Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Cryptolocker virus protection
Message
<blockquote data-quote="Petrovic" data-source="post: 481366" data-attributes="member: 7767"><p>You have probably already heard about very well known type of virus called “Cryptolocker“.</p><p>Each day you can heard about new variant of Cryptolocker virus and based from my experience I can say that Antivirus vendors just can’t keep up with this kind of threat, because once downloaded Cryptolocker virus changes .exe file names and hashes so it is really hard to track it down.</p><p></p><p>Following recommendations will help you to protect your PC or your network from a Cryptolocker virus.</p><p></p><ol> <li data-xf-list-type="ol">Do not use non-supported Operating System like Windows XP. Although you’ll be more protected using this guide, even if you use an outdated OS like Windows XP, we strongly recommend you to move forward and upgrade to a newer operating system. Microsoft no longer provides security updates or technical support for Windows XP.</li> <li data-xf-list-type="ol">Use good Anti-Virus software protection and make sure your virus definitions are up to date.</li> <li data-xf-list-type="ol">Use a third party Firewall or Windows Firewall.</li> <li data-xf-list-type="ol">Use Windows User Account Control (UAC) in Admin approval mode. When the system or you initiates an .exe file it will ask you for consent or for a password if you are logged on as a standard user.</li> <li data-xf-list-type="ol">Always work under Windows standard user account. Let Windows ask you for administrative credentials each time you try to install something.</li> </ol><p>Although above mentioned methods will help you have a better protection, it won’t necessarily protect you from one of the Cryptolocker variants.</p><p></p><p>In order to prevent cryptolocker virus from activating and therefore start with the encryption of your files here’s what you can do if you are using Windows Professional or Enterprise versions of Microsoft Operating System.</p><p></p><p>Open local policy editor by running gpedit.msc and navigate to:</p><p></p><p>Computer Configuration | Windows Settings | Security Settings | Software Restriction Policies</p><p></p><p>From the action menu or using a right click select “New Software Restriction Policies”</p><p></p><p>Select Additional Rules and in the right pane right click and choose to create a New Path Rule.</p><p></p><p>Now add each of the following rules and set Security Level to “Disallowed“:</p><p></p><p>%AppData%\*.exe</p><p>%AppData%\*\*.exe</p><p>%LocalAppData%\*.exe</p><p>%LocalAppData%\*\*.exe</p><p>%USERPROFILE%\Appdata\*.exe</p><p>%USERPROFILE%\Appdata\*\*.exe</p><p>%USERPROFILE%\Appdata\LocalLow\*.exe</p><p>%USERPROFILE%\Appdata\LocalLow\*\*.exe</p><p></p><p>Once you’re done you should get this result:</p><p></p><p>[ATTACH=full]84273[/ATTACH] </p><p></p><p>Close policy editor and restart your machine.</p><p></p><p>With this policy in place you will prevent starting of executable files from directories that Cryptolocker mostly use.</p><p></p><p>If you work in a corporate environment you can link above created policy to your domain and thus prevent Cryptolocker from running.</p><p><a href="http://www.wincert.net/security/cryptolocker-virus-protection/" target="_blank">Source</a></p></blockquote><p></p>
[QUOTE="Petrovic, post: 481366, member: 7767"] You have probably already heard about very well known type of virus called “Cryptolocker“. Each day you can heard about new variant of Cryptolocker virus and based from my experience I can say that Antivirus vendors just can’t keep up with this kind of threat, because once downloaded Cryptolocker virus changes .exe file names and hashes so it is really hard to track it down. Following recommendations will help you to protect your PC or your network from a Cryptolocker virus. [LIST=1] [*]Do not use non-supported Operating System like Windows XP. Although you’ll be more protected using this guide, even if you use an outdated OS like Windows XP, we strongly recommend you to move forward and upgrade to a newer operating system. Microsoft no longer provides security updates or technical support for Windows XP. [*]Use good Anti-Virus software protection and make sure your virus definitions are up to date. [*]Use a third party Firewall or Windows Firewall. [*]Use Windows User Account Control (UAC) in Admin approval mode. When the system or you initiates an .exe file it will ask you for consent or for a password if you are logged on as a standard user. [*]Always work under Windows standard user account. Let Windows ask you for administrative credentials each time you try to install something. [/LIST] Although above mentioned methods will help you have a better protection, it won’t necessarily protect you from one of the Cryptolocker variants. In order to prevent cryptolocker virus from activating and therefore start with the encryption of your files here’s what you can do if you are using Windows Professional or Enterprise versions of Microsoft Operating System. Open local policy editor by running gpedit.msc and navigate to: Computer Configuration | Windows Settings | Security Settings | Software Restriction Policies From the action menu or using a right click select “New Software Restriction Policies” Select Additional Rules and in the right pane right click and choose to create a New Path Rule. Now add each of the following rules and set Security Level to “Disallowed“: %AppData%\*.exe %AppData%\*\*.exe %LocalAppData%\*.exe %LocalAppData%\*\*.exe %USERPROFILE%\Appdata\*.exe %USERPROFILE%\Appdata\*\*.exe %USERPROFILE%\Appdata\LocalLow\*.exe %USERPROFILE%\Appdata\LocalLow\*\*.exe Once you’re done you should get this result: [ATTACH=full]84273[/ATTACH] Close policy editor and restart your machine. With this policy in place you will prevent starting of executable files from directories that Cryptolocker mostly use. If you work in a corporate environment you can link above created policy to your domain and thus prevent Cryptolocker from running. [URL='http://www.wincert.net/security/cryptolocker-virus-protection/']Source[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top