Page 1 of 6 123 ... LastLast
Results 1 to 15 of 89
  1. #1
    4 Star Lounger
    Join Date
    Jul 2012
    Posts
    412
    Thanks
    232
    Thanked 27 Times in 26 Posts

    In view of serious malicious programs

    In view of serious malicious programs such as CryptoLocker, Ransomwares and who knows how many others. I like to consider the following ideas for the folks I help plus apply to myself but Iíd appreciate comments on them especially if something doesnít make sense. Please know that I help volunteers at a non-profit organization I volunteer at and I am just a cmptrgy and those folks are just ordinary computers users

    If their system gets seriously infected especially by CryptoLocker, Ransomwares, and who knows how many others - instead of paying someone to allow you to regain access to your computer and your data, spend the money on either one of these two ways
    --- Wipe the hard drive clean and reinstall the complete system from an external USB hard drive
    --- If the hard drive cannot be wiped clean, purchase a replacement hard drive and reinstall the complete system from the external USB hard drive. Why pay crooks that take advantage of doing what they are doing?
    ------ What I still donít know yet is whether or not the make/model & size of the replacement makes a difference
    --- Myself I have an external USB hard drive on which my have my Windows 7 complete system backed up on it

    Record the COA sticker information and keep that info on file
    --- If/when those numbers get worn out it will be problem if those numbers need to be known when a problem occurs
    --- Make sure the 25-character product id number for the OS is known
    Create a disc to return the system back to original factory conditions
    --- This should usually be done from the built in factory restore drive in the computer
    --- The reason is that if other recovery methods are not implemented or fail for some reason the factory restore disc will come in handy
    --- Although bloatware is included in this option, at least the computer will be recoverable
    --- Download and burn drivers for the computer onto CD-Rís, DCD-Rís etc; whatever CDís the system allows for
    Get the system/utility discs from the manufacturer for their make/model
    --- I donít know many people who get these when they buy their computer and I havenít met anyone whoís willing to do so because of the cost
    --- However such discs are easily identifiable since they are branded according to the manufacturers design
    --- But if the factory restore discs are created to return the system back to original factory conditions, this part isnít necessary
    ===
    Create a system repair disk
    --- Iím under the impression that a system repair disk does not include the capability to restore the computers back to original factor conditions
    ===
    Store application discs if they have them and know their 25-character product id number
    --- If there arenít any application discs at least know the applications 25-character product id number
    ===
    Copy/paste their data onto external media preferably a USB hard drive
    --- The purpose behind the copy/paste idea is that itís easy if a file needs to be found and brought back into use for whatever reason
    --- Unfortunately this could be more than a challenge for the average computer user
    --- Myself I use a batch file to copy and paste my data from my Windows 7 laptop onto a USB flash drive and also onto a standalone Windows XP computer so I have my data in 3 different places but the average computer user is not going to take the time and/or have the patience to do so

  2. The Following User Says Thank You to cmptrgy For This Useful Post:

    paulbyr (2013-11-30)

  3. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,484
    Thanks
    130
    Thanked 499 Times in 459 Posts
    Implement an imaging based restoration regimen for all those infections that cannot be easily identified and fixed
    with 100% certainty of zero compromise
    .
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  4. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,409
    Thanks
    208
    Thanked 834 Times in 767 Posts
    Cmptgy,

    Why all of that?

    Just use drive imaging and do images on a regular basis.
    Make sure you create the boot media for the imaging program you use.

    With those two steps you have pretty much a 100% recovery from any virus in a matter of under 2 hours and your machine will be back exactly the way you left it the last time you took an image.

    Of course an even more regular file backup of your Documents folder will insure you don't loose any important data files.

    You don't even have to invest a lot of money as there are great free programs like Macrium Reflect and EaseUS ToDo Backup. You just need to buy a USB attached HD which can be had for < $100 that will hold several generations of images.

    Imaging isn't hard it just takes a little learning and practice.

    Check out the posts in the Maintenance thread. HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  5. The Following User Says Thank You to RetiredGeek For This Useful Post:

    paulbyr (2013-11-30)

  6. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    X3 on drive Imaging. Just look at Clint and my signatures. It takes roughly 10 to 15 minutes to restore an Image. During the restoration the HD is formatted prior to the Image being restored.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,363
    Thanks
    130
    Thanked 1,163 Times in 1,070 Posts
    To me, there are multiple things you need to do:

    1. Backup system and data on-site and off-site
    This includes imaging as the base strategy. Use more than 1 disk, rotate them.
    Keep one disk off-site OR use cloud based backup, at the very least, for documents and important files.

