CryptoLocker Ransomware + CryptoPrevent Q&A

[ky331]

Basil,

Those are precisely the two entries I cited above (with more details).   By quarantining them, you've effectively UNdone the FILTER module protection that you enabled upon updating CryptoPrevent to version 6.x

Yes, the machine will continue to "run fine" either way... as using CryptoPrevent is purely optional.

If you WANT CryptoPrevent's full Filter Module protection, you need to restore those entries from MBAM's quarantine [alternatively, run CryptoPrevent to RE-APPLY PROTECTION], and when MBAM finds these entries again, use the drop-down ACTION menu to select ADD EXCLUSION (instead of quarantine).   Then click on APPLY ACTIONS.

If you prefer NOT to have CryptoPrevent's Filter module protection, you can leave the two items in MBAM's quarantine.

[Basil]

ky331

Thank you for the clarification. Very helpful.
I have done exactly as you suggested and the two entries are now excluded.
I have again run a MBAM scan and it returns clear results!... :D
Thanks again... :mitch:

P.S. Incidentally, I have just discovered that the "minimise" button of MBAM does not work. It just closes the programme. Is it only me??... :)

[ky331]

Yes, the "minimize" button is closing MBAM2(.0.2.1012) Free here as well.

[Paddy]

Cryptolocker victims to get files back for free:
All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.

http://www.bbc.co.uk/news/technology-28661463


Paddy.. :Hammys pint:

[Corrine]

Cryptolocker victims to get files back for free:
All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.

http://www.bbc.co.uk/news/technology-28661463


Paddy.. :Hammys pint:

Unfortunately, this isn't the end of the story.

It didn't take long for an updated version of GameOver Zeus to make some headway in rebuilding itself.

Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least 12,353 unique IP addresses worldwide. Arbor's numbers come from five sinkholes it manages, and data collected periodically between July 18 and July 29.

NewGOZ Gameover Zeus Botnet Rebuilds

[Corrine]

CryptoPrevent Update information split from the discussion topic and added to the Index of Security Software Programs. 

Direct link here:  CryptoPrevent.

[ky331]

Earlier in this thread, it was noted that, effective with version 6.x, if the user INSTALLED CryptoPrevent and activated the real-time FILTER MODULE, there was the probability of F/P detections of the .PIF and .SCR filetype-associations by security programs including MBAM and WinPatrol.

CryptoPrevent also offered a "PORTABLE" [i.e., NON-installed] version, in which the real-time filter module was not available (thereby bypassing the question of generating these particular F/P detections).   I was/am running the portable version.

A significant change in v7.x was that it was "Updated to not trigger Malwarebytes Anti-Malware detections with the installed version".

Reporting here that I've recently taken note that WinPatrol is listing, under File Types, that I now have both the .PIF and .SCR filetypes associated with CryptoPreventFilterMod.CryptoPreventEXEC.   This has occurred on my primary Win7x64, as well as on my secondary 32-bit WinXP.   I find this fascinating since 1) I believe I am still running the portable version of CryptoPrevent, and 2) relating to a separate WinPatrol issue, these filetype changes went through without any flagging/announcement from WinPatrol (despite my having set FileType protection to be monitored in Real-Time, and LOCKED my file types).