I'm dubious that the problem is retracted to a single computer. These
"crypto" packages are fast and furious about infecting any hard drive it
can access.
Hank Arnold
Microsoft MVP - Consumer Securiy
On Thu, May 28, 2015 at 12:11 PM, David McSpadden wrote:
> As soon as I find it.
Off the network and down to me.
Re-image or dispose depending on the age.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Michael Leone
Sent: Thursday, May 28, 2015 12:07 PM
To: [email protected]
Subject: Re: [NTSysADM] Cryptlocker
Oh, and we re-imaged the PC that was infected. Completely overwrote
the HD. The only way to be sure.
On Thu, May 28, 2015 at 12:05 PM, Michael Leone wrote:
We just had that happen last week. My boss ran scans with our
Kaspersky Enterprise AV to clean the PC in question; scanned
everything else, and I restored files from last week's backups.
On Thu, May 28, 2015 at 11:44 AM, Susan Bradley wrote:
First off be aware that the only way to really make sure something
is gone from an impacted machine is to rebuilt it.
Cryptolocker (and it's variants) want to encrypt data, so how's your
backups as you'll need to restore that data and shadowcopies may be
gone.
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-i
nformation
*_What should you do when you discover your computer is infected
with
CryptoWall_*
If you discover that your computer is infected with CryptoWall you
should immediately scan your computer with an anti-virus or
anti-malware program.
Unfortunately, most people do not realize CryptoWall is on their
computer until it displays the ransom note and your files have
already been encrypted. The scans, though, will at least detect and
remove any other malware that may have been installed along with
CryptoWall.
Some of the files where associated malware have been found are:
*%Temp%
C:\\.exe
%AppData%
%LocalAppData%
%ProgramData%
*
*
*
If trend is coming back with nothing, use malwarelbytes or even a
boot under the OS a/v tool to scan that system.
MS wants feedback on patching: http://tinyurl.com/patchingsurvey On
5/28/2015 8:30 AM, David McSpadden wrote:
I am pretty sure I have pc with this on it in my network.
I have ran scans on workstations.
I still do not see it but I have the tell tale signs.
The HELP_DECRYPT files in network folders.
The word and excel files not being able to be opened etc.
How do I remove something that Trend is not seeing?
Nor Windows Endpoint protection?
*David McSpadden*
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190 |F: 317.554.8106
Description: imcu email icon Description: facebook email icon
Description: twitter email icon
Description: email logo
mcp2
This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail
is addressed. If you are not one of the named recipient(s) or
otherwise have reason to believe that you have received this
message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this email is
strictly prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property of Indiana
Members Credit Union, are confidential, and are intended solely for
the use of the individual or entity to whom this e-mail is addressed.
If you are not one of the named recipient(s) or otherwise have reason
to believe that you have received this message in error, please notify
the sender and delete this message immediately from your computer. Any
other use, retention, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.
Please consider the environment before printing this email.
