Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected by Multiple issues (Zbot, Crowti, Toniper)


  • This topic is locked This topic is locked
5 replies to this topic

#1 ScooterJack

ScooterJack

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 November 2014 - 11:58 AM

Seeking assistance for my computer that has been infected.  The antivirus software running on this Windows 7 64-bit OS is Microsoft Security Essentials and was up to date at the time the infection occurred.  It also appears that files on my computer were encrypted or they are stating that there is encryption and instructions for an ransom has been place in multiple directories across the data volumes.

 

The scan for Microsoft Security Essentials reports the following:

 

Ransom:Win32/Crowti

Trojan Downloader:Java Toniper

Exploit: Java/CVE-2010-0840

Peeac.gen!A!plock

zbotgen!plock

 

Would appreciate any help that anyone can provide.

 

Thanks in advance,

ScooterJack



BC AdBot (Login to Remove)

 


#2 Fardooste

Fardooste

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 November 2014 - 12:00 PM

Sounds like cryptowall. check the cryptowall forum. 



#3 ScooterJack

ScooterJack
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 November 2014 - 12:06 PM

Okay.  Sorry for the newbee question but super new here.  Could you point me to that forum?



#4 Fardooste

Fardooste

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 November 2014 - 01:11 PM

http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/



#5 ScooterJack

ScooterJack
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 10 November 2014 - 01:47 PM

Thanks for pointing to that.  I believe that as of today there is no way to recover our files after reading over the current topics and it is unclear how to remove all of the malware that may be affecting that workstation so we are going to move the encrypted files to a jump drive and hold them in hopes someone cracks the current encryption and dump the computer and reformat to insure that we have no problems on the rest of our network.  If I have missed some solution let me know.

 

We do medical billing with this computer and cannot take a chance that our network becomes affected any further.

 

Thanks again for your help.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:01 PM

Posted 10 November 2014 - 08:12 PM

A repository of all current knowledge regarding CryptoWall & CryptoWall 2.0 is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall & CryptoWall 2.0 does and provide information for how to deal with it and possibly decrypt/recover your files. At this time there is no fix tool for CryptoWall.


Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that CryptoWall - new variant of CryptoDefense topic discussion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users