Author Topic: CryptoLocker Ransomware + CryptoPrevent Q&A  (Read 31322 times)

0 Members and 1 Guest are viewing this topic.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 664
    • View Profile
Re: CryptoLocker Ransomware
« Reply #60 on: June 19, 2014, 01:30:35 PM »
Basil,

Those are precisely the two entries I cited above (with more details).   By quarantining them, you've effectively UNdone the FILTER module protection that you enabled upon updating CryptoPrevent to version 6.x

Yes, the machine will continue to "run fine" either way... as using CryptoPrevent is purely optional.

If you WANT CryptoPrevent's full Filter Module protection, you need to restore those entries from MBAM's quarantine [alternatively, run CryptoPrevent to RE-APPLY PROTECTION], and when MBAM finds these entries again, use the drop-down ACTION menu to select ADD EXCLUSION (instead of quarantine).   Then click on APPLY ACTIONS.

If you prefer NOT to have CryptoPrevent's Filter module protection, you can leave the two items in MBAM's quarantine.


Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 564
  • Formerly known as gr277
    • View Profile
Re: CryptoLocker Ransomware
« Reply #61 on: June 19, 2014, 01:58:23 PM »
ky331

Thank you for the clarification. Very helpful.
I have done exactly as you suggested and the two entries are now excluded.
I have again run a MBAM scan and it returns clear results!... :D
Thanks again... :mitch:

P.S. Incidentally, I have just discovered that the "minimise" button of MBAM does not work. It just closes the programme. Is it only me??... :)

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 664
    • View Profile
Re: CryptoLocker Ransomware
« Reply #62 on: June 19, 2014, 02:17:32 PM »
Yes, the "minimize" button is closing MBAM2(.0.2.1012) Free here as well.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1575
    • View Profile
Re: CryptoLocker Ransomware
« Reply #63 on: August 06, 2014, 02:07:14 PM »
Cryptolocker victims to get files back for free:
All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.

http://www.bbc.co.uk/news/technology-28661463


Paddy.. :Hammys pint:
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: CryptoLocker Ransomware
« Reply #64 on: August 14, 2014, 08:49:53 PM »
Cryptolocker victims to get files back for free:
All 500,000 victims of Cryptolocker can now recover files encrypted by the malware without paying a ransom.

http://www.bbc.co.uk/news/technology-28661463


Paddy.. :Hammys pint:


Unfortunately, this isn't the end of the story.

Quote
It didn’t take long for an updated version of GameOver Zeus to make some headway in rebuilding itself.

Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least 12,353 unique IP addresses worldwide. Arbor’s numbers come from five sinkholes it manages, and data collected periodically between July 18 and July 29.
NewGOZ Gameover Zeus Botnet Rebuilds


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: CryptoLocker Ransomware + CryptoPrevent Q&A
« Reply #65 on: August 22, 2014, 06:20:07 PM »
CryptoPrevent Update information split from the discussion topic and added to the Index of Security Software Programs

Direct link here:  CryptoPrevent.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 664
    • View Profile
Re: CryptoLocker Ransomware + CryptoPrevent Q&A
« Reply #66 on: August 24, 2014, 10:22:03 AM »
Earlier in this thread, it was noted that, effective with version 6.x, if the user INSTALLED CryptoPrevent and activated the real-time FILTER MODULE, there was the probability of F/P detections of the .PIF and .SCR filetype-associations by security programs including MBAM and WinPatrol.

CryptoPrevent also offered a "PORTABLE" [i.e., NON-installed] version, in which the real-time filter module was not available (thereby bypassing the question of generating these particular F/P detections).   I was/am running the portable version.

A significant change in v7.x was that it was "Updated to not trigger Malwarebytes Anti-Malware detections with the installed version".

Reporting here that I've recently taken note that WinPatrol is listing, under File Types, that I now have both the .PIF and .SCR filetypes associated with CryptoPreventFilterMod.CryptoPreventEXEC.   This has occurred on my primary Win7x64, as well as on my secondary 32-bit WinXP.   I find this fascinating since 1) I believe I am still running the portable version of CryptoPrevent, and 2) relating to a separate WinPatrol issue, these filetype changes went through without any flagging/announcement from WinPatrol (despite my having set FileType protection to be monitored in Real-Time, and LOCKED my file types).