Topic: Ransomeware _ENCRYPT

[waltmon]

i think I picked up this virus when I downloaded 2 seasons of Vikings.  I've been fighting malware since...I deleted all of the suspect movie files...

  Now this _ENCRYPT  crap has infected pretty much all music on my laptop...fortunately didn't hit peripheral drives.  Reading on several fixes...any thoughts on the most reliable? 

  I'm hearing take it back to a restore point prior to infection...THEN apply malware.  I have malwarebytes, cc cleaner, adaware, and superspyware cleaner...none of the audio files play...I don't see myself paying a ransome to these hacks.

[Ultfris101]

That sucks. It's probably worth trying the restore point path, but honestly I would wipe the computer as clean as I can and reinstall everything. This kind of stuff can be very difficult to fully eradicate. A lot of times the restore points apply to system files and files a program changed when it was being installed but not data files. I would be surprised if it fixes any of the encrypted media files but it might I suppose if it's a backup and not just a system restore point.

I'd definitely like to hear how it goes. I've heard about this but don't know anybody with first hand experience.

Out of curiosity, did you have any anti-virus or other security software of any kind installed (aside from the anti malware stuff you are planning to install now) and in use prior to this? I'm assuming this is Windows.

[Fatah Ruark (aka MIKE B)]

The ONLY safe way to get rid of malware is to wipe EVERYTHING and recover from a backup NOT connected to the computer.

If you're going to download illegal downloads I would avoid public sites like the Pirate Bay. Private sites are safer, but you're still taking your chances.

[waltmon]

Symantec detected nothing nor did any of the malware programs...further inquiries stated that the ransomeware is piggybacking on Adobe updates somehow. I guess Adobe reported they fixed the issue and that apparently was crap...

  I was getting repeated requested to update Adobe. ..guessing it started there.

[ilduclo]

try the spyware blaster routine?

http://www.majorgeeks.com/files/details/spywareblaster.html

[buckster]

Over at Bleeping Computer they have this information on an encryption ransomware: http://www.bleepingcomputer.com/virus-removal/coinvault-ransomware-information.  The last time I dealt with ransomware there were off the shelf tools available to easily take care of it; however, it seems the bad guys have seriously stepped up their game and there's no malware removal tool currently available that can undo the encryption.  So unless you have a backup to resort to, you're screwed. 

If you scroll down that article you'll see there is a free prevention tool available: 

How to use the CryptoPrevent Tool:

FoolishIT LLC was kind enough to create a free utility called CryptoPrevent that automatically adds the suggested Software Restriction Policy Path Rules listed above to your computer. This makes it very easy for anyone using Windows XP SP 2 and above to quickly add the Software Restriction Policies to your computer in order to prevent CoinVault and Zbot from being executed in the first place. This tool is also able to set these policies in all versions of Windows, including the Home versions.

 

The CryptoPrevent Tool is located here http://www.foolishit.com/

[Ultfris101]

The CryptoPrevent Tool is located here http://www.foolishit.com/

"foolishit" ~= "full of shit".  hmmmm

[flipp]

The CryptoPrevent Tool is located here http://www.foolishit.com/

"foolishit" ~= "full of shit".  hmmmm

I prefer either of the following two readings

foolish IT   or
fool is hit

[Ultfris101]

Yes I'd assume it is an attempt at "Foolish IT", but how much better is that? "Foolish" as in the Motley Fool?

I'm not going to visit that site from my work computer to check it out.

Just makes me wary. "Here, install this and you'll never have to worry about ransomware. Just need to make a couple simple registry changes. We're the good guys."

[2manyrocks]

I think we are headed towards the day when a junk PC will be used to connect to the internet and important files are kept only on a standalone PC. 

[Gene Poole]

I think we are headed towards the day when a junk PC will be used to connect to the internet and important files are kept only on a standalone PC.

Just use linux.

[Gordon]

Yes I'd assume it is an attempt at "Foolish IT", but how much better is that? "Foolish" as in the Motley Fool?

I'm not going to visit that site from my work computer to check it out.

Just makes me wary. "Here, install this and you'll never have to worry about ransomware. Just need to make a couple simple registry changes. We're the good guys."

He is 100% legit! I run a computer repair business and use many of the tools Nick (foolishit) makes. I implement CryptoPrevent on every machine I service.

Edit: ransomeware and lots of other malware installs itself in the appdata folder.  CryptoPrevent simply creates a group policy to block items from installing in that directory. utorrent and spotify are the only legit things I know of that load their exe files in that location. You can easily white-list them so they will install and work.

[it-goes-to-eleven]

I think we are headed towards the day when a junk PC will be used to connect to the internet and important files are kept only on a standalone PC.

Another option is to run your browser in a virtual machine or sandbox.  Of course those can run on Linux, with any version of windows, or macos, running under linux.  Though nothing is completely foolproof - there is malware that breaks out of virtual machines.

The other huge advantage of a virtual machine is the ability to run an old copy of windows, say XP, on much newer hardware. You can also save the image of that OS and move it to new computers in the future. It saves the OS installation drama.

If you'd like to play with free virtual machine software, I recommend virtualbox.  It is quite easy to use.

https://www.virtualbox.org/wiki/Downloads