URGENT VIRUS WARNING: CryptoLocker ransomware

[)roi(]

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
Surely Microsoft could do far more to prevent this.
Antivirus, patch after patch, user account control, ... have all but failed.
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Blah.
Gotta review our backup policy. Will have to block all executable attachments in email.
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Just thinking - if they manage to combine this nasty crud with BadBios, then we'll have problems... :sick:
 
Sonic2k

Sonic2k

Executive Member
Joined
Feb 7, 2011
Messages
7,637
One of the best ways to avoid this crap is to:
1. Not click on attachments, use print preview instead.
2. Make regular backups onto an external medium
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Got this fun thing today, one laptop.

And one encrypted network folder.

Got backups. Luser didn't have any backups. Sorry to hear that.

I'm still miffed at the luser seeing the CryptoLocker screen, but connecting said laptop nevertheless... :mad:
 
Zertop

Zertop

Expert Member
Joined
Mar 9, 2013
Messages
3,105
Has anyone checked the %temp% folder as soon as they get the notice?
 
T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,196
Zertop said:
Has anyone checked the %temp% folder as soon as they get the notice?
Click to expand...
Do tell us why.

edit : found lots and lots of *.tmp files.

As I cannot get cryptoblocker to uninstall from this laptop, I'll install Windows clean on another HDD, move the current cryptolocked HDD to an USB enclosure, and take a shufty at the tmp files.

Maybe there is a chance for other users if what I think is correct...
 
Last edited:
B

BandwidthAddict

Expert Member
Joined
Apr 19, 2005
Messages
2,380
Pay the ransom if you need the files. As far as I know, cryptolocker did the encryption and implementation right so is not reversible without the key stored on their server.
 
G

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733
Koosi said:
One of the best ways to avoid this crap is to:
1. Not click on attachments, use print preview instead.
2. Make regular backups onto an external medium
Click to expand...

Point 1 is invalid as that has been proven to be vulnerable to attack even we opening files through web access to your emails.

Point 2 is really really important for all data that you consider valuable. If you don't have 2 copies of valuable data and you lose it I feel no pity.
 
S

<![SoUL-rEapER]>

Active Member
Joined
Nov 23, 2013
Messages
71
Theres a fake microsoft security essentials virus going around as well. It just appears as a new tab (not a pop-up) each time you visit a site. I learnt the hard way and got infected sometime back. I was on the mail and guardian web site, getting my daily intake of current affairs when the tab unexpectedly appeared. If you touch any controls or buttons on the window, YOU WILL GET INFECTED!!! Rather disconnect from the internet and close all instances of Internet Explorer through task manager. Also run up a scan with NOD32 online scanner. No matter which button you click on, it will still return a value, so remember to close it through task manager. It's the first time i've seen scareware of this calibre
 
bender-bending-Rodriguez

bender-bending-Rodriguez

Active Member
Joined
Jun 6, 2012
Messages
45
Anybody heard of the Locky Decrypter virus as one of my colleagues at work opened one of these attachments and has locked all the files on the pc as well as the mapped network drive to our database was hit. So i kinda need some help with this does anybody know what to do to get rid of this F#@^king Virus been at it for days. I have tried Numerous things Please HELP! i can upload Attachment. this is the ransom that came with it.

All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
1. http://6dtxgqam4crv6rr6.tor2web.org/43E80C7E9908D1B6
2. http://6dtxgqam4crv6rr6.onion.to/43E80C7E9908D1B6
3. http://6dtxgqam4crv6rr6.onion.cab/43E80C7E9908D1B6
4. http://6dtxgqam4crv6rr6.onion.link/43E80C7E9908D1B6

If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: 6dtxgqam4crv6rr6.onion/43E80C7E9908D1B6
4. Follow the instructions on the site.

!!! Your personal identification ID: 43E80C7E9908D1B6 !!!
 
You must log in or register to reply here.
Top