In my opinion, hard copies of a new computer image should be included by federal law. Hell Windows Ha-eight doesn't even have a product key sticker, anymore
Computer Virus Help Needed
- Thread starter Hemioutlaw
- Start date
-
In my opinion, hard copies of a new computer image should be included by federal law. Hell Windows Ha-eight doesn't even have a product key sticker, anymore
TrailBeast
AKA Mopars4us on Youtube
Personally I think Microsoft should be forced out of business for producing a product that ends up costing it's customers so much time and money.
(Taxpayers enjoy the protection of the US government my ***)
They won't even stop Chinese knock off's of MSD products on Ebay.
Vs29H1B
Well-Known Member
That's all good and fine, but no one does it.
They generally just use a computer, do no backups and barely if ever a decent antivirus program.
We can preach till blue in the face, but only hear from them after the infection.
The ones I hate the most are the ones that call and tell us they can't afford to pay our cost's because they gave the scam all their available funds, so "can't we give them a special deal?" :finga:
Also a lot of computer manufacturers and sellers don't include a reimage DVD or whater, but a little pop up comes up on the screen telling them to make a restore disc set, but they don't do that either.
Then all this aside, Windows WILL get infected somewhere somehow anyway because it's the nature of the beast.
(the easier it is for the average person to use, the easier it gets taken advantage of)
Sorry --- but each platform is vulnerable, regardless of OS deployed, and bad actors in fact - do compromise all platforms. Ironically OSx Yosemite and iOS are among the most easy to use consumer grade products but almost exclusively rely on code signing and a few other weak security measures which can be easily bypassed by bad actors with weak technical skill. App vetting is also the other measure most Apple products tout, but there are easy work arounds there as well. As Apple gains greater presence, those products will be more targetted by nation states and bad actors (criminals).
To take this conversation further would be to take it places that it should not go as we all are just trying to help the OP recover his system and fix the vulnerabilities and mitigate risk going forward.
Unless you have a need to know, and work within the penn testing / forensics / malware analysis / Incident response side of the cyber security industry, you likely will not have the level of knowledge -nor the understanding on the nature of this threat. And that's OK ---- we all are just trying to help the OP recover his system and avoid these types of compromises going forward.
I stand by the recommendations to the OP --- it is his choice how to proceed.
TrailBeast
AKA Mopars4us on Youtube
I hear/see the words, but are you saying you are willing to help the OP possibly recover his stuff then?
Or telling him what he should have done, or should do next time?
LMAO. It's evident in recent "noose" that the govt can't even protect it's OWN systems. Does anyone REALLY believe that the huge computer glitch the last few days was "unrelated?"
TrailBeast
AKA Mopars4us on Youtube
Who knows for sure, since they lie to us more often than not anyway.
For all we know the entire SSI system was hacked but they wouldn't say if it had.
All you have to do is search for ctb-locker, and look at the results... I cant guarantee these will work, but its a starting point
First result is this:
http://www.2-spyware.com/remove-ctb-locker-virus.html
Here is a video:
[ame="https://www.youtube.com/watch?v=GtjYb1I9M5o"]How to Remove encrypted by CTB-Locker virus from your desktop and recover your missing file - YouTube[/ame]
First result is this:
http://www.2-spyware.com/remove-ctb-locker-virus.html
Here is a video:
[ame="https://www.youtube.com/watch?v=GtjYb1I9M5o"]How to Remove encrypted by CTB-Locker virus from your desktop and recover your missing file - YouTube[/ame]
daredevil
Well-Known Member
Same way I got the links I sent him Joey.You can fix virtually anything with info from Google if you search properly.
TrailBeast
AKA Mopars4us on Youtube
That's the problem Joey, is that a person could spend days trying everything they find on the internet.
I have a method that usually works, so I have not tried all the internet suggestions.
For time and cost sake it's better to recover the deleted files and move on with a new install if needed.
The OP said he has already removed a bunch of stuff with Malwarebytes, so it's entirely possible he had more than he realized, and just didn't notice until something obvious came up. (which is what I see most of the time)
Usually a system can be cleaned up and be used without further problems unless system files were changed when they were infected and then removed by the cleaners.
This sometimes destroys Windows.
We will be doing a cleanup, then recovery of deleted files, then see what there is to work with after that.
Also a lot of computer manufacturers and sellers don't include a reimage DVD or whater, but a little pop up comes up on the screen telling them to make a restore disc set, but they don't do that either.
I had to call and order the re-imaging CD's for my computer. But you have to do it before they become NOS....
Vs29H1B
Well-Known Member
I hear/see the words, but are you saying you are willing to help the OP possibly recover his stuff then?
Or telling him what he should have done, or should do next time?
The recommendation stands as nuke adn pave as the first step.
I would never trust anything remaining on the hard drive as the system was compromised, and unless you can compare MD5 hashes - from before and after the incident - the possibility exists that the malware exists, even after a cleanup.
His stuff has been exfiltrated and is GONE...
The steps recommended allows for a better fresh start, with a better baseline security posture
if the recommended software products (Malware Bytes Anti-Malware and Anti Exploit - both free) - any A/V of the owner's choising - Secunia PSi Inspector for software patching, and password changes - all as a fresh starting point.
Otherwise - how can you be sure what you have?
The ultimate test is to determine what the machine is talking to - outbound.
After determining that, you still won't know for certain if the machine's registry is hosed, whether a process was renamed and / or a new process substituted by the criminals, etc.
It is a sad fact but the criminals are pretty savy and after money ... as shown in this case.
Whatever the owner decides is up to him, but I would never trust the build on that machine.
