Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 10-27-2013, 09:35 AM   #21
Thinks s/he gets paid by the post
 
Join Date: Sep 2012
Location: Seattle
Posts: 2,906
I really don't understand why you can't have the registry and startup sections locked on your computer in such a way that it requires a password before files can be written or changed there.

All of these viruses put stuff in the registry and startup sections.

Maybe this would be a good business product?
__________________

__________________
Fermion is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-27-2013, 02:55 PM   #22
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
Quote:
Originally Posted by rbmrtn View Post
Sounds a lot like the FBI moneypack virus. Cleaning one today for a friend.
I've used Norton Power Eraser to get rid of the moneypack virus a couple of times.
__________________

__________________
martyb is offline   Reply With Quote
Old 11-17-2013, 12:36 PM   #23
Full time employment: Posting here.
 
Join Date: Dec 2010
Posts: 572
Does the computer get infected automatically if you click on an email link or you have to run and install the exe program? I delete anything with an unknown exe program, but if the computer get infected just by calling up the email, it is much trickier to avoid infection.
__________________
bondi688 is offline   Reply With Quote
Old 11-17-2013, 02:08 PM   #24
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,897
Well, believe or not, at least there is customer service from the crooks :

Quote:
Within the past few days, the criminal gang behind CryptoLocker created a site for people who need help making their required extortion payments.


Source: CryptoLocker
"These guys have some big cojones," said security expert Brian Krebs, who writes the KrebsOnSecurity blog.

The CryptoLocker Decryption Service enables victims to check the status of their "order" (the ransom payment) and complete the transaction. Yes, you are reading this correctly!
CryptoLocker crooks launch 'customer service' site
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 11-17-2013, 02:23 PM   #25
Full time employment: Posting here.
bjorn2bwild's Avatar
 
Join Date: Mar 2013
Location: Western US
Posts: 690
My solution to any malware attack is to keep a regularly updated clone of my hard drive.
No matter what happens to my computer, I can have a fresh drive in just a few minutes. Problem solved.
__________________
How's it going to end..............
bjorn2bwild is offline   Reply With Quote
Old 11-17-2013, 02:33 PM   #26
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,141
Quote:
Originally Posted by bondi688 View Post
Does the computer get infected automatically if you click on an email link or you have to run and install the exe program? I delete anything with an unknown exe program, but if the computer get infected just by calling up the email, it is much trickier to avoid infection.
You have to click on the attachment, which in this scam looks like a pdf file as they name it xxxx.pdf, but it is actually xxxx.pdf.exe. (Windows hides all file extensions but allows file names to contain periods)
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 11-17-2013, 02:45 PM   #27
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by bjorn2bwild View Post
My solution to any malware attack is to keep a regularly updated clone of my hard drive.
No matter what happens to my computer, I can have a fresh drive in just a few minutes. Problem solved.
What if the malware is installed but does not activate immediately? Are you still protected?

What is the best technique for cloning? I do a Windows 7 backup (creates and updates an image file) every week.
__________________
Lsbcal is online now   Reply With Quote
Old 11-17-2013, 05:09 PM   #28
Full time employment: Posting here.
bjorn2bwild's Avatar
 
Join Date: Mar 2013
Location: Western US
Posts: 690
Quote:
Originally Posted by Lsbcal View Post
What if the malware is installed but does not activate immediately? Are you still protected?

What is the best technique for cloning? I do a Windows 7 backup (creates and updates an image file) every week.
I am always protected in the sense that what ever happens to the hard drive I am using, I can get a fresh unadulterated copy in just a few minutes. If the malware goes unnoticed, then I would be as vulnerable as anyone at that point.

A computer is just a tool to me, so my approach is more mechanical than technical. On my desktop I leave the side cover off for easy access to the HD(s). On my laptop I use a USB/HD cable adapter and StarTech SATA22PEXT cable extender (optional) for easy access.
I prefer Acronis true image software for cloning at the pre-boot level.
__________________
How's it going to end..............
bjorn2bwild is offline   Reply With Quote
Old 11-17-2013, 05:45 PM   #29
Full time employment: Posting here.
 
