Cryptowall virus/malware

These days if you get infected with a virus i would disconnect the internet and then get someone to copy all my files to another pc and then format and reinstall windows, if you don't know what you are doing.

These botnet virus give people full remote access to computers. Even in backtrack which is free available pen test os you can do an array of things once you have gain code execution on a remote host. Windows is so weak in that regard that you could have full remote access within a matter of minutes. From there they can dump the hashes, launch new attacks on other network devices, copy data off, run programs, watch webcams and anything realy.
 
Quartz said:
ETA: oh yes, I've read that Cryptolocker operates on all mapped drives but not by UNC, so the area with my backups on the WSE box isn't mapped by letter.
Click to expand...

Interesting, thanks.

I've also thought about having a script pull off files from a dropbox and archive them, no direct connection then.
 
Ah found it, it was a little link from the HitmanPro.Alert page.
I've installed it and also installed HitmanPro 3.7 which picked up loads of stuff I thought had gone ages ago.
I'm that impressed that after my 30 days is up I think I will pay the £11.76.
 
Dimple said:
Ah found it, it was a little link from the HitmanPro.Alert page.
I've installed it and also installed HitmanPro 3.7 which picked up loads of stuff I thought had gone ages ago.
I'm that impressed that after my 30 days is up I think I will pay the £11.76.
Click to expand...

Pastebin the log. It's may be reporting a lot of harmless stuff.
 
Nasty nasty virus, but from a technical point of view a very smart one. To be fair, at least you can recover your data if you pay the ransom.

CryptoGuard and CryptoPrevent installed on my PC / server, cheers :).
 
ethan said:
Will try this later
Click to expand...

I saw your email notification.
I couldn't find that program from the main page so got worried it might be a false site ready to infect me:D
I didn't realise it was part of another program that hopefully will do it's job.
I've now taken my PC off full UAC settings because I can't trust the women in the house to not press YES if they see something.
 
Best option would be to give everyone bar yourself a limited access account and not provide the admin password.

Most people recommend running your own account as a non-admin one too (though it's a faff having to authenticate all the time).
 
Pho said:
Most people recommend running your own account as a non-admin one too (though it's a faff having to authenticate all the time).
Click to expand...

That's what I've been doing for 6 months and it's a PITA, hopefully this program Ethan linked to will do the job.
As soon as you open up any web browser a green warning comes up saying:
Hitman.Pro Alert is watching your browser.
Currently no intruders detected.
 
Though remember, the key to all of this is to take regular backups, either to the cloud to a provider who supports versioning/rollback (e.g. backblaze, DropBox etc: basically even if the virus wiped out your cloud storage you could 'roll back' to a version prior to the infection) or to an external hard drive :).

I'm really guilty at neglecting to do offline and offsite. Need to sort it out.
 
Last edited:
Pho said:
Best option would be to give everyone bar yourself a limited access account and not provide the admin password.

Most people recommend running your own account as a non-admin one too (though it's a faff having to authenticate all the time).
Click to expand...

It's a nightmare if you actually use your pc for any kind of work, move a file to programs folder, needs authentication, need to use cmd, needs authentication. Even with UAC disabled there are still problems, I always activate the superuser account when I use windows because of the hassle.

Dimple said:
That's what I've been doing for 6 months and it's a PITA, hopefully this program Ethan linked to will do the job.
As soon as you open up any web browser a green warning comes up saying:
Hitman.Pro Alert is watching your browser.
Currently no intruders detected.
Click to expand...

A sandbox is far easier to deal with, nothing can get through your browser then.
 
Last edited:
Interesting thread. I have heard about ransomeware using encryption on Android systems, but this is the first time I've heard about it happening on Windows. I do of course know about fake antispyware programs on Windows going back many years asking for money but they don't encrypt files.

bitslice said:
What are people's suggestions for protecting their data?
Click to expand...

I've always used on-site backup onto 3.5" normal hard drive, plus an off-site backup on a 2.5" lappy drive. Both drives are external. Useful if you've had a fire or burglary as the off-site copy will be in a rucksack on your person. However, reading this thread, they won't be immune to Cryptowall, so I'm not sure what I can do now :confused: Thankfully I have never done cloud for backup, only used it as a temporary location for file sharing with friends.
 
So how does Cryptolocker traverse directories? Does it go depth first with network drives first? If so, could you hypothetically create a fake network drive with an infinitely recursive logical directory structure and have it just try to encrypt everything in that drive forever?
 
You must log in or register to reply here.
Back
Top Bottom