• Follow us on Twitter @buckeyeplanet and @bp_recruiting, like us on Facebook! Enjoy a post or article, recommend it to others! BP is only as strong as its community, and we only promote by word of mouth, so share away!
  • Consider registering! Fewer and higher quality ads, no emails you don't want, access to all the forums, download game torrents, private messages, polls, Sportsbook, etc. Even if you just want to lurk, there are a lot of good reasons to register!

Cleaning a bad infestation of malware, virii, trojans, rootkits etc

If you are not in the habit of making backups or do not own a high capacity removable USB/eSATA type drive, now would be a really, really smart time to invest in one. Do not assume you are protected with cloud backup that is 'always on' (Dropbox) or redundant/mirrored disks (RAID) with your antivirus and malware removers. Do not rely on network copies if those network stores are always attached. Frankly, if you get this, you are screwed unless you have a cold, offline backup.

http://www.cnbc.com/id/101172439

With new malware, you have to pay to get your files back

CryptoLocker, a nasty new piece of malicious software, is infecting computers worldwide—encrypting important files and demanding a ransom to unlock them.

According to global digital security company Sophos, the malware has been hitting pretty hard for the past six weeks or so.

"It systematically hunts down every one of your personal files—documents, databases, spreadsheets, photos, videos and music collections—and encrypts them with military-grade encryption, and only the crooks can open it," said Chester Wisniewski, a senior security advisor at Sophos.

Your computer, even though it's infected, keeps working normally; you just can't access any of your personal files. It's scary, especially if you haven't backed up your data.

"Cybercrime is evolving as the bad guys get smarter and use newer technologies," said Michael Kaiser, executive director of the National Cyber Security Alliance. "They're always looking for new ways to steal your money."

CryptoLocker is different from other types of "ransomware" that have been around for many years and that freeze your computer and demand payment. Those can usually be removed, restoring your access to files and documents.

But CryptoLocker encrypts your files. There's only one decryption key, and the bad guys have that on their server. Unless you pay the ransom within three days, that key will be destroyed. And as the message from the extortionists says, "After that, nobody and never will be able to restore files. …"

The typical extortion payment is $300 or 300 euros paid by Green Dot MoneyPak, or for the more tech-savvy, two bitcoins, currently worth about $400.

To instill a sense of urgency, a digital clock on the screen counts down from 72 hours so you can see how much time is left before that unique decryption key is destroyed.

One victim described his anguish in an online post: "The virus cleverly targeted … all of our family photos, including all photos of my children growing up over the last 8 years. I have a distraught wife who blames me!"

Cont'd ...
 
Upvote 0
[Mark May], that is some scary stuff.

I'm getting shivers just thinking about how I'm going to manage an office full of people that have multiple network volumes mapped all the time, many of them over several terabytes. It's enough to make me think about putting in my two-week notice and taking a job as a Wal-Mart greeter just to avoid being there when D-Day comes.

When this new generation of malware makes its way into hacked/defaced Web sites and browser hijacks where it becomes virtually unavoidable for even the most proficient and cautious PC users, it's going to be a huge, huge black eye for Microsoft.
 
Upvote 0
So this is just on the Windows side right now, correct? Looks like I'll be a little more cautious when downloading objects and mods for SimCity and Roller Coaster Tycoon over on my Bootcamp partition. Thankfully I don't do anything of consequence on that side of my HDD.
 
Upvote 0
If you are not in the habit of making backups or do not own a high capacity removable USB/eSATA type drive, now would be a really, really smart time to invest in one. Do not assume you are protected with cloud backup that is 'always on' (Dropbox) or redundant/mirrored disks (RAID) with your antivirus and malware removers. Do not rely on network copies if those network stores are always attached. Frankly, if you get this, you are screwed unless you have a cold, offline backup.

http://www.cnbc.com/id/101172439
I took a call the other day from somebody who lost their backup on a Raid 1 disk array.

Also, I don't know how many times I talk to people who lost their data and they don't have a backup. One of the most uncomfortable moments in life is telling somebody years worth of emails are suddenly gone and can no longer be retrieved because they didn't back up their PST file.

Set offline backups on an external drive folks.

Also crypto locker is nasty stuff. Not only does it shit up your files, you are going to get your bank account taken to the cleaners if you do purchase a decryption key from them.
 
Upvote 0
Ok, someone tell me how to get rid of the eDeals bullshit. I've run my virus scanner, malwarebytes, junkware removal tool, AdwCleaner. It seems like each one of them found part of the problem but not all of it. Any help appreciated.
 
Upvote 0
Typically, if your willing to invest the time - google the virus name and 'remove from registry' on your phone or tablet - from there, you can follow the instructions on your PC to remove and clean up any infestation manually. It does take a little time, and know-how, but it's pretty basic and easy to follow.
 
Upvote 0
Cryptowall 2.0 Ransomware Further Developed by its Authors
The newest ransomware from an upgraded Cryptowall 2.0 attacks Windows 32 as well as 64 bit OSs (operating systems). Blog.emsisoft.com reported on 7th January, 2015 stating that this ransomware is the newest in the hacker's armory in which it takes data of user and uses it as captive for ransom.

Cryptowall 2.0 employs the TOR network to cover and confuse its command and control servers. The TOR network is a compilation of community networks which are used together to conceal traffic of the network. Cisco Talos Security and Intelligence Research Group lately launched their research findings noting that the ransomware employs many layers of encryption making it almost undetectable.

Threatpost.com reported on 6th January, 2015 quoting Earl Carter, Security Research Engineer of Talos, as saying "They went through a lot of work to veil the executable in encryption to check if it's running in a virtual machine and the potentiality to abuse multiple environments. So much was placed inside Cryptowall 2.0 and someone labored a lot on the front end to shun detection."

Cryptowall was discovered around one year ago and threat actors have used it to produce notable profits. First-generation ransomware would bolt a system and thereon generate false messages informing the victims that their system had been seized cause of illegal online activities whereas Cryptowall and its close relative Cryptolocker upped the ante and encrypted files on compromised systems. The malware insists for ransom for getting the decryption key in an attempt to restore data of the user which is not delivered many times even if the ransom is paid over.

CryptoWall 2.0 is delivered through email attachments, exploit kits and malicious PDFs. It uses privilege-escalation vulnerability in X86-based machines to exploit 32-bit OSes - starting with Windows Vista - and includes a 64-bit DLL to work on AMD64 systems.

Ransomware is a growing threat to users of computer with new variants continuing to develop. Layered security approach is needed to identify and stop these new complex variants and breaking any step in the attack chain will successfully stop this attack. Hence, blocking initial phishing emails and blocking network connections to known malicious content and also stopping malicious process activity are critical to fight ransomware and stopping it from being hostage of your data.

- See more at: http://www.spamfighter.com/News-194...re-Further-Developed-by-its-Authors.htm#.dpuf
 
Upvote 0
Back
Top