Jump to content

Virus warning

bluecoupe

By bluecoupe,
in General Chit Chat

 Share

Recommended Posts

bluecoupe Newbie

bluecoupe

Posted
Posted (edited)

Not really sure where to put this...

I absolutely hate to put up notices like this but unfortunately, this one appears to be necessary.  This one is a bit long but I suggest that you read it. If you choose to not install it, that's fine - if you're cautious you should be fine anyhow but you should at least be aware that this is lurking in the wings and trying to bite you.  I know, I'm new here and pretty unknown but at least read and look into this for yourself.

This is a warning to Windows users of an extremely serious and severe infection that is going around called CryptoLocker. It first appeared in early Sept 2013. It is not impossible to recover from, but you need to be prepared for it. 

First, what it is and what it does:

It's a trojan type of malware that comes into your system primarily thru email as a ZIP file. Many people report a fake USPS email but it can be anything to try and get you to open the attachment. If you open the attachment, the executable will encrypt your files on your hard drive making them unusable. There are only 2 ways to recover from that scenario.
1, you pay the ransom following the instructions (prices vary from $100-$400) and then you wait for the files to decrypt.
2. You remove the malware (easy to do that) and restore from a good backup. If you don't have a backup, you're SOL. You will have to pay to get your files back. The "experts" haven't been able to resolve this particular malware yet and while the possibility exists, it will be very difficult. The encryption uses a public and private key, unique to each system that it infects. The public portion of the key resides on your system and the only way to get the private portion is to pay the ransom fee. You cannot decrypt your files without the private part of the key.

Second, how the h*77 do I stop it? :

1 - Don't open any attachments in your emails that your aren't expecting. Just good common sense.
2 - Backup your stuff. Again just good common sense.
3 - There is a prevention tool available that will keep this particular malware from infecting your computer. I'd recommend that your d/l and install it but as always  that's up to you and don't shoot the messenger (me).

The link for the prevention tool: http://www.foolishit.com/download/cryptoprevent/ 
Yes, I know; it's a zip file, but it's not infected - it's the prevention tool, honest. 

Here are some additional links for your reading pleasure if you're a glutton for punishment:
http://www.bleepingcomputer.com/viru...re-information  
http://www.snopes.com/computer/virus/cryptolocker.asp 
http://www.davescomputertips.com/block-cryptolocker-ransomware-with-free-cryptoprevent/
or... google cryptolocker and I think you'll see it's for real.  

The prevention tool will also help protect from lots of other malwares that run from the same location as CryptoLocker.

Bottom line is that I wanted to warn you about this nasty. There is currently no way around it other than pay up or restore from backups. My suspicion is that the Feds will be getting involved but they may be busy on another bomb of a website... <ahem> .
Again, install it or not, totally your call.

Recommendations:
1. - Don't open email attachments.
2. - Get your stuff backed up if you don't want to lose it.
3. - Install the prevention tool, just to make sure.

Here's a link that also has the installation instructions and some other data:
http://www.davescomputertips.com/block-cryptolocker-ransomware-with-free-cryptoprevent/

My "cliffs notes" installation instructions: 

1) download the CryptoPrevent.zip file software from the provided link  and save the file.
2) find the CryptoPrevent.zip file  on your system and double click in it
3) There should be an "extract all files"  at the top of the subsequent window - click that
4) It will want to extract to a directory - let it, make sure that the "show extracted files when complete" box IS checked
    and click extract
5) In the next window that popus, double click on CryptoPrevent.exe
6) It will popup a window from FoolishIT.com - don't fret the name - it's legit - click on OK
7) Click on Whitelist and then on Whitelist Options
8) Click  on "Whitelist all EXEs currently......" You'll get an "operation completed" popup, click ok and you may see
    the window get populated with quite a few .exe files - that's ok if it does.
9) Click on the red X in the upper right to delete the Whitelist Options window - your done with it.
10) Click the "Block" box in the "CryptoPrevent V2.2.3" window
  
You'll get a "Refreshing Group Policy" popup for a bit that will eventually go away.

Then you'll see a popup from CryptoPrevent indicating that you should restart your PC to enable it. Save any other windows
that are open which you have not saved and click "yes" to reboot your system.

There is a newsletter at the authors site (http://www.foolishit.com/) which you can sign up for to be kept up date if you wish.

Edited by SteveC
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...