Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finding virus entry point


  • Please log in to reply
1 reply to this topic

#1 Kragster

Kragster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 01 May 2014 - 10:57 AM

Anyone know any good links/faqs for tracking down a virus entry point?   Had two Cryptolocker instances in less then a week, and I'm trying to determine whether it was email or website, and which one.  I did get approval to quarantine all zip and rar attachments for now, but would like to prove that it did come in through email so that we can hopefully make this permanent.

 

 I have one computer that was unfortunately powered off so I couldn't capture the memory but hasn't been touched other then that.  Was able to live boot Kali and dig through the registry and find most of the Cryptolocker keys, so looks like it is still intact.

The other one the desktop support guys did a system restore so it's about worthless now.

 

I'm more familiar with the network/firewall side of things and don't have as much exposure to virus stuff, so any tips/info would be appreciated.

 

Thanks,



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:02 AM

Posted 01 May 2014 - 06:09 PM


A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it.

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users