Join Date: Dec 2010
Posts: 572
Quote:
Originally Posted by Alan View Post
You have to click on the attachment, which in this scam looks like a pdf file as they name it xxxx.pdf, but it is actually xxxx.pdf.exe. (Windows hides all file extensions but allows file names to contain periods)
Thanks. Window always asks whether you know the source and confirms you want to run and install any new exe program even after you had click to open it. So does that mean you have another chance to recognize it is a pdf.exe file and not just a harmless pdf document?
__________________
bondi688 is offline   Reply With Quote
Old 11-17-2013, 06:01 PM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by bjorn2bwild View Post
...(snip)...
I prefer Acronis true image software for cloning at the pre-boot level.
Thanks for your answer. I have heard Acronis mentioned a long time ago. I'm unclear what advantage it would have over regular backups on a Windows 7 system using the built in Microsoft backup utility.

I also do just straightforward copies of my critical folders for really easy (and easily checkable) restores of working files. For me this is just 2GB of data, so it's fast even to a memory stick.

I'm always wondering if I've overlooked something. A bit paranoid.
__________________
Lsbcal is online now   Reply With Quote
Old 11-17-2013, 07:18 PM   #31
Full time employment: Posting here.
bjorn2bwild's Avatar
 
Join Date: Mar 2013
Location: Western US
Posts: 690
Quote:
Originally Posted by Lsbcal View Post
Thanks for your answer. I have heard Acronis mentioned a long time ago. I'm unclear what advantage it would have over regular backups on a Windows 7 system using the built in Microsoft backup utility.
I also do quick backups to a flash drive.
The big difference with cloning is you are creating an exact bootable copy of the source HD.
In the case of an attack that holds your HD hostage like Cryptolocker or something worse, yes you have your data but what now?

With easy access to the HD I can create as many "computers" as I like. For example, on my workhorse desktop I have several iterations of Windows XP, Win 8, Win 8.1, and Xumbutu for fun.
__________________
How's it going to end..............
bjorn2bwild is offline   Reply With Quote
Old 11-17-2013, 07:33 PM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,897
I create a clone of my HD with a clean system

Also, I make a habit of backing up my data on a secondary internal drive.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 11-17-2013, 07:52 PM   #33
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
This thing is nasty and it attacks in a some what different approach. It doesn't attack the system which what most protection is geared to. It also doesn't need admin rights since it is attacking the specific user data files. Once encrypted the files all for all purpose deleted.

One approach is to whitelist, prevent exe file from running in certain location. This thing is known to run from %APPDATA% ( common location for many infections ). You can use GPO to create a restriction rule to prevent exe files running from there.

Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies

Set the security level to Disallowed, Allow these in "Additional Rules" (see attached), and you're 90% done. You'll just add any application paths outside of Program Files that you might need (network locations, etc.).

There is some discussion on this from this thread

Cryptolocker Hijack program - Page 26 - General Security
__________________
rbmrtn is offline   Reply With Quote
Old 11-18-2013, 08:58 AM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by bjorn2bwild View Post
I also do quick backups to a flash drive.
The big difference with cloning is you are creating an exact bootable copy of the source HD.
In the case of an attack that holds your HD hostage like Cryptolocker or something worse, yes you have your data but what now?
...
I'm thinking that in my case I would do a restore from the backups which include an image backup. I've never actually had to try this out but it is apparently the basics that this backup software was designed for, nothing exotic. The original article I linked to says:
Quote:
As noted in a Reddit comment, CryptoLocker goes after dozens of file types such as .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd, .raw, and .pdf.
...
There are no patches to undo CryptoLocker and, as yet, there’s no clean-up tool — the only sure way to get your files back is to restore them from a backup.
...
Ensure you keep complete and recent backups of your system. Making an image backup once or twice a year isn’t much protection. Given the size of today’s hard drives on standalone PCs, an external USB hard drive is still your best backup option.
__________________
Lsbcal is online now   Reply With Quote
Old 11-18-2013, 10:34 AM   #35
Full time employment: Posting here.
 
