good success rate.
In Easeus did you perform the entire partition recovery option?
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Which is the most hair-raising South African mountain pass you've driven?
Please help -CryptoLocker ransomware virus on my computer
- Thread starter Mohamedg
- Start date
Thats a pretty good success rate.
In Easeus did you perform the entire partition recovery option?
Great advice, pull the plug right away but this is often not the case as most people will mess around before they contact anyone.. thus reducing there chances of getting their data back.
Ja I did. The quick deleted files gives you nothing.
Takes best part of 12 to 24 hours for it to do the scan - longer if you into the terabytes. But if you desperate......
After that you'll find your stuff in the "Lost files" section. If there are a few then it's probably the last lost files directory.
Foxhound5366
Honorary Master
The million dollar question ... how do you know as soon as you've been infected? Reading up here somebody reported a slow-down in their computer while it was busy encrypting itself, so I'm guessing the notification from the virus would only come after the encryption is complete. Is there any early-warning sign (e.g. what happens when that .js file is clicked on)?
That's why we have it set to show extensions by default. No wait this is windows so we have it set to not show extensions by default.
ghostR
Executive Member
- Joined
- Feb 11, 2015
- Messages
- 6,142
- Reaction score
- 39
Eish, had this on a desktop hard drive before... Never seen a virus spread through a network that quickly. Luckily that PC was the only which didn't have ESET on it so all the rest were fine.. Had to take the hard drive out and put a new hard drive on that PC. Still have the hard drive actually.. Anti-Child p0rn virus it calls itself.
Yes pc slows down, but the users all piss off at 5pm in a stampede leaving it to encrypt all the mapped drives on the server they have permissions for.
So later that night the backup also backs up the encrypted data. So you have to go back to day before that backup.
When its finished that offending user will get the CryptoWall 3 message demanding the 500 dollars in BitCoins.
From my test it only pops up that message after it is finished.
And no. Clicking on the .js script it appears to do nothing (that is what comes via email).
A compromised link on the web will be less detectable and appear to just not work. (loads in memory - no file download).
But your hdd and network activity will be going boss.
.
So how much did you recover in the end BeastMan ???
MagicDude4Eva
Banned
We had the same issue. Zip files with JS inside came through undetected via Google Apps and not even Kaspersky nor MS malware made a peep.
Infected a local laptop and a large number of files on shared drives. It's ransom ware and didn't spread. Took two days to restore network shares.
Super frustrated with Kaspersky as it is supposed to protect us from this and equally frustrated when people fall for those blatant phishing mails.
I am not sure if any other antivirus would have picked this up. Although signatures are up-to-date not even a full scan showed the issue.
Seems that short of switching everyone took Linux/Mac there is no other bullet proof option. Despite full lockdown and group policies and no local admin, Windows machines go south almost every 3 month.
Infected a local laptop and a large number of files on shared drives. It's ransom ware and didn't spread. Took two days to restore network shares.
Super frustrated with Kaspersky as it is supposed to protect us from this and equally frustrated when people fall for those blatant phishing mails.
I am not sure if any other antivirus would have picked this up. Although signatures are up-to-date not even a full scan showed the issue.
Seems that short of switching everyone took Linux/Mac there is no other bullet proof option. Despite full lockdown and group policies and no local admin, Windows machines go south almost every 3 month.
Bona Botse
A little insight goes a long way
One of our work computers also got infected with this. Luckily I was able to restore most files using shadow copies. It also seems like no other computer was hit.
Progenix Oj101
Dealer
That's why we have it set to show extensions by default. No wait this is windows so we have it set to not show extensions by default.
That way, if you see an extension you know something isn't right. For example, with extensions hidden you'd see:
filename - not trying to be something else
filename.txt - probably not a text file
User issue? My last reload was about five years ago. I've been through everything from single 500 GB drive to a short stroked 300 GB array on 1 TB drives to single SSDs to SSDs in RAID, AMD motherboards, Intel motherboards, you name it. I've never had to reload.
Except for some reason it goes against human intuition. Most people know the extensions anyway so if they see .txt they assume it is indeed a text file. It doesn't occur that the .txt shouldn't show. Also it isn't fool proof. If a file is named filename.exe it will show up as filename thereby not drawing any attention. I have extensions showing so when I see .exe which I will I know something is up.[XC] Oj101;14935760 said:
daveza
Honorary Master
This site seems only to work for Cryptolocker, not Cryptowall ?