Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips to avoid being bit by CryptoLocker (and what to do if you are)

Kim Crawley | Dec. 4, 2013
InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offers suggestions for avoiding infection.

If you've booted into safe mode properly, your desktop wallpaper will be black with "Safe Mode" and the name of your version of Windows in white text in each of the four corners. Also, a help window will launch, "What is Safe Mode?" To be extra sure that CryptoLocker isn't continuing to run, don't choose "Safe Mode with Networking." Otherwise, you can unplug your Ethernet cable or turn off your WiFi.

The programs I recommend are in this list. Keep in mind, CryptoLocker only affects Windows so far, and these programs are only for removing malware in Windows. I've personally used them literally thousands of times for customers who've paid me to do the work:

ComboFix.

HijackThis. If you don't have lots of experience using HijackThis, choose the option to create a log file. Then copy and paste the log here. The result will tell you which items thousands of users consider malicious. Only remove those items if you want to make sure you don't remove anything that isn't malware.

Malwarebytes' AntiMalware. When I was a Windows remote support employee, we referred to it as MBAM. You will not only have to be online while downloading the program, you'll also have to be online while downloading the latest signatures. Make sure you're offline when you aren't doing either.

TrendMicro's Fake AV Removal Tool.

IoBit Uninstaller, or Revo Uninstaller. Although Windows has a native program uninstaller under the Control Panel, it does an absolutely lousy job of removing stray registry keys, unlike IoBit and Revo's applications. IoBit and Revo's programs also have features to remove malicious programs that don't show up in the program list, but may appear as an icon on your desktop, or have some sort of GUI. Be very careful when you install either program. Like many legitimate Windows programs, they may sneak malicious programs such as the Ask.com toolbar into their installation wizards. Read each step of the installation wizards really carefully, and check or uncheck boxes to make sure you don't install extra programs as you install the program you intend to install.

After you've run all the malware removal programs, which may take a few hours or more, you'll need to reboot your PC to get rid of all the malware that's been quarantined. Until you've rebooted, the malware will still be on your machine.

Once you've rebooted, you can recover your back-up, and be back to where you where before you were infected with CryptoLocker. As an added bonus, you'll probably remove all or almost all of the malware that was also on your machine.

If you haven't backed up your files and OS before being infected with CryptoLocker, you're kind of screwed, unless you profit the criminals, which encourages them to continue this sort of malicious activity. That's one of the many reasons why, if you don't already have a local backup of some sort, to do one as soon as you can, assuming you haven't yet been infected with CryptoLocker.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.