Results 1 to 10 of 10

Thread: KryptoLocker ?

  1. #1
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,795
    Thanks
    33
    Thanked 52 Times in 51 Posts

    KryptoLocker ?

    I have just finished going through a fight with KryptoLocker, at least it looked like this was the virus when considering what it said on-screen. The machine was totally dead after a few attempts at purging it. I could use Acronis from the boot screen but after twice running it the machine totally died, not even a video function. This was a machine used by one friend who I IT for but he had not followed my backup directives, the USB HD was empty. I now wonder if it would have survived a clone back ??
    I ended up taking the machine home and worked on it, the solution was to reset the BIOS by pulling the 2032 cell on the MoBO. Now after a W-7 install, I am accepting 132 updates, KL 0, Jean 1.
    This virus is potent if it really accessed the CMOS and negated the BIOS, as I noted, not even the video was active on booting. My first sign of success was when the monitor LED turned to green. One can never be too cautious on any mouse click. A FWIW for sure but I gained in experience. Jean.
    Last edited by handcuff36; 2013-12-13 at 10:27. Reason: corrected the MSU amount.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,609
    Thanks
    147
    Thanked 869 Times in 831 Posts
    Once you have it back fully working then you may want to install CryptoPrevent as well as on your own computer and tell your friend not to go clicking on any links that he doesn't know the origin of.

  3. #3
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,795
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Hello, Sudo. The best KryptoPrevent is in the interface between the chair and the keyboard. Your advice to not click on unknown is relevant. Curiosity has killed many a cat.
    The machine is running now as a new one, to be delivered this pm. Be good. Jean.

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,609
    Thanks
    147
    Thanked 869 Times in 831 Posts
    Glad to hear that you were able to get that sorted.

    The CryptoPrevent program looks handy to have installed which is why I now have it on mine even though I never click on unknown internal links, but having read an article on CryptoLocker, it has been known to be attached to a program download.

    I tend to use Google searches a lot so I think it would be prudent to have some additional protection should my AV or the Smartscreen Filter not pick up.

  5. #5
    New Lounger
    Join Date
    Nov 2010
    Location
    Western Ohio
    Posts
    16
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Have just recently been receiving e-mails with that attached. It comes as a spoof from Fed Ex for shipping info.
    I have Avast premium and it is catching it. I check my Road Runner e-mail on line today at work and there was another one sent and I deleted it.

  6. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by handcuff36 View Post
    KryptoLocker
    Quote Originally Posted by handcuff36 View Post
    KryptoPrevent
    It's Cryptographie, not Kryptonite!

    Bruce
    Last edited by BruceR; 2013-12-14 at 16:47.

  7. #7
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,795
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Last edited by handcuff36; 2013-12-14 at 19:29. Reason: Added URL.

  8. #8
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,650
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Quote Originally Posted by BruceR View Post
    It's Cryptographie, not Kryptonite!

    Bruce
    Quote Originally Posted by handcuff36 View Post
    The most commonly known one is Cryptolocker.

    Let's not play with semantics where users data may be at risk.

  9. #9
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,609
    Thanks
    147
    Thanked 869 Times in 831 Posts
    Quote Originally Posted by Browni View Post
    The most commonly known one is Cryptolocker.

    Let's not play with semantics where users data may be at risk.
    I agree, but it now looks as if others are getting in on the act http://www.bbc.co.uk/news/technology-25363270

  10. #10
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,795
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Hello, Rui.
    During our exchange on this subject, you asked me what happened when trying to use the USB clone and regain the machine, with Acronis. It looks to me now that the virus detected the clone and mashed it totally. My friend says, insists, that he never connected the USB HD.
    A word to the wise as I was sure that the small USB HD had a clone that I had made, there was nothing on it, so, my word to the wise is to format the C:\ before doing anything at all. I presume that if I had done this, I could then have used Acronis and redo the machine. It is called a learning process. After a few (?) hours of labour, I redid the whole machine, it runs now but all was lost from the C:\ thanks to KL.
    15" of fresh snow this am. Have a great day. Jean.
    Last edited by handcuff36; 2013-12-15 at 09:12.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •