Ransomware.....

BrianF · Feb 11, 2016

So my wife's laptop picked up a virus. Some sort of ransom ware. We did a few malware scans, including hijackthis. The pop ups seem to be gone now. Wondering.... fingers crossed..... if there is a way to recover the files or restore them. She was late in manually backing it all up so no dice there.

I am not tech savvy at all when it comes to this sort of stuff. Hoping someone may be able to point us in the right direction.

thanks

3800Series · Feb 11, 2016

If it's already been encrypted then no.

901Memphis · Feb 11, 2016

Time for Dban and a fresh install

3800Series · Feb 11, 2016

It might be good practice for her to run her web browser in a sandbox from now on.

901Memphis · Feb 11, 2016

Out of curiosity how much did they want for your particular ransom? You could always pay it if the files are super important, although that's an awful thing to happen

zzyzzx · Feb 11, 2016

Nothing you can do except make more frequent backups and make your own directory directly off the hard drive to use instead do My Documents

spasm3 · Feb 11, 2016

Originally Posted By: 3800Series
It might be good practice for her to run her web browser in a sandbox from now on.

I'm not that computer savvy, so what does that mean?

Jimmy9190 · Feb 11, 2016

Here is a good article on cryptolocker, how it works, what you can do and what others have done about it, also has a link to a cryptolocker highjack forum and links to other useful tools:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

After you get the computer fixed or buy a new computer if it comes to that you can download HitmanPro.Alert, it's a free program that runs in the background and prevents browser highjacks, warns of intrusions on startup and also contains a free cryptoguard app that blocks ransomware from executing.

You can also go into your control panel, under the remote tab and disable remote access to your computer. That should also help block cryptolocker. And always back up and save important files on an external drive or at least on a flash drive.

spasm3 · Feb 11, 2016

Do programs such as norton prevent browser hijackers?

FastGame · Feb 11, 2016

If you didn't delete the files or reinstall the OS then run Unhide and files will be back. http://www.bleepingcomputer.com/download/unhide/

Use Bitdefender Traffic Light in your browser. http://www.bitdefender.com/solutions/trafficlight.html

gathermewool · Feb 11, 2016

Any idea how she was infected?

Vern_in_IL · Feb 11, 2016

Originally Posted By: gathermewool
Any idea how she was infected?

Usually happens with outdated software(Java/flash)

I got the nice FBI ransom-ware, [censored] that scared me, lol. At the time I had no clue, and thought it was official.

Jimmy9190 · Feb 11, 2016

Originally Posted By: spasm3
Do programs such as norton prevent browser hijackers?

I don't know about Norton. I would think Norton and all the other big name AV's have highjack protection. I use Panda Free AV and their support forum says Panda prevents highjacks. I use HitmanPro.Alert too.

Noey · Feb 11, 2016

Originally Posted By: Jimmy9190
Here is a good article on cryptolocker, how it works, what you can do and what others have done about it, also has a link to a cryptolocker highjack forum and links to other useful tools:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

After you get the computer fixed or buy a new computer if it comes to that you can download HitmanPro.Alert, it's a free program that runs in the background and prevents browser highjacks, warns of intrusions on startup and also contains a free cryptoguard app that blocks ransomware from executing.

You can also go into your control panel, under the remote tab and disable remote access to your computer. That should also help block cryptolocker. And always back up and save important files on an external drive or at least on a flash drive.

Jimmy, thanks so much, this is really helpful.

HitmanPro.Alert is apparently free for 30 day trial, could you share the free download?

Jimmy9190 · Feb 11, 2016

Originally Posted By: Noey
Originally Posted By: Jimmy9190
Here is a good article on cryptolocker, how it works, what you can do and what others have done about it, also has a link to a cryptolocker highjack forum and links to other useful tools:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

After you get the computer fixed or buy a new computer if it comes to that you can download HitmanPro.Alert, it's a free program that runs in the background and prevents browser highjacks, warns of intrusions on startup and also contains a free cryptoguard app that blocks ransomware from executing.

You can also go into your control panel, under the remote tab and disable remote access to your computer. That should also help block cryptolocker. And always back up and save important files on an external drive or at least on a flash drive.

Jimmy, thanks so much, this is really helpful.

HitmanPro.Alert is apparently free for 30 day trial, could you share the free download?

Here you go, more info on the download page:

http://www.surfright.nl/en/alert

The free HitmanPro.Alert is about halfway down this page:

http://www.surfright.nl/en/downloads/

Noey · Feb 11, 2016

Thanks, Jimmy..I hate to sound blonde, but which one is it and how is it different than the one they want a subscription for?

Jimmy9190 · Feb 11, 2016

3.1 should be the free version. I think the main difference between free and paid is paid has more features. Free version blocks exploits and cryptolocker which is good enough for me.

3800Series · Feb 12, 2016

Originally Posted By: spasm3
Originally Posted By: 3800Series
It might be good practice for her to run her web browser in a sandbox from now on.

I'm not that computer savvy, so what does that mean?

It runs any program you put in it on a virtually drive so in case of a virus you are able to delete the virtual drive in a single click and everything in it. Its basically just acting as it's the real hard drive and anything that come in contact with the sandbox can not effect the PC.

It a good practice for people tho to use. Its just one of those things where it only helps if your using it while you get the virus or malware.

There is videos online where people have downloaded 200+ virus's and installed them in the sandbox. Once they had the deleted the sandbox and ran multiple AV software and no virus's where found.

I've used Sandboxie in the past it's a decent program that has a free version as well. I've moved to a full system sandbox tho as the grandkids like to play on my PC and I don't have to worry about them causing any damage or downloading anything.

SrDriver · Feb 12, 2016

I have had good results when running Windows using the paid version of Malwarebytes.

Bitdefender makes a great anti-virus program. Between the 2 that offers good protection.

gathermewool · Feb 12, 2016

Originally Posted By: Vern_in_IL
Originally Posted By: gathermewool
Any idea how she was infected?

Usually happens with outdated software(Java/flash)

I got the nice FBI ransom-ware, [censored] that scared me, lol. At the time I had no clue, and thought it was official.

I've seen that "FBI" redirect a few times, where it won't let you X out of the browser window, nor can you close the browser, making it SEEM as if the only option is to click on something on that page.

Solution: open task manager and end all instances of the browser tasks. This has usually happened when I clicked on some link to a stupid webpage with more adds and other things than content (i.e., clickbait)

Ransomware.....

BrianF

3800Series

901Memphis

3800Series

901Memphis

zzyzzx

spasm3

Jimmy9190

spasm3

FastGame

gathermewool

Site Donor 2023

Vern_in_IL

Jimmy9190

Noey

Jimmy9190

Noey

Jimmy9190

3800Series

SrDriver

gathermewool

Site Donor 2023

Similar threads