Page 3 of 8 FirstFirst 12345 ... LastLast
Results 31 to 45 of 120
  1. #31
    New Lounger
    Join Date
    Jun 2011
    Posts
    2
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by bobprimak View Post
    Or an Ownership issue. I run into these when trying to access user-owned data files from across partitions or disks or machines.
    If this was a permission or ownership issue then why am I getting "Excel cannot open the file [filename] because the file format or file extension is not valid" message instead of something like you don't have permission to open this file?

  2. #32
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Excel may be programmed to look to its' own error messages, not to those built into the OS. What error do you see when you try opening one in Notepad?

  3. #33
    New Lounger
    Join Date
    Dec 2009
    Location
    Bellaire, Texas
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Encountered this at a client who did not have backups. The version they had asked for payment in one of two forms. Either a Green Dot Moneypak or Bitcoins. The client opted for the Moneypak option and $300 later, their files were decrypted. It was quite a pain however, because many of the encrypted files were in the Recycle Bin and the bin had been emptied. Crypto Locker logs all the files it encrypts in the registry, so as it was doing the decryption, it paused on every file it could not find and I had to click "Ignore" for the process to continue. Ended up having to click it 1,500 times.

  4. #34
    New Lounger
    Join Date
    Dec 2009
    Location
    Bellaire, Texas
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by gregwh View Post
    I have to say that I am astounded at this column. I encountered the same virus/whatever called Cryptolocker about 3 weeks ago. I know it has been out a fair long time. I got rid of it easily in under an hour. Admittedly I work "in the trenches" meaning that I do PC build/repair/delouse as most of my daily job so I do come into contact with viruses on other people's machines OFTEN. Cryptolocker was relatively easy to remove to be honest, using the usual tools and didnt require a real lot of time or effort on my part. As a result, the files that were supposedly to be locked soon, were not locked.

    I suggest to anyone reading my reply who wants to try this out for themselves, infect your own test machine with Cryptolocker, kill the task then use your favourite kill technique first then just run MBAM for a second backup and follow up with a DECENT antivirus such as a trial Sophos or free AVG and it is gone and no need to worry. My personal first line of attack is one that may well kill off your Windows if you dont know what you are doing well enough so I hesitate to mention it here but there are plenty of such programs available on the net without having to mention it so try looking up. Sophos removal tool is good enough to get rid of it. It *IS* important to kill the Cryptolocker task BEFORE doing anything else though. I suppose it depends on variants that may come up in the future but you could either start in Safe mode (may not help if a variant takes that into account) or even use HijackThis to delete the entry for it to begin with after first killing the task then reboot if you feel the need or just proceed on with getting rid of it.

    Also, I realise some of you may tell me I am telling BS. I can only say to you that I am not. If you want to try it yourself, go for it. Like I said, important to kill the task before doing anything else. After that, all is simple with the right removal tools and a follow up MBAM scan then a fillow up DECENT antivirus scan after that.
    I agree that it is fairly easy to remove, and if you have a good backup, you're golden. But the virus does not announce it presence until it encrypts every targeted file it can access and if you don't have a backup, removing the virus puts you at risk of never recovering your data.

  5. #35
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    225
    Thanks
    0
    Thanked 55 Times in 35 Posts
    Quote Originally Posted by gregwh View Post
    I have to say that I am astounded at this column. I encountered the same virus/whatever called Cryptolocker about 3 weeks ago. I know it has been out a fair long time. I got rid of it easily in under an hour. Admittedly I work "in the trenches" meaning that I do PC build/repair/delouse as most of my daily job so I do come into contact with viruses on other people's machines OFTEN. Cryptolocker was relatively easy to remove to be honest, using the usual tools and didnt require a real lot of time or effort on my part. As a result, the files that were supposedly to be locked soon, were not locked.

    I suggest to anyone reading my reply who wants to try this out for themselves, infect your own test machine with Cryptolocker, kill the task then use your favourite kill technique first then just run MBAM for a second backup and follow up with a DECENT antivirus such as a trial Sophos or free AVG and it is gone and no need to worry. My personal first line of attack is one that may well kill off your Windows if you dont know what you are doing well enough so I hesitate to mention it here but there are plenty of such programs available on the net without having to mention it so try looking up. Sophos removal tool is good enough to get rid of it. It *IS* important to kill the Cryptolocker task BEFORE doing anything else though. I suppose it depends on variants that may come up in the future but you could either start in Safe mode (may not help if a variant takes that into account) or even use HijackThis to delete the entry for it to begin with after first killing the task then reboot if you feel the need or just proceed on with getting rid of it.

    Also, I realise some of you may tell me I am telling BS. I can only say to you that I am not. If you want to try it yourself, go for it. Like I said, important to kill the task before doing anything else. After that, all is simple with the right removal tools and a follow up MBAM scan then a fillow up DECENT antivirus scan after that.
    I have been seeing it blow past antivirus as it's been morphing and changing. You can't remove the damage once it's encrypted the files. By the time you've noticed the damage, the damage is already done and files are encrypted. I would not suggest anyone actively attempt to infect themselves to try this out.

    In a small network setting it will seek out mapped drives and encrypt files on the network share as well. This is not trivial, it's impacted many people and firms and has caused hours of clean up.
    Last edited by SusanBradley; 2013-10-24 at 17:03.

  6. #36
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    225
    Thanks
    0
    Thanked 55 Times in 35 Posts
    Quote Originally Posted by JohnReam View Post
    The top of the article Susan's wrote that the #1 way to get this virus is:

    1) Via an email attachment. For example, you receive an email from a shipping company you do business with. Attached to the email is a .zip file. Opening the attachment launches a virus...

    Question: How does the simple act of opening a ZIP file (i.e. the attachment) launch a Virus ????
    The zip file has an embedded exe file. It immediately launches and installs.

  7. #37
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    225
    Thanks
    0
    Thanked 55 Times in 35 Posts
    Quote Originally Posted by Banyarola View Post
    I thought the whole purpose of un-installing JAVA was to prevent these types of attacks...

    Does this mean if JAVA is un-stalled you are still susceptible to this type of attack ???
    Yes. It's primary means of infection are hiding a exe inside a zip file attachment that someone opens up.

  8. #38
    New Lounger
    Join Date
    Dec 2009
    Location
    Pawleys Island, SC, USA
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wonder if the following could be a program which could defeat CyberLocker. My programming skills are too old to write such a program but I be a clever young person could.

    Each person would save a copy of a reasonably short program, e.g. a few kilobytes or longer. If Cyberlocker encrypts files, have this hypothetical program compare the encrypted file with the saved copy and extract the key.

    I realize that encryption is sophisticated these days but most research seems to concentrate on factoring large primes to extract a key. I am not talking about that at all. For example, an ancient encryption scheme, as I recall, was to EOR a file with a key. The result was pretty hard to decipher with brute force but an EOR with the two files would reproduce the key.

    Anyone would understands programs care to tell us whether or not this is hopeless.

    I realize that one has to have a 'backup' of the key file and one may argue that it is better to could on backup than recovery. However, very few of us are perfect on backups and it might be nice to have a way to recover those files that didn't get backed up when Cyberlocker struck.

  9. #39
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Application whitelisting is what all decent HIPS do - many of the commonly known as software firewalls are actually HIPS and they stop this kind of threats. I have been using HIPS for years and only allowed apps can run. This is really what makes me always respond yes when I see questions about software firewalls and their usefulness - they are useful because they will stop these and similar threats -including zero day malware threats.
    Rui
    -------
    R4

  10. The Following User Says Thank You to ruirib For This Useful Post:

    - bill (2013-10-27)

  11. #40
    3 Star Lounger
    Join Date
    Oct 2001
    Location
    Toronto, CANADA.
    Posts
    233
    Thanks
    5
    Thanked 2 Times in 2 Posts
    i use EmsiSoft, and very happy with it.
    they published an article in September about it

    http://blog.emsisoft.com/2013/09/10/....H1mjuYhL.dpbs

  12. #41
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,354
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by danielr2 View Post
    i use EmsiSoft, and very happy with it.
    they published an article in September about it

    http://blog.emsisoft.com/2013/09/10/....H1mjuYhL.dpbs
    I didn't even notice that. The whitelisting app I use is Emsisoft's Online Armor and my AV is Emsisoft AntiMalware, as well. EAM has a behavior blocker that catches some of the behaviors of this specific malware so, using both, there would be two lines of defense to catch it.

    Emsisoft's products are top notch, I can't say it enough .
    Rui
    -------
    R4

  13. #42
    New Lounger
    Join Date
    Oct 2013
    Posts
    21
    Thanks
    1
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by SusanBradley View Post
    The zip file has an embedded exe file. It immediately launches and installs.
    Susan I remain puzzled as to how opening a '.zip' file (whether from an email attachment or elsewhere) can auto-launch an embedded '.exe' file - supposing that '.zip' is the real extension, not that the '.exe' real extension is hidden by Windows settings.

    If I double-click a zip file, or open it from email, it comes up inside 7-Zip (others may have a different program of course or just use Windows default unzipper). The contents of the zip file are extracted to a temporary folder by the application and are then visible in a file listing window for inspection. For a virus to get installed surely you then have to run a listed '.exe' file inside there, if you just open the zip file, look at the contents and then go away you should still be safe IMO?

    I have googled and can't find any examples of .zip files that autorun their contents when opened (though lots of course about self-extracting zip files which however have '.exe' extension). Bottom line is that '.zip' files are not applications so what happens when you open them depends upon the application to which they are passed as a parameter (which may be Windows itself). I can't see that any such applications have an 'autorun' feature but I would certainly like to know about it if they have.

  14. The Following User Says Thank You to Dominicf For This Useful Post:

    BruceR (2013-10-25)

  15. #43
    Lounger
    Join Date
    Dec 2009
    Location
    New Jersey USA
    Posts
    25
    Thanks
    0
    Thanked 3 Times in 2 Posts
    bobprimak - A self-executing ZIP file is a EXE file. As an attachment in Email it's a EXE file. Apparent you havent read up on this!

  16. The Following User Says Thank You to JohnReam For This Useful Post:

    BruceR (2013-10-25)

  17. #44
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,828
    Thanks
    88
    Thanked 347 Times in 312 Posts
    How do you become infected with CryptoLocker

    This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.


    CryptoLocker Ransomware Information Guide and FAQ

    Bruce

  18. #45
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,854
    Thanks
    7
    Thanked 63 Times in 52 Posts
    I keep two backups on internal drives and after reading all this I decided to make an additional image on an external drive and unplug it after it's finished making the image.
    "If You Are Reading This In English, Thank A VET"

Page 3 of 8 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •