Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoPrevent: Does it work?


  • Please log in to reply
53 replies to this topic

#1 larryhyman

larryhyman

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 20 February 2014 - 04:55 PM

Well, with all the new talk about all the Crypto Viruses, there is one product that claims it can PREVENT you from getting infected.

 

I have installed it a couple of months ago and I have never been hit by a virus. (But, then I never have been hit by a virus) So I don't really know if it is working.

 

Has anybody else installed it and have you been hit with a virus since?

 

What do you think? Does it really work?

 

Thanks



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 20 February 2014 - 05:15 PM

CryptoPrevent is a security tool that writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. CryptoPrevent can be used to lock down any Windows OS to prevent infection by crypto ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, %userprofile%, %programdata%, Recycle Bin, Startup Folder) from running. Due to the way that CryptoPrevent works, it protects against a wide variety of malware and ransomware. There are several levels of protection but most users only need to use the default setting - "Set it and forget it" protection. The Free Edition allows you to manually check for updates regularly by using the update function inside the program. CryptoPrevent Premium offers automatic updates to the program and definitions, email alerts, and customized prevention rules for a one time low price.

CryptoPrevent has a filter module (in the installer version) which allows you to apply (enable) or disable suspicious program filtering for .cpl, .scr and .pif files which are executable files. This option is found by opening CryptoPrevent and selecting Advanced > show Advanced Options at the top. The portable version does NOT include the Filter Module...you must get the installer version to use that feature.You should periodically check for and update to the latest version using the program’s internal update function in the top menu to stay current with the latest methodology in preventing this (and other) malware. After update, re-apply the protection to your system. It is not necessary to undo the previous protection before doing this, or even to uninstall the app before updating. If you have an older version of the app before the update functionality was introduced, just download and install the latest version, then re-apply protection.


Another nice tool is HitmanPro.Alert with CryptoGuard. There is an entire topic devoted to it with questions any answers by an Authorized SurfRight Rep.

* CryptoGuard prevents your files from being taken hostage

I use both on all my computers.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 February 2014 - 06:46 PM

malmwarebytes pro also have cryptolocker prevent? What is this two sofwares differencies? hitmanpro vs malmwarebytes?


Edited by proffa, 21 February 2014 - 06:54 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 21 February 2014 - 07:00 PM

Malwarebytes Anti-Malware detects Cryptolocker as Trojan.Ransom and is able to remove the infection (see here) but it cannot recover the encrypted files.

As you can see below the full version of Malwarebytes' Anti-Malware would have protected you against Cryptolocker. It would have warned you before the ransomware could install itself, giving you a chance to stop it before it became too late.


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 21 February 2014 - 07:13 PM


Per Authorized SurfRight Rep (summary of comments in this topic):

HitmanPro.Alert warns when malware has intruded your browser but the alert will not block malware since the program is not designed to be an anti-virus or anti-malware tool.

1. Alert's Intruder feature is only for web browsers when they are open. Intrusions happening while the browser is open will be detected and an alert will be displayed but the intrusion is not blocked.

2. Alert's CryptoGuard is a system-wide real-time feature that will block encryption of files even when no browsers are open (browsers are unrelated to CryptoGuard anyway. The CryptoGuard feature protects all documents and files on the computer. Alert will not blocked the infection but will block crypto attacks on the documents and files on the computer. CryptoGuard monitors the computer's file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm. CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files. CryptoGuard works autonomously, so no user interaction is required.

3. The CryptoGuard Alert will always be 301.

HitmanPro.Alert will warn immediately when it sees that critical web browser APIs (like cryptography and network APIs) have been compromised by banking malware like Zeus, SpyEye, Sinowal (aka Mebroot and Torpig), Citadel, Cridex, Carberp, Shylock, Tinba, etc. In addition Alert vaccinates the computer by setting a few markers that some malware families look for when infecting a computer. With these markers the computer looks like a research computer and some malware families won't deploy. See also this article.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 February 2014 - 07:18 PM

After first videofile: http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

 

"While Malwarebytes cannot recover your encrypted files post-infection, we do have options to prevent infections before they start.

Users of Malwarebytes Anti-Malware Pro are protected by malware execution prevention and blocking of malware sites and servers.

To learn more on how Malwarebytes stops malware at its source, check out thisblog.

Free users will still be able to detect the malware if present on a PC, but will need to upgrade to Pro in order to access these additional protection options."



#7 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 February 2014 - 07:25 PM

and i have understand that if files are encrypted, there is no way to get that decrypted. have to pay if want to see files..