Join Date: Sep 2012
Location: San Jose
Posts: 607
Quote:
Originally Posted by easysurfer View Post
Well, believe or not, at least there is customer service from the crooks :



CryptoLocker crooks launch 'customer service' site
You know what's sad? If their customer service ended up being more responsive than most of the other web sites out there.

Made me remember to back up my files, which I haven't done in a long time.
__________________
LoneAspen is offline   Reply With Quote
Old 11-18-2013, 10:54 AM   #36
Full time employment: Posting here.
bjorn2bwild's Avatar
 
Join Date: Mar 2013
Location: Western US
Posts: 690
Quote:
Originally Posted by Lsbcal View Post
I'm thinking that in my case I would do a restore from the backups which include an image backup. I've never actually had to try this out but it is apparently the basics that this backup software was designed for, nothing exotic. The original article I linked to says:
I use cloning in lieu of Windows 7 backup utility, so I can't advise on the methodology/time frame of doing a full restore from scratch - I would not trust a HD that has been compromised. Cloning works with all of my different OS's making it the logical solution for me.
__________________
How's it going to end..............
bjorn2bwild is offline   Reply With Quote
Old 11-18-2013, 12:28 PM   #37
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,709
I can see a place for drive imaging, but at less frequency than data file backup. Drive imaging protects against extensive catastrophe. Data file backups can help you restore a limited amount of data in a shorter period. I'd feel much better with different approaches to backup.
__________________
target2019 is offline   Reply With Quote
Old 11-18-2013, 01:53 PM   #38
Full time employment: Posting here.
misanman's Avatar
 
Join Date: Apr 2008
Posts: 536
I use Acronis True Image to do disk image backups to a second disk. I do a full image backup on the weekend and then six incremental backups during the week.

This came in handy last summer when the main disk came up with a major failure. I ordered a replacement drive for overnight delivery, restored from the latest backup, and was back up in running with little or no data loss and all my applications in less than 24 hours.

I'm a bit concerned that I'm potentially exposed to CryptoLocker because my backup disk is internal, but I've implemented the group policy changes that are suppose to help prevent CryptoLocker from executing.
__________________
"The best thing about the future is that it happens one day at a time." -- A. Lincoln
misanman is online now   Reply With Quote
Old 11-18-2013, 03:52 PM   #39
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 16,571
Quote:
Originally Posted by rbmrtn View Post
This thing is nasty and it attacks in a some what different approach. It doesn't attack the system which what most protection is geared to. It also doesn't need admin rights since it is attacking the specific user data files. Once encrypted the files all for all purpose deleted.
Like most of you I keep backups on two external drives, alternated weekly and disconnected when not in use.

While I haven't worked in that field for over a decade I'm still on a computer forensics list serve (they allow retirees to retain membership) and from what I've read there this is the real deal. The decryption key is not stored on the user's computer.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 11-18-2013, 04:29 PM   #40
Full time employment: Posting here.
 
Join Date: Dec 2010
Posts: 572
Quote:
Originally Posted by Walt34 View Post
Like most of you I keep backups on two external drives, alternated weekly and disconnected when not in use.

While I haven't worked in that field for over a decade I'm still on a computer forensics list serve (they allow retirees to retain membership) and from what
I've read there this is the real deal.
What got me going was the story in the Boston Area media, about the computers from a police department near Boston got infected, and despite calling in IT experts, including those from the FBI, they cannot recover the files, and the police department ended up paying the ransom of $750.
__________________

__________________
bondi688 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 12:15 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.