    2. Get a decent, multi-layer anti-malware protection
    This involves getting more than 1 live app protecting your system, to minimize the chances of anything passing through. At least one of these apps should provide non blacklist based protection, that performs decently on antimalware comparatives. I strongly recommend one of these apps, at least, be a HIPS.
    Rui
    -------
    R4

  8. #6
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,133
    Thanks
    12
    Thanked 248 Times in 241 Posts
    I would only add that you can combine all your ideas into one singular master plan. Even if you don't intend to image regularly or know that someone you are helping won't maintain such a strategy, make one master image that would include all drivers and programs, preferably after cleaning up the bloatware. That covers all your recovery scenarios except for data.

    In the event of something like Cryptovirus, data affected is not recoverable even if the virus is removed or can only be recovered if the ransom is paid and the black hat follows through with providing the decryption key. Only regular data imaging or one to one backups to destinations that are only attached to the backup source during the backup will be able thwart the pitfalls of an encryption virus.

  9. #7
    4 Star Lounger
    Join Date
    Jul 2012
    Posts
    412
    Thanks
    232
    Thanked 27 Times in 26 Posts
    Thanks for all the excellent feedback
    As for me I simply maintain a system image onto an external hard drive on a monthly basis following Patch Tuesdays and use a batch file to copy/paste my daily working files onto a USB flash drive and then copy/paste them onto my standalone XP computer with its own batch file

    On my long list I presented I think I'll use it as a checklist when I help the people.
    --- Naturally I do not cover everything with them but just me keep in tune on what I'm checking out
    --- Most of the people I help don't want to spend the few dollars on an external hard drive or don't want to bother even if the cost isn't an issue
    --- So what I've been doing is at least create a factory system restore disc for them as it's simple to do
    --- Last year one of my friend's computer crashed, he had no idea of where the disc was that I told him to save and he payed the price for it; but at least he finally realized that he should have listened to me

    I have cleaned out computers with too many infections due to just sloppy or no maintenance/protections
    So it just came to mind that if I run into someone with Cryptolocker or some very serious infection, why pay the bad guys; instead get a new hard drive and move on from there following up with much better recovery options than just a system restore disc
    --- Well another idea just came to my mind: if someone does run into a cryptolocker or ransomeware infection; is it worthwhile reporting it?
    --- I believe I would consider it

  10. #8
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,133
    Thanks
    12
    Thanked 248 Times in 241 Posts
    Quote Originally Posted by cmptrgy View Post
    --- So what I've been doing is at least create a factory system restore disc for them as it's simple to do
    --- Last year one of my friend's computer crashed, he had no idea of where the disc was that I told him to save and he payed the price for it; but at least he finally realized that he should have listened to me

    I have cleaned out computers with too many infections due to just sloppy or no maintenance/protections
    So it just came to mind that if I run into someone with Cryptolocker or some very serious infection, why pay the bad guys; instead get a new hard drive and move on from there following up with much better recovery options than just a system restore disc
    --- Well another idea just came to my mind: if someone does run into a cryptolocker or ransomeware infection; is it worthwhile reporting it?
    --- I believe I would consider it
    Probably only worth reporting if you encounter what you think is a little-reported or new variant.

    CryptoLocker is a special variant of the ransomware type viruses, if you get a system already infected OS/system recovery to the same drive or new drive is inconsequential because the data is encrypted and will be lost regardless of any action taken other than having an unaffected data backup which cannot be attached to the system at the time of infection or that data will also be encrypted.

    For any other type of infection recovery disc is fine, just wipe out the virus, though I would personally make a recovery image (which can also be burned to discs) for anyone if their current system is clean and fast operationally and tell them to guard that instead of a factory restore disc (keep that too though if made).

    Also, I have to believe, due to the effectiveness of the ransom in the case of a CryptoLocker type infection, all and new ransomware is being actively altered to take the same actions as CryptoLocker. In other words, I don't see this pressure to be prepared for such a category of virus to get anything but much more paramount, and that means restore images and new drives just aren't going to cut it in those cases unless the user is prepared to start over without affected data.

    That's why why the only thing, and I mean the only thing that will let a user recover from an encryption virus infection without paying the ransom is to have unaffected backups of the data.

  11. #9
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,409
    Thanks
    208
    Thanked 834 Times in 767 Posts
    F.U.N.

