CryptoWall 2.0 Virus?
Visit my Nikonians gallery
|
-
#1. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 0
Covey22 Basic MemberMon 10-Nov-14 07:21 AMUgh. Cryptolocker is the worst piece of ransomware to be infected with. For starters, stop copying/moving any files from the infected PC to anywhere else - quarantine it. Copying/backing up the files will just endanger any other clean files elsewhere.
I don't want to sound like the Messenger of Doom but there is no other way to say it. You should consider those encrypted files as permanently lost. You can use certain antivirus tools to remove the Ransomware, but that will not help the encrypted files - you need the other half of the key which the hackers possess. Even if you paid the ransom, there is no guarantee that the files will be released. Judging by anecdotal reports by users who supposedly paid, they never got all their files back. Your only hope is to have good clean backups. You can try to remove the Ransomware, but I personally would burn that PC to the ground - i.e., low-level format and start over.
Here are some informational links:
http://www.lavasoft.com/mylavasoft/company/blog/how-to-remove-cryptolocker
https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/Visit my Nikonians gallery.
-
#3. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 1
NRVVA Nikonian since 30th Jan 2013Mon 10-Nov-14 09:13 PMThanks Armando,
I have no intention of paying any ransom. I have clean backups of my important documents and other stuff on a remove drive. I really just started taking very many pictures a couple of years ago and I have not saved many of those. Last year was mostly high-school sports which I discarded after passing them on. The few I thought were worth keeping, from a photography standpoint, have no sentimental value to me and will not be missed if I lose them.
I am going tomorrow to get some professional analysis of the situation, however, I agree that I would not trust any files from this computer and it will probably be euthanized.
I have a security program in place but it is obviously not tight enough; I will update that too.
Black Friday is coming and maybe I can find a deal on an updated laptop.
Thanks for the response and links.
SteveVisit my Nikonians gallery
-
#5. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 3
Covey22 Basic MemberMon 10-Nov-14 10:48 PMI know this may be difficult to believe but Cryptolocker 2.0 is usually, usually delivered via e-mail attachment. This is the most common vector by which it gets installed on your PC. Secondarily, it could have been a website you recently visited. It doesn't have to be a high-risk website, many legitimate websites have such weak security (but remain popular for a variety of reasons) that the admins don't even realize they too are a vector to infect the visitors they host daily.
Multi-layer approach to defense:
1. Anti-Virus program
2. Dedicated Anti-Spyware Program (I separate the two for best of breed, plus if one is disabled by a successful malware attack, the other is still likely up and working)
3. A browser with javascript and flash player controls - in other words, when you visit a site, it doesn't automatically load all the scripts needed to view the site - it's a pain, to manually vet each site you visit, but it's also the simplest way to deliver malware to someone's PC - by automatically accepting scripts that the website purports to need. Winners here: Google Chrome with ScriptSafe add-in, or Mozilla FireFox with NoScript plug-in.
4. A reputation rating plugin like Web of Trust - to give you an idea of how bad a site might be before you even connect to it.
5. A healthy, healthy paranoia - don't open attachments even from people you may know and trust, especially if they are in the form of ZIP, RAR or EXE, and always update all the above daily (minimum weekly) and run weekly scans of your system.Visit my Nikonians gallery.
-
#6. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 5
NRVVA Nikonian since 30th Jan 2013Wed 12-Nov-14 04:08 PMThanks for the tips Armando. I used to run Mozilla FireFox and never had the first problem with viruses. I am going back to it now in addition to several other levels of protection and back-up.
I am very careful about opening attachments, even from my friends, but the virus slipped through somehow.
I didn't lose anything of importance--this time--but as they say: "Fool Me Once, Shame on You, Fool Me Twice, Shame on Me".
Pittsburg's Iron Curtain won't have anything on me when I get finished.
Thanks again for the reply.
SteveVisit my Nikonians gallery
-
#7. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 6
pdavitt Registered since 26th May 2013Wed 12-Nov-14 04:18 PMSteve,
Make sure you get an "active" anti-virus program. My primary one "McAfee" scans every email and download as they are received. Plus scanning every web page as it is opened.
It slows things down a little bit, but that is a small price to pay.
PatVisit my Nikonians gallery.
-
-
-
-
-
#2. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 0
In today's internet world, everyone should subscribe to at least one virus scanning service. Such as McAfee, Malwarebytes, Spybot S&D, etc.
I subscribe to three with my yearly cost at about $150.00. These services provide daily, if needed, updates and also actively scan your system, websites, email, and downloads for nasty things.
My system does a complete scan of my system every morning on boot up and actively scans through out the day.
Even with that I am leery of visiting some websites and never open emails from addressees I am not familiar with.
I is a sad state of affairs, but today's internet is a very dangerous place.
