Hello all,
I got this virus (Crypto Locker) on one of my laptops on Christmas night when I logged on. The laptop is used exclusively for Everquest and only EQ related sites when on the internet.
The virus is nasty in that it encrypts certain files ..it loves digital pictures,wallpaper images,word documents and many images and personal files stored on the computer and demands you pay US $ 300 via Bitcoins and a few other methods for them to give you a key to unlock your files. They threaten to destroy the key to fix the encrypted files if not payed within 72 hours iirc.The virus penetrated all safe mode options. But, despite the virus being active in safe mode you still have control over the desktop and ui..
I solved my problem by scanning via Malwarebytes (free) in safe-mode with networking which isolated the virus in its quarantine then deleted the files which showed up as: "Trojan.Ransom" in their virus vault. However, there are other methods.
Then after having removed the virus I did a system restore to a point a couple weeks back and my problem was solved..
I was lucky that my infected laptop had zero personal files and pictures, etc...
But if your computer had a lot of personal files,word docs,family pictures etc, only a safe "back up" would save you from losing priceless files and items.
I would never pay that ransom... though I have read that many do if they have a lot of files that have been encrypted.
To see which files have been encrypted, you can check via RUN then type "regedit" (BEFORE you remove the virus) and look in the subsection "Hkey_Current user" ..then.. "software" to see if Cryptolocker is in the list below. If it is there then under the subsection "files" it will show which files it has encrypted.
In my case, there were few encrypted files and none of importance so they could be sacrificed for good once I removed the virus - even after a system restore, some encrypted files and documents may not be retrieved successfully.
Good luck and beware of this nasty malware.
Edited, Dec 31st 2013 7:44am by hexeez
·Theme
- Forums
- EverQuest
- General Discussion
- Beware of the "Crypto Locker" virus/malware.
Beware of the "Crypto Locker" virus/malware.Follow
Thanks for the info Hex, I will check my comp when i get home. Its crazy what people are doing with viruses, they just cant leave well enough alone and let people enjoy thier computers. But i suppose money trumps all that.
EQ acct
Rukkuss 71 Iksar SK 1.5 Epic
Mokkas 70 Halfling Druid 1.0 Epic
Turfidor 70 Barbarian Shaman 1.0 Epic
Simplid 71 chanter
Trembledon 72 ranger
Rumblesx 70 monk
Bertoxx server
Rukkuss 71 Iksar SK 1.5 Epic
Mokkas 70 Halfling Druid 1.0 Epic
Turfidor 70 Barbarian Shaman 1.0 Epic
Simplid 71 chanter
Trembledon 72 ranger
Rumblesx 70 monk
Bertoxx server
Sadly, the advent of Bitcoms which is untraceable at this point in time, may make it easier for schemers,hackers and an assortment of cyber-thieves and reprobates to operate with impunity.
I hope they make a means to track this virtual currency, otherwise it is like having the old, fully anonymous Swiss accounts back in the day when no information on accounts, deposits etc would be forwarded to even Interpol etc.
Yes, its a scary sign of the future of malware/ransomware.
I hope they make a means to track this virtual currency, otherwise it is like having the old, fully anonymous Swiss accounts back in the day when no information on accounts, deposits etc would be forwarded to even Interpol etc.
Yes, its a scary sign of the future of malware/ransomware.
~
I work for a managed services company. Back in I think Nov I was reading about this bugger and then like two weeks later one of our clients called in with the symptoms -- by the time we got involved the majority of their file shares at that campus were encrypted. We've had two other clients in a similar situation since.
It's bad on a PC, it's worse on a network, trust me.
At the local PC level, easiest thing is a rollback to a date prior to the infection. Short of that, it's up to you if you want to pay or not. Of course, you could just wipe your box too.
My EQ box -- which, like Hexeez is purely for EQ -- has never taken an infection and I run naked with no AV or MW protection. But, caveat, that's me. I'll wipe and reimage the box in my sleep -- average users should in fact, always use some form of protection.
Edited, Dec 27th 2013 8:37am by nekokirei
I work for a managed services company. Back in I think Nov I was reading about this bugger and then like two weeks later one of our clients called in with the symptoms -- by the time we got involved the majority of their file shares at that campus were encrypted. We've had two other clients in a similar situation since.
It's bad on a PC, it's worse on a network, trust me.
At the local PC level, easiest thing is a rollback to a date prior to the infection. Short of that, it's up to you if you want to pay or not. Of course, you could just wipe your box too.
My EQ box -- which, like Hexeez is purely for EQ -- has never taken an infection and I run naked with no AV or MW protection. But, caveat, that's me. I'll wipe and reimage the box in my sleep -- average users should in fact, always use some form of protection.
Edited, Dec 27th 2013 8:37am by nekokirei
--
Savage Lady Nekokirei of Drinal
Predator Nekokirei of Stromm
Savage Lady Nekokirei of Drinal
Predator Nekokirei of Stromm
4 posts
Could you not remove the virus and then use your handy rainbow tables to bruteforce the encrypted files? I mean that would be one way to get them back.
Shadowus wrote:
Could you not remove the virus and then use your handy rainbow tables to bruteforce the encrypted files? I mean that would be one way to get them back.
I wish it was but this malware uses asymmetric encryption (two keys-public and private) which makes it almost impossible without both keys decryption codes.
While they store their "private key" on their server, site or bot computer. In other words,the encryption codes from the private key do not exist on the victims computer. Making it virtually impossible for the majority of users except the most tech savvy.
nekokirei wrote:
~
I work for a managed services company. Back in I think Nov I was reading about this bugger and then like two weeks later one of our clients called in with the symptoms -- by the time we got involved the majority of their file shares at that campus were encrypted. We've had two other clients in a similar situation since.
It's bad on a PC, it's worse on a network, trust me.
At the local PC level, easiest thing is a rollback to a date prior to the infection. Short of that, it's up to you if you want to pay or not. Of course, you could just wipe your box too.
My EQ box -- which, like Hexeez is purely for EQ -- has never taken an infection and I run naked with no AV or MW protection. But, caveat, that's me. I'll wipe and reimage the box in my sleep -- average users should in fact, always use some form of protection.
Edited, Dec 27th 2013 8:37am by nekokirei
I work for a managed services company. Back in I think Nov I was reading about this bugger and then like two weeks later one of our clients called in with the symptoms -- by the time we got involved the majority of their file shares at that campus were encrypted. We've had two other clients in a similar situation since.
It's bad on a PC, it's worse on a network, trust me.
At the local PC level, easiest thing is a rollback to a date prior to the infection. Short of that, it's up to you if you want to pay or not. Of course, you could just wipe your box too.
My EQ box -- which, like Hexeez is purely for EQ -- has never taken an infection and I run naked with no AV or MW protection. But, caveat, that's me. I'll wipe and reimage the box in my sleep -- average users should in fact, always use some form of protection.
Edited, Dec 27th 2013 8:37am by nekokirei
Words to live by
Recent Visitors: 150
All times are in CST
Anonymous Guests (150)
- Forums
- EverQuest
- General Discussion
- Beware of the "Crypto Locker" virus/malware.
© 2024 Fanbyte LLC