Windows 8 and 8.1 Forums


Beware: CryptoLocker Virus

  1. #11


    Bay Area
    Posts : 21,838
    Windows 7 Home Premium x64
    Last edited by A Guy; 28 Oct 2013 at 23:21.

      My System SpecsSystem Spec

  2. #12


    I just saw this...

    October 28, Help Net Security – (International) Researchers sinkhole several Cryptolocker C&Cs. Researchers at Kaspersky Labs were able to sinkhole three domains serving as command and control (C&C) servers used by the Cryptolocker ransomware. Source: Researchers sinkhole several Cryptolocker C&Cs
      My System SpecsSystem Spec

  3. #13


    USA, Idaho
    Posts : 1,062
    Win 8, (VM win7, XP, Vista)


    What about when using a VM. All my every day use is within a VM that includes e-mail, downloading apps/programs and what not. The only use of my internet on my main system is for the app store, and upgrades (once a week).
      My System SpecsSystem Spec

  4. #14


    Posts : 176
    Windows 8.1


    Using Firefox and NoScript saved me from getting infected with the FBI warning scam once. I don't know if it will work with the CryptoLocker virus or not and hopefully I'll never have to find out.
      My System SpecsSystem Spec

  5. #15


    Posts : 82
    Windows 8.1


    If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?
      My System SpecsSystem Spec

  6. #16


    Posts : 454
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by dakeb View Post
    If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?
    How about just summarily deleting .exe attachments? I'm unclear as to how these infections occur. Unless the malware is able to exploit a bug, email programs, browsers, etc shouldn't launch executables automatically, right? So people must be launching them directly from the program or saving them and carelessly running them, right?
      My System SpecsSystem Spec

  7. #17


    Posts : 82
    Windows 8.1


    Quote Originally Posted by crawfish View Post
    Quote Originally Posted by dakeb View Post
    If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?
    How about just summarily deleting .exe attachments? I'm unclear as to how these infections occur. Unless the malware is able to exploit a bug, email programs, browsers, etc shouldn't launch executables automatically, right? So people must be launching them directly from the program or saving them and carelessly running them, right?
    The .exe files are hidden in .zip files or disguised as a .pdf file, but when you click on it, it is an .exe file and too late.
      My System SpecsSystem Spec

  8. #18


    Posts : 279
    64-bit Windows 8.1 Pro


    IMHO, if the suspect email gives you pause, play it safe and delete it
      My System SpecsSystem Spec

  9. #19


    Posts : 82
    Windows 8.1


    I agree but this virus is disguised in legitimate emails from people you know or companies you deal with
      My System SpecsSystem Spec

  10. #20


    I just cleaned up a client's machine with this. He received an email from his domain but not a valid address (spoofed) which contained a .zip file which he saved and scanned. His AV didn't alert on this variant (it did the next day after definitions were updated). He receives excel files regularly and the icon displayed as an excel file. Of course he had Windows set to hide extensions for known file types, although he probably didn't know what the extension for excel is anyway, so he clicked it. It encrypted ALL of his data. Fortunately he had fairly recent backups and we wiped his machine and reinstalled. These are the tips I gave him among others:

    1. Don't open strange attachments. The majority of my clients can't create a .zip file. Do you really think they sent you one? Most servers won't strip pdf or attachments but will strip .exe so it should make you wonder why the pdf attachment was zipped to begin with.

    2. Understand that just because the email came from a trusted address it could be forged or they could be infected. Not expecting something or unsure? Pick up a phone or email back asking if they sent it to you and what it is.

    3. Turn on file extensions and understand that a file name xyz.pdf.exe is not a pdf it's malware.

    Hope this helps. This stuff is easy to remove but so far without paying the ransom you are SOL on your data. Also, if you delete the virus you have almost no chance of getting the data back.
      My System SpecsSystem Spec

Page 2 of 7 FirstFirst 1234 ... LastLast
Beware: CryptoLocker Virus
Related Threads
Under Operation Tovar, global law enforcement—in conjunction with the private sector and McAfee—has launched an action to dismantle the Gameover Zeus and CryptoLocker infrastructure. Disrupting the criminal infrastructure by taking control of the domains that form part of the communications...
BEWARE! Leprimodels in System Security
If this is common knowledge, apologies. Whatever you do, if you receive an email from Leprimodels.it, DO NOT! visit their website or download any software, games etc. This site is full of viruses and spurious software.
Hi there This is not I'm sure what Google was founded for -- An "Unofficial Police Database" BBC News - Google Transparency Report shows rise in data requests Seems like the law enforcement agencies in the USA are making very big use of this (probably cheaper and more efficient than relying...
Hi there If you use things like Utorrent (and there are plenty of legit reasons to use some torrents -- Linux distros, Driver packs etc) then DO NOT UPDATE to the latest version of Utorrent. What it does --even if you don't want the toolbar installed -- adds an "Addon" to IE10 which changes...
Beware of Logitech Chrome extension in Installation & Setup
Since the Windows 8 preview, when you install the latest version of Logitech Setpoint, it will screw up scrolling in Chrome. Haven't tested in other browsers, but the problem still persists. Just go to Settings --> Extensions and trash it. This is baked into windows update so look out for it. If...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook