You are badly mistaken. We’ve been under a virtual siege with the attacks hammering the firewalls. Ten of our computers have been hijacked by the FBI Ransomware and one by Cryptolocker.
Cryptolocker partially encrypted an external hard drive containing the current data. Most of that data is lost and cannot be recovered. The backup has almost everything lost on the targeted drive, but a few things recently used have been lost for good. The method of access is not known with any certainty, but reports indicate the most likely route in our situation was Adobe Flash player through Youtube. Most of the hijackings appear to have occurred while playing music. I’m particularly suspicious of the Alice’s REstaurant link.
Microsoft Essentials, Microsoft Defender, Malwarebytes, and a laundry list of other products have ultimately all been defeated by these malware attacks. After using malwarebytes to remove the rootkit infections and so forth, the malware found a means to diable malwarebytes and lockdown the computer to the point where not even the BIOS could be accessed any longer. That computer is still waiting for me to repair it.
Another computer had been repaired multiple times and kept off of the Internet and no contact with media or networks of any sort with other computers. It was totally standalone when recovered. nonetheless, the malware reinstalled itself after the hard drive had a high level format and reinstallation of Windows XP. It took the replacement of the hard drive and reinstallation of Windows XP to get it operating again, only to be hijacked again within a few weeks once it went back onto the Internet. This computer is also now waiting another rebuild.
Suffice it to note, despite all of the claims you see from the anti-malware software people, their products are being defeated by this new wave of ransomware. This stuff is getting into the client computers through the PDF, Flash, and other files. We do not use e-mail onthese systems, so there is no way possible for email or email attachments to have been the source of this malware. some of the client computers were used only for one or two financial applications that have no possibility of accessing any URL that could be remotely risky. So, the attacks must be targeted at least in part at the firewalls and not music files, Websites, or other activities that could be considered a risk.
So, be cautious. There is a lot more to these ransomware attacks than what you are seeing in the reports from the anti-malware outfits.
Have you tried the link in Post #37, for removal? Was it defeated, too?
Sounds serious!
Does that program linked to earlier defeat cryptolocker?
Stop giving your user’s local admin access. We restrict it on the domain and malware like this can’t install.
Disguising malicious code by adding a *.PDF or *.JPG to the end has been around forever.
It had inserted itself into a file that was saved, and later, reinstalled.
The initial intrusion is usually through email.