Page 8 of 8 FirstFirst ... 678
Results 106 to 120 of 120
  1. #106
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,854
    Thanks
    7
    Thanked 63 Times in 52 Posts
    I don't know Clint...
    I just feel better knowing it's not connected...
    "If You Are Reading This In English, Thank A VET"

  2. #107
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,272
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by CLiNT View Post
    Might operating from a limited account with restricted write access prevent this sort of thing from
    infecting other internal drives?
    The Windows Secrets article was clear about that - use of a limited account wouldn't limit the issues that result from this infection. All files that can be accessed by the user under which the computer gets infected, can be encrypted. So, if the user with the limited account can access other internal drives, the encryption can affect such drives, as well.
    Rui
    -------
    R4

  3. #108
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,854
    Thanks
    7
    Thanked 63 Times in 52 Posts
    Well, that settles that ...
    "If You Are Reading This In English, Thank A VET"

  4. #109
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,272
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by Banyarola View Post
    Well, that settles that ...
    Yeah, I guess the power from this nasty is that it limits itself to doing things a user can do, like accessing files. No attempts to change system settings that would trigger stuff like the UAC or security app warnings.
    Rui
    -------
    R4

  5. #110
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,435
    Thanks
    128
    Thanked 495 Times in 455 Posts
    I don't see any mention in the article regarding limited accounts with full WRITE protected drives running afoul of this.
    If these drives are write protected it wouldn't matter if they are simply just opened & viewed, as access to changing them would be restricted.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  6. #111
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,272
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by CLiNT View Post
    I don't see any mention in the article regarding limited accounts with full WRITE protected drives running afoul of this.
    If these drives are write protected it wouldn't matter if they are simply just opened & viewed, as access to changing them would be restricted.
    If the limited user account would have no write access to such files and no permissions to change such access, then those files would be protected from the malware, yes. I guess you'd need to restrict the access rights to external drives to limited accounts.
    Rui
    -------
    R4

  7. #112
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,435
    Thanks
    128
    Thanked 495 Times in 455 Posts
    Yeah, I guess it would be highly dependent on what you use your computer for, for the majority of time you are using it.
    It might be a considerable hassle to switch user accounts if the frequency were high enough.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  8. #113
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,272
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Quote Originally Posted by CLiNT View Post
    Yeah, I guess it would be highly dependent on what you use your computer for, for the majority of time you are using it.
    It might be a considerable hassle to switch user accounts if the frequency were high enough.
    I guess that's precisely why many users don't switch accounts (although likely many users don't even know that is possible).
    Rui
    -------
    R4

  9. #114
    Star Lounger
    Join Date
    May 2012
    Location
    Michigan
    Posts
    88
    Thanks
    40
    Thanked 4 Times in 3 Posts
    GregWH,

    I confess to not working in the trenches. Please tell me how to kill the process. Is this the cryptolocker process? Would MBAM and Norton Antivirus be a good combination?

    Please explain the following: I suppose it depends on variants that may come up in the future but you could either start in Safe mode (may not help if a variant takes that into account) or even use HijackThis to delete the entry for it to begin with after first killing the task then reboot if you feel the need or just proceed on with getting rid of it.

    What is the reason for starting in Safe Mode? Also, just what does ... or even use HijackThis to delete the entry for it to begin with after first killing the task .... mean?

    Thank you for explaining this to me. I didn't grow up with computers and sometimes find them to be mysterious.

    Charles

  10. #115
    New Lounger
    Join Date
    Dec 2009
    Location
    Belo Horizonte, MG, Brazil
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    By the way Criptolocker apparently works, there's no assurance that it will not encrypt all files kept on line with the infected computer. So, for home users, it would mean that you should not let an external HD stay connected after imaging or backing up files, which would mean that automatic backups couldn't be done. Also, that backing up files on a network isn't safe either.

  11. #116
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,435
    Thanks
    128
    Thanked 495 Times in 455 Posts
    It's not good of news for some of us that have 10+ TB worth of internal drives.
    It's too bad there weren't some simple setting or programmable app that would at least warn of a write attempt and allow a stop.
    Last edited by CLiNT; 2013-11-25 at 15:45.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  12. #117
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,743
    Thanks
    67
    Thanked 544 Times in 492 Posts
    By the way Criptolocker apparently works, there's no assurance that it will not encrypt all files kept on line with the infected computer. So, for home users, it would mean that you should not let an external HD stay connected after imaging or backing up files, which would mean that automatic backups couldn't be done. Also, that backing up files on a network isn't safe either
    As I read the way Cryptolocker works, the list of file types that it encrypted didn't include back files like True Image Backups. (.tib files). That's not to say a future variant won't but for now, it seems image backup is one form of protection even if the drive is permanently attached.

    Jerry

  13. #118
    New Lounger
    Join Date
    Dec 2009
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Nice Column, very helpful info. changes implemented.

  14. #119
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Quote Originally Posted by jwitalka View Post
    As I read the way Cryptolocker works, the list of file types that it encrypted didn't include back files like True Image Backups. (.tib files). That's not to say a future variant won't but for now, it seems image backup is one form of protection even if the drive is permanently attached.

    Jerry
    That's right Jerry, but I wouldn't bank on it for ever. These guys surely have it in their capability to attack .tib, .spi, .v2i etc.

    For home use, in addition to local software restriction policies, I'm thinking about building a powershell script to be called before my backups run each night. Hopefully, it will reconnect the USB ports that my backup drives are connected to, then a second script that will disconnect them after the backups have run. I also have a NAS connected via a UNC path that I use for archiving but haven't figured how to prevent it being discovered...even if Crypto Locker can't see it right now.

    For work, backups are offsite.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  15. #120
    New Lounger
    Join Date
    Jun 2010
    Location
    UK
    Posts
    23
    Thanks
    0
    Thanked 4 Times in 3 Posts
    You guys might remember I suggested CryptoPrevent in response to Susan's opening post. Well here's another tool that claims to stop CryptoLocker (and other ransomware) in its tracks. A free prog from SurfRight, 'HitmanPro.Alert' now comes with 'CryptoGuard'. Thus far, it's only included in the latest BETA version, but I think it's pretty robust. I'm running it on several machines alongside various security software and have had no issues with it.

    Go here http://www.surfright.nl/en/cryptoguard for further details and download (just be sure it's the BETA version you download).

  16. The Following User Says Thank You to MrBuckingham For This Useful Post:

    ruirib (2013-12-11)

Page 8 of 8 FirstFirst ... 678

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •