Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto Virus


  • Please log in to reply
8 replies to this topic

#1 crackberries

crackberries

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:07 PM

Posted 17 October 2014 - 10:51 AM

Do you guys have any script we can run to remove the Cryptolocker virus from server 2008r2. There are no encrypted files on the server yet. We caught the virus before they stated to encrypt documents.

BC AdBot (Login to Remove)

 


#2 crackberries

crackberries
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:07 PM

Posted 17 October 2014 - 11:13 AM

DDS will not run on server 2008r2. I am gathering an active list of programs to better diagnose. 



#3 sflatechguy

sflatechguy

  • BC Advisor
  • 2,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 17 October 2014 - 12:26 PM

You should probably ask the forum moderator to move this to the Am I infected? forum, where they can better assist you.



#4 crackberries

crackberries
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:07 PM

Posted 17 October 2014 - 01:34 PM

I goofed.... sorry. I will PM the mod. 



#5 crackberries

crackberries
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:07 PM

Posted 17 October 2014 - 02:00 PM

The virus did encrypt some of the documents. It did go alphabetically. The encrypted files were removed and restored with the backups. But the final question remains..... How do we protect ourselves from this really nasty virus?



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 17 October 2014 - 02:00 PM

This should give you the info you need :

http://www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 17 October 2014 - 02:02 PM

The virus did encrypt some of the documents. It did go alphabetically. The encrypted files were removed and restored with the backups. But the final question remains..... How do we protect ourselves from this really nasty virus?


The first item is to educate the users of your networks on what they should and should not do. Also enable viewing of extensions in windows so people can see its an executable rather than a PDF or Script file. I also suggest you use a tool like cryptoprevent. You can find a promotional offer here: http://www.bleepingcomputer.com/forums/t/542235/30-off-cryptoprevent-and-dmaintenance-home-edition-from-foolish-it/

#8 crackberries

crackberries
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:12:07 PM

Posted 17 October 2014 - 06:17 PM

Grinler,

   You are a huge help on this forum. Thank you.



#9 zuluboy

zuluboy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 18 October 2014 - 08:22 AM

Thank you :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users