TexasCHLforum.com

Well, my wife's laptop was infected with a ransomware virus that has her computer locked down pretty tight.

She received a popup yesterday asking saying Adobe Reader had downloaded an update and asked if she wanted to install it. She said it didn't look quite right so she clicked "NO". Well, things seemed to to ok for the rest of the day and this morning when she went to her computer, She had a full screen picture saying it was a message from Interpol and that she had been visiting illegal porn sites. It said her computer would be locked until she goes to a 7-11. CVS or Kmart and purchased some type of payment code for 100 euros.

I spent about 4 hours this morning researching this on the internet to see how to remove it. Wasn't able to get any of the methods to work. Dropped it off at a local repair shop to see if he can fix it. Said it would be around $100 if he doesn't have to reload or fix Windows. Pretty stinking frustrating. Especially when I spend money every year renewing my Trend Micro Antivirus software.

Therefore, as always and just like carrying, always be aware and never let your guard down whether you are on your computer or out and about.

If you can get the computer back, run Malwarebytes in Safe Mode. That's cleaned it up for a lot of people.

Unfortunately, it was so locked down I could not get in in safe mode nor even to a c: prompt. It was tight. Hoping the guy I took it to has much more success than I did. I will make sure to have malwarebytes on it in the future. Already loaded it and ran it on my other computers.

Thanks!

mojo84 wrote:Unfortunately, it was so locked down I could not get in in safe mode nor even to a c: prompt. It was tight. Hoping the guy I took it to has much more success than I did. I will make sure to have malwarebytes on it in the future. Already loaded it and ran it on my other computers.

Thanks!

I don't think I understand not being able to get into safe mode. Did you power down the computer and interrupt the boot sequence to enter safe mode?

About 25 times. It would show safe mode in the corners but the screen would be black other than that. No cursor. No windows usr interface/desk top. Nothing.

I work in technology and will tell you that Ransomware is a relatively new and very credible threat. Common delivery mechanism are delivery notifications - FedEx, UPS, etc.

What it does is encrypt your files. There is nothing we can do if your files get encrypted.. They can't be recovered (short of some NSA-level efforts) without the encryption key. These guys want you to pay to recover files and that's the direction these threats are going....

We're seeing a lot of this. Hopefully front line filtering and malware software will adapt, but right now it's a pretty big issue.

The GreenDot ransomware has been going around for a while but we got a warning about a new variant this week.

I want to say one word to you. Just one word.
Yes, sir.
Are you listening?
Yes, I am.
Backups.

Zoo wrote:The GreenDot ransomware has been going around for a while but we got a warning about a new variant this week.

I want to say one word to you. Just one word.
Yes, sir.
Are you listening?
Yes, I am.
Backups.

Disconnected backups, These things also go out on the network and lock things down so do a regular full backup then disconnect it if it is a NAS drive like MyBook.

I haven't seen this just yet. I am a part of a group that also watches on threats. Wonder what the encryption level is.

Google "Interpol Cybercrime Virus"

I'm not aware of the encryption but it does change your registry and disaes the ability to go to certain virus removal sites and prevents antivirus and malware software from running. It's pretty nasty.

jmra wrote:I don't think I understand not being able to get into safe mode. Did you power down the computer and interrupt the boot sequence to enter safe mode?

I've seen this twice and am going to clean it off of another friend's computer this evening after work. The first time, I got into Safe Mode and ran Malwarebyte's Anti-Malware and AVG free antivirus. No issue. The second time, a few weeks ago, logging into Safe Mode rebooted the computer right away. I ended up having to go into "Safe Mode with Command Prompt", enter the command line instruction to open the Control Panel, create a new user account with Administrator privileges, then restart and log into the new account to run all of the detection and clean-up software. Every iteration I've seen of this has been nastier, by far, then the previous versions.

Just found out my computer guy couldn't get past it in order to run the scans. He is in the process of wiping the computer and resetting it up. Thank God for Carbonate, local backup drive, Dropbox and my cloud based agency management system. Looks like I'll be out $2-300 and about a weeks worth of productive work.

All I can say is be very weary and careful.

He also recommended AVG and Malwarebytes instead of me paying a premium for Trend Micro. Going to have to think in this more.

If this is the new CryptoLocker malware, it is nasty. Spread is typically through spam. I have three such spams in my mail today. Today's spam subject 'baits' are "Mortgage update - Completion date" and "You have received a secure message". Yesterday's baits were Wells Fargo related. All of the messages contain an attached zip file that is the infection vector. CryptoLocker is related to the Zeus banking trojan. It would be extremely wise to keep an eye on any online financial accounts you may have.