Nasty Computer Virus Going Around....

[The Annoyed Man]

Apparently, the Cryptolocker virus arrives as an email attachment. Hat tip to my friend Jonathan Evenden on Facebook (I talked about his father here: viewtopic.php?p=852279#p852279" onclick="window.open(this.href);return false;). According to Jonathan:

It encrypts specific files in RSA encryption - no decryption possible without paying the virus writer. You also have 72 hours to pay, or else your files are gone for good.

It would be cool if laws were passed making it open season on these jerkwads, with a "dead or alive" reward for each one you bag.

Cryptolocker discussion with more details happening here: http://www.bleepingcomputer.com/forums/ ... k-program/

This has been a public service announcement.

[The Annoyed Man]

Stepson got similar this past week. He's in Germany, closer to the Czech border..

Told him there wasn't much I could do from Texas.. Even if I loaded up a repair disk it would take a week to get there.. if I sent some files up on ftp, he couldn't get online to get them..
I asked him for some screen shots and if he could snag any of the code.. I think that went over his head..

He did a full system restore back to factory settings.. He's smarter now.. I hope..

The last time I had a virus (years ago when I was still in the PC world), the virus made a copy itself in the boot sector of the disc, so that even if you restored to factory settings, as soon as you rebooted, you were reinfected. It was a nasty booger too. I don't remember how I got rid of it.

[OldCannon]

Traveling to Russia or Malaysia and hunting down the perps presents many obstacles.

Keep backups of important stuff. Should go without saying these days, but...

[BigGuy]

Stepson got similar this past week. He's in Germany, closer to the Czech border..

Told him there wasn't much I could do from Texas.. Even if I loaded up a repair disk it would take a week to get there.. if I sent some files up on ftp, he couldn't get online to get them..
I asked him for some screen shots and if he could snag any of the code.. I think that went over his head..

He did a full system restore back to factory settings.. He's smarter now.. I hope..

The last time I had a virus (years ago when I was still in the PC world), the virus made a copy itself in the boot sector of the disc, so that even if you restored to factory settings, as soon as you rebooted, you were reinfected. It was a nasty booger too. I don't remember how I got rid of it.

I've used ComboFix for several root kit type infections. It often takes several runs to get everything. Sometimes though, there nothing for it but a scorched earth rebuild. Format and reinstall. Then the users get angry when I won't just copy everything back from their document folder and email.
But by far the best thing to happen to me was a Barracuda spam and virus firewall and the Barracuda web filter with active updates. I maintain about 30 wintel desktops. (ranging from XP to Win 7) About 70 macs (From G4 minis running 10.4.11 to iCore 7 laptops on 10.8.4) And about 20 servers running everything you can think of. (Ubuntu, OS-X server, Windows 2000 server and even two Windows NT server, print servers.)
I'll have to deal with A piece of malware about once every two weeks on one of those 30 PCs. At three smaller sites we also maintain that don't have the Barracuda, we spend at least half of every twice a week visit, cleaning up malware.
It was about 8K initially for the hardware and about $800 per year for the updates. Worth every penny of it.
(note - I have no affiliation with Barracuda other than being a satisfied customer.)

[uthornsfan]

I can verify that this is one of the nastiest forms of malware/ransomware you can get.

One of our clients just got this virus yesterday after opening an email attachment from the BBB. Not only did it infect her system and encrypt all of her office files but it also infected the server to which they had drives mapped.

We ended up having to pay the $300 to get all the data restored. Its actually quite amazing and quite brilliant. They force you to pay using a MoneyPak which is basically cash. However they do remove all encryption and the malware/ransomware from the system.


BE ALERT

[CHLLady]

I've never even heard of such a thing. Thank you for posting about this.

[Teamless]

Why in this day and age do people still open email attachments from people they don't know.... OR.... from people they do know with a subject or body of "Hi, How have you been" or other similar.

I have received probably 200 virus attachments in the past 5-6 months from various senders from BBB to IRS to FBI to my father (or many other family or friends).
everyone of them had something in common, it all smelled like dog poo.
DELETE - empty deleted folder - Buh Bye

[Dragonfighter]

Stepson got similar this past week. He's in Germany, closer to the Czech border..

Told him there wasn't much I could do from Texas.. Even if I loaded up a repair disk it would take a week to get there.. if I sent some files up on ftp, he couldn't get online to get them..
I asked him for some screen shots and if he could snag any of the code.. I think that went over his head..

He did a full system restore back to factory settings.. He's smarter now.. I hope..

The last time I had a virus (years ago when I was still in the PC world), the virus made a copy itself in the boot sector of the disc, so that even if you restored to factory settings, as soon as you rebooted, you were reinfected. It was a nasty booger too. I don't remember how I got rid of it.

Elitist Mac users...sheesh . For those of us STILL in the PC world the best thing I have ever seen, for deep scan and removal even from boot sectors is Combofix. I keep a copy of that and a sundry list of a few other tools on my flash drive to help friends out when they have a problem. It creates a restore point and "recovery mode" boot option within your Windows installation. I have never encountered a rootkit or other boot sector virus it couldn't eradicate. Kind of a nuclear option.

I am very careful as the rest of my family is, I use AVG as well as Spybot in combination and so on. But just in case I keep a rescue disc, written in Linux with all of my other "weapons" on it. I have rebuilt at least one boot sector with it.

[brhalltx]

Elitist Mac users...sheesh . For those of us STILL in the PC world the best thing I have ever seen, for deep scan and removal even from boot sectors is Combofix. I keep a copy of that and a sundry list of a few other tools on my flash drive to help friends out when they have a problem. It creates a restore point and "recovery mode" boot option within your Windows installation. I have never encountered a rootkit or other boot sector virus it couldn't eradicate. Kind of a nuclear option.

I am very careful as the rest of my family is, I use AVG as well as Spybot in combination and so on. But just in case I keep a rescue disc, written in Linux with all of my other "weapons" on it. I have rebuilt at least one boot sector with it.

All work of my own is done on Macs... But I work on Macs and Windows for pay. I've seen some nasty root kits just recently. Modifications of older stuff (ransomware), but they don't seem to be doing what was intended (demanding money ); they just screw up the machines and invite more friends to the party.

Here's what I use:

Spybot Search and Destroy
Malwarebytes AntiMalware (they also have an anti rootkit package that's still in beta)
Combofix
TDSSKiller
Hitman Pro

Other software as needed.

Windows users, do youselves a favor: buy a Malwarebytes lifetime license for $24.95. It actively scans and monitors outgoing traffic, blocking attmpets to contact known-to-be-bad sites. Run it along with good antivirus software.
The best is antivirus software is ESET, either their antivirus only product, or Smart Security (antivirus, antimalware, antispam, firewall...).
A customer just switched (against my recommendations) from ESET to Norton Internet Security to save $1/year/machine... And have had to pay me more than they'll save in years to get everything working with Norton.

[tomtexan]

A customer just switched (against my recommendations) from ESET to Norton Internet Security to save $1/year/machine... And have had to pay me more than they'll save in years to get everything working with Norton.

Norton is the worst.

[sunny beach]

Imagine how much good it could do on government computers.

[brhalltx]

Norton is the worst.

McAfee may be the worst... But Norton is pretty close. I thought Norton was getting a little better the last couple of years, but this one is horrible.

[Crossfire]

I volunteer as IT support at our church. Just got a frantic phone call from one of my users that her laptop has this infection. Oh, AND it is the Finance Director.

You know, you can tell them not to download attachments from unknown users, but you can't hold their hands 24/7.

Guess I know what I will be doing tomorrow...