Would you believe?

[TequilaChaser]

I finally got nailed by a damn ransomware crypt virus, during removal of last version of ESET SS, and before I could get the new version installed!

Un freaking real....

Thank GOD, my network and server are not see able via drive letter

This is going to take a while

TC

[Bizman]

Can it still be bypassed by doing a roll back with the installation media?

Please inform about any other tricks you use, there's been suspiciously silent recently...

[TequilaChaser]

Will do....

So far nothing from malware bytes has worked

Running ESET online scanner now, so far it's caught 5 copies of the crypt Trojan and 707 infected files....

Been over 21 years since I had a virus catch me.....geez

NOTICE: these types of viruses are prone to hit online MMO games!

TC

[TequilaChaser]

scanned results:  723 infected files ---> 687 cleaned ---> 36 Quarantined <---most of these is all AMD Crimson Driver folder Crimson Driver ver 16.3


will see how much more damage it has done and keep everyone posted

TC

[TequilaChaser]

Can it still be bypassed by doing a roll back with the installation media?

no rollbacks, no restores can be done

it destroys all shadow copies and restore points, all pictures, video, music, etc........

only thing I think will be the safest option is to do a complete format of every drive / partition and start over fresh, once I make sure that the drives ( HD's and SSD's have been scrubbed thoroughly )

taking this pc offline as soon as I finish this post

TC

[hgtonyvi]

Stay off the porn.....lol

[TequilaChaser]

Stay off the porn.....lol

Funny haha.....

Lost all the pictures of my granddaughter, Rudeboi....that I had taken myself and videos of her

TC

[Bizman]

it destroys all shadow copies and restore points, all pictures, video, music, etc........

That reminds me of some ransomware virus which seemed to destroy everything. In reality it moved them to one of the Temp folders, also changing their attributes to hidden system files. For cleaning purposes the Temp folders are often the first ones to be emptied...

Anyway, there was some script available from Bleepingcomputers.com to undo the changes, and even if there isn't and you have lost something that hadn't been backed up you might want to take a look into the Temps with a bootable Linux.

[TequilaChaser]

Rgr Bizman.... I have what is it? Hiren's CD on a USB stick... hadn't thought of that til you mentioned Linux

It has like 700 different programs, script, cleaners, etc... including Linux boot ability

Swapping systems out right now so I can hopefully make FSO tonight

Thank you for the tip

TC

[save]

Some ransomware can be decrypted :

https://noransom.kaspersky.com/

[Vulcan]

The new ransomware is a pain in the butt. It's coming out in variants so fast and so thick that most AV software is no longer able to keep up.

There is a new type of AV software hitting the market. Products like Cylance, Carbon Black, and I think Web Root has some goodness in it. These products have moved away from relying on signatures.

I get involved in a lot of security product testing (for work, alpha and beta code). In the last few months have been testing some new AV analysis stuff and boy what the desktop AV doesn't pick up scares the crap outta me. We have a pilot program at work to trial other software, and Cylance is one of them (unfortunately it's not available for consumers). It picked up stuff McAfee, Kaspersky, and Microsoft completely missed.

If anyone were to ask me for a home I would probably look at the Webroot products.

[MADe]

cryptoware virus, every boot infected more. I erased and did a clean install!
Nasty piece of work, never keep your valuable files, only, on your surfing pc.

[flyndung]

you can recover most of your files by using undelete program. it encrypts your files and then deletes them the older file.

[mikev]

  Had the same type of thing happen to me just 2 weeks ago. was just doing a search for a home repair project and wow 1 click and wow, instant cyber bomb. i also had Malwarebytes and did no good other then continue to locate new Trojans and infected files. after about 10 repeated scans it was just easier to reinstall windows.
  this is why i store all my need to be saved data on external HDs. after reinstalling windows ,motherboard drivers , video card drivers , i just plug in my external HD with all my installed programs i had and in about 4 or 5 hours im right back to where i left off

[Bizman]

Mikev, since you seem to take precautions, a System Image would save you quite a lot of time. Simply create one every now and then when you know your system is exactly like you like it, especially when you have installed some new programs which require the registration to be reopened after each reinstall. Creating one doesn't take too much time, it doesn't eat resources in the background and restoring your entire system on a blank hard disk will only take about half an hour or so. In between making copies of new single files and folders just in case is good maintenance.

For you and others who might be interested, here's how: http://windows.microsoft.com/en-us/windows/back-up-programs-system-settings-files#1TC=windows-7