The Future of Malware is here – CryptoLocker

[rebel4life]

only firewall or antimalware software out there that can detect and prevent is EAM 8.0 or Online Armor 7.0 both came out after crytolocker was sent free to destroy just my 2 cents worth

 

[ZeroDay]

only firewall or antimalware software out there that can detect and prevent is EAM 8.0 or Online Armor 7.0 both came out after crytolocker was sent free to destroy just my 2 cents worth

Doesn't CIS protect against this?

 

[rebel4life]

i guess any security software that did an upgrade or update after cryptolocker came out but ask some of the others here about it. i dont want to mislead anyone here just got an email from Emsisoft tell me about their products ok

 

[Littlebits]

I really don't understand the importance of a products to protect against CryptoLocker.

Several ways to protect your system from this kind of malware:

Simple ways:
1. User actions- don't download or run files from unknown sources.
2. UAC- if you pay attention to UAC notifications and deny suspicious actions, that kind of malware will be blocked.
3. Windows own run warnings when running files without digital certificates.
4. SmartScreen notifications about suspicious files- just don't download or run them when notified.

Advanced ways:
1. Use security products with HIPS- like Comodo, Privatefirewall, Malware Defender or Online Armor.
2. Use Sandboxie or BufferZone Pro in real-time for all web applications.

Malware like CryptoLocker are for fools, if you are fooled into downloading and running malicious files then there is no hope for you.

Thanks.

 

[rebel4life]

cryptolocker is an ramsonware trojan the infected machine sees a page that says in order to get your machine back or control of it you have to pay some money its not a tool its really bad if you get it and hard to removal too

 

[Gnosis]

Sandboxie, in conjunction with wise downloading discipline, keeps me secure.

If either of those fail, I have a wicked behavior blocker that is customized to be extremely paranoid, so I don't have to.

Littlebits states the gist:

Malware like CryptoLocker are for fools, if you are fooled into downloading and running malicious files then there is no hope for you.

 

[Prorootect]

Yes, I had this page jumping in front of my eyes on my Windows screen, of crypto locker ransomware trojan .. 'Your personal files are encrypted' bla bla bla .. - because I clicked on nice wallpaper image in Google Images search.

And I'm safe always.

Thanks to my softwares on demand only.

Thanks to ex. ProcNetMonitor: http://securityxploded.com/procnetmonitor.php - in which I click to kill all browser processes, one by one, without mercy. Very easy, because these browser processes are at the top in the ProcNetMonitor. So I click on the 'Kill process' button, that's easy.

- If you pay attention to do NOT click on this horrible ransom page, you're saved .. if you kill this virus page, by killing your browser process (processes).

 

[rebel4life]

how do you use this ProcNetMonitor software

 

[I'm Me]

I click to kill all browser processes, one by one, without mercy. Very easy, because these browser processes are at the top in the ProcNetMonitor. So I click on the 'Kill process' button, that's easy.

Could I accomplish the same thing by just immediately shutting down my computer?

 

[Littlebits]

I click to kill all browser processes, one by one, without mercy. Very easy, because these browser processes are at the top in the ProcNetMonitor. So I click on the 'Kill process' button, that's easy.

Could I accomplish the same thing by just immediately shutting down my computer?

You can accomplish the same by reading this post.

Enjoy!!

 

[jenniferatemple]

Correct me if I am wrong here. One is safe if they download direct from original vendors and do NOT open mailed links. Isn't it that simple?! Google tells you if the down load is from a known or in house source, so avoid all that are clearly 3rd party, right? Safe, Right? No CryptoLoc, Right?

 

[jenniferatemple]

I have Malwarbytes pro and the adverts say it will catch these Trojans and have them in quarantine before any damage can be done. 1st, is this true. Then if it is true, why is the free version not built the same way?

 

[aztony]

I have Malwarbytes pro and the adverts say it will catch these Trojans and have them in quarantine before any damage can be done. 1st, is this true. Then if it is true, why is the free version not built the same way?

The pro version has an active scanner, whereas the free version is on demand only.

 

[jenniferatemple]

I have Malwarbytes pro and the adverts say it will catch these Trojans and have them in quarantine before any damage can be done. 1st, is this true. Then if it is true, why is the free version not built the same way?

The pro version has an active scanner, whereas the free version is on demand only.

SO IT WILL CATCH THE SOB? RIGHT?

 

[Littlebits]

CryptoLocker and most malware alike are spread by fake alert sites like fake Windows Updates, fake flash player, fake codec packs, fake browser updates, fake malware scan pages, fake Java updates, etc.

These sites usually are made to resemble legitimate sites with spelling errors because users will be redirected to them. Other ways to download infected files are scam links in your email, IM or chat, Facebook, Twitter, online ads or any other sites that are not associated with hosting safe files.

Trusted vendor websites, Softpedia, MajorGeeks, SnapFiles, DownloadCrew, Betanews, FileHippo and Filepuma are some of the safe places to download files.

Even on trusted vendor sites and safe download site you can get safe adware but nothing like CryptoLocker. Always read EULA and opt-out of included adware.

Enjoy!!

 

[I'm Me]

Prorootect said: Yes, I had this page jumping in front of my eyes on my Windows screen, of crypto locker ransomware trojan .. 'Your personal files are encrypted' bla bla bla .. - because I clicked on nice wallpaper image in Google Images search.

He didn't say he downloaded anything so I got the impression that the trojan was activated by a simple click. Is this incorrect?

I click to kill all browser processes, one by one, without mercy. Very easy, because these browser processes are at the top in the ProcNetMonitor. So I click on the 'Kill process' button, that's easy.

Could I accomplish the same thing by just immediately shutting down my computer?

You can accomplish the same by reading this post.

Enjoy!!

 

[Littlebits]

He didn't say he downloaded anything so I got the impression that the trojan was activated by a simple click. Is this incorrect?

This is very highly unlikely that just clicking on an image started the infection, he probably clicked on an fake image which was really an infected executable file and was embarrassed by his ignorance.

For example; if using Internet Explorer and you find a fake image file it will appear as "TigerWallpaper.jpg.exe" if the show hidden extensions is set on Windows Explorer then all the user will see is "TigerWallpaper.jpg" IE will ask if you want to "save" the file or "run" the file. If the user chose to "Run" the file it will start the execution of the infection. In doubt you should always choose to save the file, open location and then scan it.

Of coarse on Windows 8, the smartscreen would have notified the user about running a suspicious executable file.

Thanks.

 

[I'm Me]

That makes sense, Littlebits. Thank you.

I do have "show hidden extensions" enabled on my computer and though Firefox is my main browser, I do normally save my downloads first and scan them with Virus Total.

 

[Prorootect]

Quote:
'He didn't say he downloaded anything so I got the impression that the trojan was activated by a simple click. Is this incorrect?'



Nice thumbnail which leads to malicious page 'you're encrypted bla bla bla' in Google Images Search (the name of this thumb is original):
imagesCA3D6DWO.jpg

I clicked first: on this nice thumbnail in Google Image Search, which leaded me to trapped destination page and this same, but bigger Google pop-up image. Nothing happens.

But, after click on this bigger image pop-up from the trapped destination page, the crypto locker ransom virus page jumped before my eyes.

- then I do NOT clicked on this ransom page - but killed browser processes with ProcNetMonitor.
So malicious ransom virus page disappeared, other browser page disappeared too of course.

--------------------------------------

Sorry for my English .. is my description comprehensible now?

 

[Littlebits]

Quote:
'He didn't say he downloaded anything so I got the impression that the trojan was activated by a simple click. Is this incorrect?'



Nice thumbnail which leads to malicious page 'you're encrypted bla bla bla' in Google Images Search (the name of this thumb is original):
imagesCA3D6DWO.jpg

I clicked first: on this nice thumbnail in Google Image Search, which leaded me to trapped destination page and this same, but bigger Google pop-up image. Nothing happens.

But, after click on this bigger image pop-up from the trapped destination page, the crypto locker ransom virus page jumped before my eyes.

- then I do NOT clicked on this ransom page - but killed browser processes with ProcNetMonitor.
So malicious ransom virus page disappeared, other browser page disappeared too of course.

--------------------------------------

Sorry for my English .. is my description comprehensible now?

Could you give me the direct link to this website and search result on Google? add hXXp:// to the prefix because someone can not just click on it.

Unless he was using out-dated browser and add-ons, he would have to download a file from the ransonware page in order to get infected, just visiting the page should not result in getting an infection.

I'm thinking he must have downloaded a file thinking it was an image but was really an infected executable file.

Thanks.