    Couldn't have said it any better!
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  12. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,363
    Thanks
    130
    Thanked 1,163 Times in 1,070 Posts
    I see backups as the last line of defense. You need them, but you also need to check your active defenses. There are decent AV and antimalware programs that protect against this and any ransomware, out of the box. Just get one of those. Rely on classic, blacklist based AVs and you will always be vulnerable to this and zero day threats.
    Rui
    -------
    R4

  13. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Sydney NSW Australia
    Posts
    3
    Thanks
    0
    Thanked 1 Time in 1 Post
    All the above are great but how about preventing CyberLocker from installing itself. I obtained the following:-

    Wowzer – I just did some research on CryptoLocker, and that is one nasty little virus. I haven’t seen Ransomware being distributed so profusely and professionally before like that

    Run a nifty little tool to set it up for you automatically on your computer.


    More Info: http://krebsonsecurity.com/2013/11/h...er-ransomware/
    http://www.bleepingcomputer.com/viru...re-information

    OR http://partners.lazybear.com.au/cryptoprevent/ which I went for

    Please Note: This is the free version of the tool – they also have a paid version for $15 (links down the bottom of the page) that includes an auto update function as well. For the measly $15 asked I went for he PRO version

    There’s also a IT Service Provider version that allows us to distribute unlimited versions (branded under your name) of the auto updating edition

  14. The Following User Says Thank You to nosevi For This Useful Post:

    speedball (2014-04-03)

  15. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,363
    Thanks
    130
    Thanked 1,163 Times in 1,070 Posts
    Quote Originally Posted by nosevi View Post
    All the above are great but how about preventing CyberLocker from installing itself. I obtained the following:-

    Wowzer – I just did some research on CryptoLocker, and that is one nasty little virus. I haven’t seen Ransomware being distributed so profusely and professionally before like that

    Run a nifty little tool to set it up for you automatically on your computer.


    More Info: http://krebsonsecurity.com/2013/11/h...er-ransomware/
    http://www.bleepingcomputer.com/viru...re-information

    OR http://partners.lazybear.com.au/cryptoprevent/ which I went for

    Please Note: This is the free version of the tool – they also have a paid version for $15 (links down the bottom of the page) that includes an auto update function as well. For the measly $15 asked I went for he PRO version

    There’s also a IT Service Provider version that allows us to distribute unlimited versions (branded under your name) of the auto updating edition
    Why run a tool that will prevent a specific version of malware, when you can run an AV or a firewall that will prevent all such threats? Sorry, I can't understand it.
    Rui
    -------
    R4

  16. #13
    New Lounger
    Join Date
    Jun 2010
    Location
    London,UK
    Posts
    3
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by ruirib View Post
    Why run a tool that will prevent a specific version of malware, when you can run an AV or a firewall that will prevent all such threats? Sorry, I can't understand it.
    As I repair computers for inexperienced users, this tool is useful as it prevents fake AV software as well. This type of infection usually occurs because of "device at end of keyboard error" (user). User says yes so AV allows it to run. Experienced users will not have this problem so tool is not necessary.

  17. #14
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    153
    Thanks
    34
    Thanked 31 Times in 18 Posts

    YES Images and data backups - but...

    If you are close to paranoid about this stuff you may want to look at CryptoPrevent.

    Additionally it will thwart many of the currently (in my area at least) prevalent PuP malware infections that have crippled many a computer.

    Disclosure: I am an in absolutely no way affiliated with FoolishIT except that I use two of their tools on my own machine.
    Eike J Heinze
    What I am about
    SE Wisconsin

  18. #15
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    It is, unfortunately, a fact the the readers of this Lounge are for the most part the more experienced users that wish to advance their PC knowledge beyond the simple user. These tools, although perhaps very good for those that read the lounge, or those that repair the PCs of those "average users", will never be known by those very same "average users" who blithely click along exposing more and more PCs to all the nasties that may be hiding in their PCs. Heck most of these "average users" do not even realize their PC did or did not come from the manufacturer with any type of security apps such as AV/AM apps. Fortunately, many of the larger PC manufacturers do include an AV/AM app by default. If the manufacturer does not, then MS does in the form of Windows Defender in Win 8 and Win 8.1. Even though many here believe this app is less than effective to the 3rd party apps, for these "average users" it very well might be all they have available.

    I commend all you PC professionals that do teach your customers about security, or install security apps on your customer's PCs and show them how to update the sigs. and run scans. Now if we can educate the "device at end of keyboard error" (user) to these ideas, we may be able to make headway in the fight against those who's only goal in life is to make PC user's lives difficult.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  19. The Following User Says Thank You to Medico For This Useful Post:

    paulbyr (2013-12-05)

Page 1 of 6 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •