Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Cryptowall infect other PC with a USB Flash Drive?


  • Please log in to reply
12 replies to this topic

#1 darknessx

darknessx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 April 2018 - 04:57 AM

title, I need urgent help..?



BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:00 PM

Posted 17 April 2018 - 05:09 AM

This functional was not described.
 
CryptoWall Original 

Edited by Amigo-A, 17 April 2018 - 05:10 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 Amigo-A

Amigo-A

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:00 PM

Posted 17 April 2018 - 05:17 AM

Other Ransomwares mimicked the infection by issuing a text entry with the word CryptoWall to scare the victims.
It is necessary to investigate a particular case to give an opinion.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#4 darknessx

darknessx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 April 2018 - 05:29 AM

 

Other Ransomwares mimicked the infection by issuing a text entry with the word CryptoWall to scare the victims.
It is necessary to investigate a particular case to give an opinion.

 

 

 Cryptowall 3.0 actually infected my HDD and crypted all files 3 years ago, and now I decided to check my files again so i plugged it in.

I just wanted to know if it's safe to move some files to the other pc using a flash drive. (since hdd is showing failure symptoms)


Edited by darknessx, 17 April 2018 - 05:36 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 17 April 2018 - 05:33 AM

Are you sure you were infected by CryptoWall...it is an older infection?

Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

Crypto malware (file encryptor ransomware) typically propagates itself as a Trojan, although Zcrypt was a self-replicating virus Hybrid distributed via malicious email attachments, then spread through removable USB drives and WannaCry was a worm distributed via an email malspam campaign that spread by exploiting vulnerabilities in the Windows operating system. A strain of Spora ransomware and a variant of CryptoLocker was reported to spread via usb removable drives.

Trojans do not reproduce by infecting other files nor do they self-replicate. Instead Trojans spread via a variety of common vectors...opening a malicious or spam email attachment, executing a malicious file, web exploits, exploits, exploit kits, malvertising campaigns, non-malware (fileless) attacks, drive-by downloads, social engineering, scams and RDP bruteforce attacks against servers particularly by those involved with the development and spread of ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 darknessx

darknessx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 April 2018 - 05:43 AM

I am sure it was CryptoWall 3.0.

And my hdd was infected in 2015 and I really don't recall completely isolating my computer from the other computers, I just remember that reinstalled windows and started fresh and forgot about it. (did not wipe the hdd)

My question: if i move actual encrypted files with all of that HELP_DECRYPT related  stuff to the computer, will that infect my other pc? has anyone tried that?



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 17 April 2018 - 06:33 AM

One of the first things we advise is to create a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) in the event that a free decryption solution is developed in the future.After that perform a scan with your anti-virus. Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Emsisoft Anti-Malware, Malwarebytes 3.0, Zemana AntiMalware, RogueKiller Anti-malware and HitmanPro. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Amigo-A

Amigo-A

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:00 PM

Posted 17 April 2018 - 07:32 AM

My question: if i move actual encrypted files with all of that HELP_DECRYPT related  stuff to the computer, will that infect my other pc? has anyone tried that?

 

 

 
It is necessary to check with the actual antivirus software all the files and folders that were infected with this infection. And only then to transfer this to other hard-disk under the supervision of the same antivirus.
 
I recommend for this act Norton Security or Kaspersky Internet Security. 
Before you buy, you can try them for 30 days. That's enough for your task.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#9 darknessx

darknessx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 April 2018 - 08:46 AM

 

My question: if i move actual encrypted files with all of that HELP_DECRYPT related  stuff to the computer, will that infect my other pc? has anyone tried that?

 

 

 
It is necessary to check with the actual antivirus software all the files and folders that were infected with this infection. And only then to transfer this to other hard-disk under the supervision of the same antivirus.
 
I recommend for this act Norton Security or Kaspersky Internet Security. 
Before you buy, you can try them for 30 days. That's enough for your task.

 

I would but currently i'm monitoring the hdd using windows xp that's booted on flash drive so there's no way i could scan the files using an actual antivirus, thanks for the help though.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 17 April 2018 - 10:08 AM

How about one of the Online virus scans in the link I provided above? ESET is one of the more effective online scanners.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 darknessx

darknessx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 17 April 2018 - 11:37 AM

How about one of the Online virus scans in the link I provided above? ESET is one of the more effective online scanners.

Thanks a lot, I will check it out.



#12 Amigo-A

Amigo-A

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:00 PM

Posted 17 April 2018 - 02:29 PM

You can be used to check files Kaspersky Virus Removal Tool (automatic download)
 
This is a free scanner on demand. 

Edited by Amigo-A, 17 April 2018 - 02:30 PM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 17 April 2018 - 05:43 PM

You're welcome.

BTW...here is a List of Free Scan & Disinfection Tools to supplement your anti-virus or get a second opinion
Many of these tools are stand-alone applications by themselves or contained within zipped files...meaning they require no installation so after extraction, they can be copied to and run from usb drives.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users