| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 138707 | 2015-01-10 08:59:00 | New Ransomware | blanco (11336) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1391813 | 2015-01-10 08:59:00 | Just been reading this article about PCLOCK from Emisoft. They have a new free decryption tool to get rid of it, similar to Cryptoprevent. Read the article here: www.bleepingcomputer.com |
blanco (11336) | ||
| 1391814 | 2015-01-10 09:33:00 | :thumbs: Sneaky stuff :devil The malware will then delete the Shadow Volume Copies on the infected computer by issuing the vssadmin Delete Shadows /All /Quiet comma Emsisoft do some good stuff. Interesting reading on their Blogs as to how much crap happens all the time http://blog.emsisoft.com/ |
wainuitech (129) | ||
| 1391815 | 2015-01-10 11:08:00 | Agreed. Nice to know that there are people out there that monitor/detect and find solutions for these problems. I mistakenly compared the PClock decryption tool to CryptoPrevent which is an installed system monitoring program. The PClock Decryptor is a scan/ removal tool. I believe that the latest vers of HitmanPro may also deal with PClock - not sure about that. |
blanco (11336) | ||
| 1391816 | 2015-01-11 18:11:00 | I think I have just been hit with something like this. I cannot access any data files on my C or D drive. It says the file extention is wrong. MS Defender was warning me of security issues last night. But I went to bed. This morning I cannot read any of my data files on C or D drive using Windows 7. doc, xls, mdb jpg or video ! I was not asked for a ransom. Luckily I have all of my files on an E drive and a back drive stored off site. But its 2 weeks old. |
Digby (677) | ||
| 1391817 | 2015-01-11 18:41:00 | If you had been hit by either PClock or Cryptolocker you should have a notice on your screen or at least a shortcut to it on your desktop. Look here: www.bleepingcomputer.com |
blanco (11336) | ||
| 1391818 | 2015-01-11 22:12:00 | See if you can see a solution here malwaretips.com | Lawrence (2987) | ||
| 1391819 | 2015-01-12 01:37:00 | There is no desktop item or message. There no help on that Malwarebytes link. But office cannot read any of my data files - A message says they have the wrong extension or they are corrupt. Also I cannot view any jpgs or video files. But after running Defender and Malware Bytes any new files I create with Word etc are OK. So my question is - do I try to find a fix for all of my files. Or try system restore Or Revert to Backups (2 weeks old) |
Digby (677) | ||
| 1391820 | 2015-01-12 02:17:00 | Wouldn't go running System restore just yet. Suggestion, download and run the portable Shadow Explorer (www.shadowexplorer.com). Run it, top left select the drive the items are on, to the right is a date, from the drop-down box select a date that the files were OK. ( may take a moment to load) Select the files, right click - Export ( select location) see if they work OK. |
wainuitech (129) | ||
| 1391821 | 2015-01-12 05:51:00 | Yes I just got the message on my desktop. From Crpytolocker Send them 1.00 bitcoin (US 270) So whilst I may have been able to delete the malware. My files are encrypted and I will have to go to my off site baclup. They use 1024 bit encryption. Bast.....s |
Digby (677) | ||
| 1391822 | 2015-01-12 06:15:00 | Give https://decryptcryptolocker.com/ a crack ( no pun intended). Nothing to lose, never tried it though. Some advise -- If you have other computers on a LAN, disconnect them, it can infect them all over the LAN. What are Your Options after an Attack? Instead of paying the hackers, you should immediately unplug your computer from the Internet, shut it down, and let the professionals at Lanspeed take a look at it. CryptoLocker can quickly infect your computer, and by the time you realize something is wrong, it may be too late. Additionally, you really don't want to have a virus like this active on your computer while it's plugged into your company's network because it will spread to other workstations. Calling in the professionals for this one is really your best course of action because CryptoLocker is designed to make changes to your PC's registry upon restart, as well as encrypt the files for your remote and fixed drivers. This means that you don't have time to troubleshoot the problem from the backend, and turning your computer on and off again will just make the problem worse. |
wainuitech (129) | ||
| 1 2 3 4 | |||||