 

Hard to compare these software when i am amateur.. Thats why i like to hear all of your pros opinions of these.. You have better knowledge of these programs 

what they block, remove, protect and so on...  for example i dont know if malwarebytes pro blocks your mentioned ( Zeus, SpyEye, Sinowal (aka Mebroot and Torpig), Citadel, Cridex, Carberp, Shylock, Tinba, etc)?

 

is it recommend to use both cryptoprevent and malwarebytes pro/ hitman pro? what cryptoprevent blocks that malwarebytes pro or hitman pro dont?

 

Thx, this is best virus/spyware site.. i have seen..


Edited by proffa, 21 February 2014 - 07:42 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 21 February 2014 - 07:32 PM

and i have understand that if files are encrypted, there is no way to get that decrypted. have to pay if want to see files..

That is not correct.

CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it and possibly recover your data.

Some victims of crypto malware infection have reported success recovering data using Windows Previous Versions or Shadow Explorer if system restore was enabled (turned on). However, newer variants have been reported to erase all shadow copies as part of its routine.In Windows 8 the Shadow Volume Copy service has been replaced with File History, a backup application that if enabled, continuously protects personal files stored in Libraries, Desktop, Favorites, and Contacts folders. If something happens to your personal files, the restore application makes it easy to preview versions of selected files and restore them.
* Protecting user files with File History - Restoring files
* How to Use the File History Feature in Windows 8
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 February 2014 - 07:45 PM

shadow explorer i have heard, but not too many success story. but i hope that i am wrong and there is way to do that. Thx for information. Have to read.

 

I am not infected.. but nowdays these viruses and spywares are really nasty and get worst whole time..  i am not yet tested sandboxie. Is that bullet proof secure way to surf internet? 

I know that have to use head also and think where to surf and how. But is there safe way to surf totally safe? with sandboxie, or without hard-disk with bootable linux-cd or stick? or other way?


Edited by proffa, 21 February 2014 - 07:55 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 21 February 2014 - 07:51 PM

You're welcome.

BTW, there is a lengthy ongoing discussion in this topic: Cryptolocker Hijack program. Since this infection is so widespread, rather than have everyone post in different topics, it would be best (and more manageable for staff) if you posted any more questions or comments in that topic discussion.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 proffa

proffa

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 21 February 2014 - 07:59 PM

ok, thx. when i see moderator active posting this topic, i tried ask questions where i dont have answer



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 21 February 2014 - 08:05 PM

I understand but this topic was started in regards to CryptoPrevent and it should stay focused on that or similar tools rather than the infection itself.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 larryhyman

larryhyman
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 22 February 2014 - 08:17 PM

Thanks so much !!!! CryptoPrevent is now installed on all my windows machines and will be in all my future installs !!!!

 

Thanks so much

 

Never got hit by a virus, very carful, just don't know if my security is working because nothing bad ever happened to me



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:43 AM

Posted 22 February 2014 - 09:09 PM

You're welcome.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Haarold

Haarold

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 06 February 2015 - 12:41 PM

15

My 2-cents.

1. I had [HAD] COMODO CIS premium installed on all my computers - mix XP & W7. My XP (ms Mail running) displayed the 'TS. We've encrypted your files- bs' - and they Had! Every last video, pdf, doc/docx/odt, spreadsheet, etc, etc was crapped with the elliptical DH unbreakable! I complained to COMODO - they said, well we could have helped you remove the virus! Sorry. The horse was already out of the buring barn by then! So needless to say, I've switched from COMODO to malwareMalbytes & Kaspersky. [Unfortunately, the absense of a negative does not prove a positive..], but I was TOTALLY unimpressed with Comodo's 'support'.
2. I have been trying for a few days to use CryptoPrevent - which by the way did NOT originally acknowledge that W7 Home editions did not have LGP available. Anyway, The video that Foolibleep references is NOT available; and the information from their site (very muddled!) does NOT match my interface on CryptoPrevent (which has been downloaded from their page and from BleepingComputer, numerous times, and installed variously from zip and installer with and without administration privileges into Windows 7 pcs). The best response I get is: this program was installed successfully.
It does reference this oddity after running (sometimes) - number of statements available 143, number installed 0 [or something to that effect].
So, while it is possible that Cryptoprevent is a gem of a program, the user interface and instructions are terrible.

How can I tell if Cryptoprevent is doing ANYTHING? Are there registry settings equivalent to the LGP settings which I can check?

23

Edited by Haarold, 06 February 2015 - 12:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users