Extortion is already in play; it is likely his credentials have been posted on places visited by criminals - that's part of reason I suggest the extreme measures of nuke and pave, and the other stuff.
I hope it works out for the best for the owner --- the web is a dangerous place these days.
Hemioutlaw
Make America Great Again!
Appreciate the input and I tend to agree with the " nuke and pave approach". I do have an external hard drive with backed up info that wasn't hooked up during the invasion and hopefully that will facilitate a more seamless return to normality. Obviously this system compromise was an eye opener for me and highlighted my naivete on thinking I was protected.
I have no doubt that the machine can be brought back to life but one of my primary concerns is identifying the root of the infection. Would it be erroneously optimistic to assume that the source can be traced?
BigBlockMopar
BigBlockMember
Forget finding the source (by yourself).
Whatever you do, do not connect that external drive to your pc BEFORE you've wiped it clean and reinstalled your system again.
Whatever you do, do not connect that external drive to your pc BEFORE you've wiped it clean and reinstalled your system again.
lilcuda
Well-Known Member
- Joined
- Apr 15, 2006
- Messages
- 1,140
- Reaction score
- 153
Crypto locker viruses are a beeotch. Had a user get hit with one a year ago. Had to restore a bunch of network files from backups. Wiped the user's computer and reloaded Windows. I agree with the nuke and pave procedure. Although I know of people who have paid the ransom and gotten access to their files.
Best thing to do is have good antivirus software (McAfee is crap), and get a copy of Acronis True Image and take regular (once a month) backups of your entire C: drive to an external drive. Most importantly, DISCONNECT the external drive you put your backups on when you are done. Backups are useless if they are corrupted or infected.
I've got 16 years in the IT business, I've seen it all.
Best thing to do is have good antivirus software (McAfee is crap), and get a copy of Acronis True Image and take regular (once a month) backups of your entire C: drive to an external drive. Most importantly, DISCONNECT the external drive you put your backups on when you are done. Backups are useless if they are corrupted or infected.
I've got 16 years in the IT business, I've seen it all.
TrailBeast
AKA Mopars4us on Youtube
To what end, because no one will do anything about it.
The problem is that this software can be purchased for use by anyone, and there is more than just one source.
The page where the link that was posted said if you called that 866 number they would remove the virus and give you a report on where it came from, but I certainly wouldn't trust that.
Probably just another part time college student employee asking for a CC number on the other end anyway. (always is)
One thing to note here is you will never always be ahead of infections targeting Windows, but you may spend the rest of your computer using days trying and worrying about it to the point that it's not worth it any more.
You see how hard the government and retail entities try and can't stay ahead of it, and they have WAY more resources to throw at it than we do and I am certainly not going to spend my days using it as if it were some sort of hide and seek battle with virus designers.
Windows is way too easy to reinstall to live like that, so you just don't keep anything on it that you can't afford to loose or have compromised.
Cuda68Scott
Well-Known Member
So I have Norton 2015 Security. Would it protect me from this type of invasion?
TrailBeast
AKA Mopars4us on Youtube
Probably not, as I have seen plenty of them infected with that same virus. (Norton of every version you can think of)
There is a program out there called Crypto Prevent, but it's pretty new so who knows if it actually works yet.
It essentially locks those parts of the system down to prevent the virus from doing what it needs/wants to do.
Of course the same could be done manually also by changing the permissions and policies for those same system files, but who want's to go through all that when there is a program that can do and undo it with a click of a button, (If it actually works)
If you wanted to install a new program for example, that would all have to be undone and then redone after.
There are all kinds of precautions we could take but nothing is 100%
Same with removal of these little buggers (Nothing gets them all) so we have to use multiple programs and even some manual removal of bad files if needed.
Just for the record, I've had that (and similar) splash/warning page come up a few times.
The first couple times, I simply turned off my computer.
No damage done either time.
Then I started seeing what else I could do...
apparently the program NEEDS you to click on something on that page to execute.
I've even gone so far as to finish what I was doing in other browser windows before restarting my machine.
Hasn't gotten me yet (of course, now that I've said all that.....)
The first couple times, I simply turned off my computer.
No damage done either time.
Then I started seeing what else I could do...
apparently the program NEEDS you to click on something on that page to execute.
I've even gone so far as to finish what I was doing in other browser windows before restarting my machine.
Hasn't gotten me yet (of course, now that I've said all that.....)
TrailBeast
AKA Mopars4us on Youtube
I have seen that myself, and it does seem to stop it sometimes.
Even after scans and everything, nothing.
But I have seen it the other way also, where it comes up and that's it.
Never noticed the clicking something being a requirement though. (I'll have to pay attention to that and see)
Not that anyone ever admits if they did click something.
I don't know, but if you are a "paid" customer, and it won't it ain't worth the box it came in
Cuda68Scott
Well-Known Member
Probably not, as I have seen plenty of them infected with that same virus. (Norton of every version you can think of)
There is a program out there called Crypto Prevent, but it's pretty new so who knows if it actually works yet.
It essentially locks those parts of the system down to prevent the virus from doing what it needs/wants to do.
Of course the same could be done manually also by changing the permissions and policies for those same system files, but who want's to go through all that when there is a program that can do and undo it with a click of a button, (If it actually works)
If you wanted to install a new program for example, that would all have to be undone and then redone after.
There are all kinds of precautions we could take but nothing is 100%
Same with removal of these little buggers (Nothing gets them all) so we have to use multiple programs and even some manual removal of bad files if needed.
I guess I better do a better job backing up, so my once a year probably does not cut it LOL.
I am a paid customer bit I sometimes wonder if these antivrus companies actually introduce viruses into the stream to keep their business profits healthy.
-
