Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware CRYPTSb@gmail.com.roto


  • This topic is locked This topic is locked
6 replies to this topic

#1 Andyinco

Andyinco

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:12:11 AM

Posted 09 July 2015 - 05:21 AM

Hi everyone!

 

One of my customers has been infected by that ransomware, almost every files encrypted. Backups also encrypted.

 

Can you help me?

 

Thanks in advance.



BC AdBot (Login to Remove)

 


m

#2 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 PM

Posted 12 July 2015 - 09:11 AM

Hello Andyinco, and welcome to Bleepingcomputer!

 

My name is Dave and I'll be assisting you with your malware troubles.  Before we get started, here are some instructions:

 

  • Please generate and attach a FRST log (for instructions, please follow step 6 in this guide).
  • Please refrain from making additional changes to the computer while I am helping you.  Doing so can make it very difficult for me to assist you.
  • Read and follow all posts carefully and if you ever have questions, don't hesitate to ask!
  • Keep in touch!  Please post back to this thread within 48 hours of a reply -- even if just to say that you need more time to respond.  This helps us here at Bleepingcomputer stay on top of all of the logs we are working on :).

//Dave

#3 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 PM

Posted 14 July 2015 - 06:28 PM

Hey Andyinco, are you still in need of assistance?  If so please post back here.  If not, this thread will be closed in 48 hours.  Thanks!


//Dave

#4 Andyinco

Andyinco
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:12:11 AM

Posted 14 July 2015 - 06:40 PM

Hi! No thanks, I obtained the key and decrypt all files. Regards.



#5 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 PM

Posted 14 July 2015 - 06:48 PM

Excellent!  Glad that every thing worked out. :)


//Dave

#6 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 PM

Posted 16 July 2015 - 08:52 AM

One last thing!  Before we close out, here is a bit about how these infections can happen and some basic tips for preventing them in the future. :)

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

Note: Some of these Antivirus products come with toolbars and other software.  When installing them, be careful to deselect the software you do not want.

 

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.


//Dave

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,592 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:11 AM

Posted 18 July 2015 - 11:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users