Pat
Visit my Nikonians gallery.
-
#4. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 2
NRVVA Nikonian since 30th Jan 2013Mon 10-Nov-14 09:28 PMThanks Pat,
I do have a virus scanning program in place, but it is obviously not strong enough. Your set-up sounds good. I also am very careful with my web browsing and I do not open any emails unless I know the sender very, very, well. I guess it was just my day in the barrel.
I don't really have a lot of stuff on my computer, for fear of events such as this. I have my few documents safely backed up. I don't really have many pictures on it yet, and I have none that would cause me heart failure were I to lose them.
Looks like I will get a new laptop, and I will set up a security firewall worthy of the Maginot Line.
Thanks for the response and the commiseration!
Steve
Visit my Nikonians gallery
-
#8. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 4
PBlais Nikonian since 19th Jan 2014Wed 12-Nov-14 04:48 PMThe other way you can get these is by clicking a link in an email. The email has no virus but where it points to does. These can be anything especially "free offers". Notes from anybody saying you account is on hold until you click and a lot of other tricks to get you to manually install it. It can also be from someone you know that got infected and grabbed their address book.
Lest there be any doubt Armando is exactly correct. You can't undo ransomware with any tool you can beg, borrow, or steal. The virus runs on your system, and grabs anything it thinks it wants then encrypts it and uses other means to infect any removable device or device you add to the system. Removing the virus will stop the spread but not recover anything.Visit my Nikonians gallery.
See my portfolio.-
-
#12. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 11
westcoast Registered since 28th Jan 2007Fri 21-Nov-14 09:35 PMWe had that same virus at work a while back on a few computers that did not have updated virus definitions. The program doesn't attack system files, but other files are corrupted and will need to be replaced. Current AV programs will generally do a good job of cleaning out the malware. You don't have to format and start over. Do not copy files to other locations until your computer is clean, my main back up drive stays off line, when not backing up files. Its bad if your main drive and archive volumes are always on and connected to your PC. Loosing more than one drive from the same attack would make recovery more difficult.Visit my Nikonians gallery
-
#13. "RE: CryptoWall 2.0 Virus?" | In response to Reply # 12
-
-
-
-
G
I have some images in folders on my Windows7 hard drive that won't display and have always displayed before this problem. When clicking on the individual image square, a window opens that says "Windows Photo Viewer does not support this format." Along side some of the squares in the folder that should be jpeg images, but are now only showing a Windows style landscape scene, are three squares with some mysterious writing. One has a blue Internet Explorer symbol and has the title of DECRYPT_INSTRUCTION. I opened that image and I got this big long page that says all of my images have been encrypted with CryptoWall 2.0 and I cannot open them unless I use their code. The rest of the page is devoted to various links of instructions which I think require me to open them and pay someone some money to get my images back. I cannot delete those images by right-clicking them. Needless to say I have NOT opened any of the links.
This just happened today. I was rearranging some of my photos in Windows, trying to delete some unimportant ones and clean things up a bit. I set up one main folder in Pictures named "My Photos" and set up some sub-folders in it with appropriate topics such as Family, Outdoors, Sports, etc. I had several photos in "loose" folder on my hard drive and on my desk top that I copy/pasted into the appropriate sub-folders in the new main folder. I then deleted the original "loose" folders after making sure that the copy/paste process worked and the pictures had indeed copied to where I wanted them. My intent is to have one main folder with sub-folders in the Pictures section of the hard drive so it is easier to back up that one folder. I use LR4.4 for post-processing and am trying to get a smooth, simple workflow set up.
So far I only see on of the sub-folders corrupted.
This week I used a NEW Delkin 16gig 700x CF card for a high-school volleyball shoot. After downloading the images into LR4.4, I noticed a few times that the LR4.4 program did not function properly, taking forever to load single images into the Develop mode and at one time giving me a semi-white screen.
Could the new CF card have contained a virus? I took it back to the photo store where I bought it and it checked out ok on their computers with pictures from an in-store D800.
I started a back-up to a WD Ultra Passport and it told me it would take 45 minutes to transfer 12.5 gigs of data, which it said was 2,000 pictures. I don't have 2,000 pictures. My laptop is a Toshiba Satellite which is not terribly fast nor terribly slow. Should it take that long to transfer that amount of data? The back-up started and was taking forever with no progress so I cancelled it. Later when I checked the Passport, I did see a file for the pictures and I opened it to see what had transferred. It had not transferred very much picture data but what it had looked like the image squares on the corrupted files on the main hard drive. I have other items backed up on that Passport.
I am open to advice and suggestions. I am NOT opening anything to do with Pictures until I get this situation resolved. I would appreciate any advice on how to do that.
Thanks.
Steve