Free Republic
Browse · Search
General/Chat
Topics · Post Article


1 posted on 07/19/2015 6:34:06 AM PDT by fwdude
[ Post Reply | Private Reply | View Replies ]


Navigation: use the links below to view more comments.
first previous 1-2021-27 last
To: fwdude
I suggest you Google the problem and you'll find a number of potential solutions available. Example.
Try them all - you might get lucky.
44 posted on 07/19/2015 8:12:34 AM PDT by oh8eleven (RVN '67-'68)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

Cryptolocker hit my servers last year and I had good backups that could be restored. Experts told me the best defense are good backups for Cryptolocker can bust even the best Anti-Virus software.

I had Kaspersky on my servers and Crypto busted one of them to infect a few drives. I switched to Eset afterwards though.

In your case, I would pay since your backups are infected too. You can’t unlock the virus since it has 256bit encryption. Sorry, anyone selling a solution is lying.

After you get your files back, then invest in better backups for if you had a decent backup system, this wouldn’t be a problem. Also, teach users on the network to not open strange attachments in email messages.


46 posted on 07/19/2015 8:19:54 AM PDT by WildWeasel
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

You can get probably rid of it. Since your entire network is infected, it is going to take time because each system on the network has to be taken off line (put into isolation) and repaired individually. This involves safe booting with nothing loaded except the basic drivers needed to explore the drives, removing the infection reference link(s) from the startup list (you can get there from msconfig), removing the infection itself (usually there are multiple files because they are designed to reinfect if you don’t get all instances), and then removing the infection commands within the registry by manually searching for references to the infected file names and deleting all instances in the registry.

You need to keep notes about infected files names and dates as you work at this. It helps to know when the infection started. The infected files typically have long names made of random characters and tend to be in hidden cache areas of the user who infected the system originally. The exe files of the infection have no corporate name associated with them when looking at them in the startup list, and usually they are the most recently added to the list.

Cleaning out ransomware will take about 1.5 to several hours, just depending on how many instances of the infection are on the system. If you are not meticulous in cleaning, you can easily reinfect the computer when you reboot, so it is always best to reboot in safe mode and recheck your startup file list and registry until you are sure no more instances of the ransomware are running and it is safe to boot normally.

As soon as you get some control of the system, you need to turn off Java from the control panel, because outdated Java is usually what allows ransomware infection to take over. Normally you don’t need to have Java turned on anyway, so it should always be off until needed.

Be aware that simply turning off ransomware is not the same as removing it, and your infected systems will continue to be carriers and will likely spread the infection to any new system they connect to. So it is best to actually clean out the infection.


47 posted on 07/19/2015 8:20:46 AM PDT by Kirkwood (Zombie Hunter)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

Pay the ransom once, then pay it twice, then a third time. Soon you’ll realize that your business now has a new partner that you can’t get shead of and that doesn’t do anything for the business but take.


49 posted on 07/19/2015 8:52:59 AM PDT by fella ("As it was before Noah so shall it be again,")
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

If the price is not too high, I would pay.


52 posted on 07/19/2015 9:18:34 AM PDT by UnwashedPeasant (A slave is one who waits for someone to come and free him.)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

The first time I received a ransomeware “lock”, I took my laptop to a local repair shop. He fixed it, and added Malwarebytes and “CleanUp”. The second (and third) time, I popped out the battery, drained what charge remained, and got back onto the Internet and FR!


56 posted on 07/19/2015 2:53:56 PM PDT by Does so (SCOTUS Newbies Will Imperil America...)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: fwdude

bm


81 posted on 07/20/2015 7:57:30 AM PDT by CJ Wolf ((optional, printed after your name on post):)
[ Post Reply | Private Reply | To 1 | View Replies ]


Navigation: use the links below to view more comments.
first previous 1-2021-27 last

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson