Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Help! I'm being held to ransom!!

  1. #1
    Dinosaur Excalibur's Avatar
    Join Date
    Jul 2006
    Location
    East Yorkshire
    Age
    68
    Posts
    26,833

    Default Help! I'm being held to ransom!!

    The old home PC has been held to ransom, and all documents and piccies have been encrypted. Fortunately for me, the music has been untouched, and so has email. I have salvaged some vital documents which were sent as attachments to emails, and as far as I can see, I've only lost one vitally important file.

    I have a new PC which is what I'm on now, and it has highlighted the importance of backing documents up to a separate drive. I shall certainly be doing this in future.

    OK, to the future. Has anyone any suggestions for programmes to remove this Trojan? Preferably low cost. The two worst case scenarios are taking it to a computer specialist, or salvaging what I can, and binning it. I haven't listed any of the TXT file details of it, for obvious reasons, but it mentions a Tor Browser. Don't know if that identifies it.

    So, what good protection programmes do people use? This PC is using Ad-Aware free anti-virus, and I had Spybot S & D on the old one. I'm open to suggestions. Posting your recommendations may help other people with computer security, so bung 'em up here. I'm considering making a sticky thread for recommendations, for this very reason.

    OK folks, the floor is yours.
    Excalibur. Older than the average DJ.

    www.excaliburmobiledisco.co.uk

  2. #2

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    I've successfully used HijackThis to rescue machines from the control of nasty things in the past. It's not the most intuitive program I've ever used but it got results.

    To be absolutely sure though, your best bet would be to salvage all the data you can from it, format & reinstall Windows. Unfortunately that's also usually the least time consuming option.

    The last desktop machine I built, I bought a USB wifi adapter for it on the cheap from Amazon. One day I noticed a vast slowdown on my home network & spent almost a whole week of late nights diagnosing the problem with online & offline virus & bot scanners. What was the issue? Oh, just a trojan built into the USB wifi adapter drivers which came on CD! Solved that problem by finding out what chipset the USB wifi adapter uses & trying a different driver. I submitted all the files from the driver CD to give some antivirus providers a heads up.

    I only use webmail these days, and block javascript, flash etc on all sites except a select few.

    EDIT: You can try some of the 'offline' boot CDs which offer virus scanning. There's one I've used called 'The Ultimate Boot CD', but you generally have to go looking under rocks to find a recent version.

    Try MalwareBytes too. Download it on a 'clean' machine to a USB stick, boot Windows into 'safe' mode on the infected machine & run it from the USB stick.
    Last edited by Nakatomi; 15-05-2015 at 12:07 PM.

  3. #3
    Dinosaur Excalibur's Avatar
    Join Date
    Jul 2006
    Location
    East Yorkshire
    Age
    68
    Posts
    26,833

    Default

    Quote Originally Posted by juski View Post
    Try MalwareBytes too. Download it on a 'clean' machine to a USB stick, boot Windows into 'safe' mode on the infected machine & run it from the USB stick.
    I downloaded it onto the poorly one and ran it in safe mode. I don't know whether that makes any difference to its effectiveness?
    Excalibur. Older than the average DJ.

    www.excaliburmobiledisco.co.uk

  4. #4

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    Quote Originally Posted by Excalibur View Post
    I downloaded it onto the poorly one and ran it in safe mode. I don't know whether that makes any difference to its effectiveness?
    Running windows in safe mode can potentially stop the nasty program loading into memory, which will give any attempt to detect it more than a snowball in hell's chance.

    The amount of time I've spent in my life de-lousing people's computers, it'd always have been quicker to flatten em & reinstall Windows.

  5. #5
    Shaun's Avatar
    Join Date
    May 2006
    Location
    Fife
    Age
    51
    Posts
    14,771

    Default

    I'm no expert on these things, but normally the t'internet can throw up some good solutions. Is there any indication of the name of this trojan. Is there anything coming up on the screen?


    I remember there was a particularly bad one of these a year or so ago, it was all over the news, and as far as I'm aware it was impossible to release the files without paying a fee via bitcoin to the unscrupulous thugs that implemented it. Hopefully you're situation isn't as serious. Best of luck.
    Last edited by Shaun; 15-05-2015 at 01:22 PM.

  6. #6

    Join Date
    Feb 2015
    Location
    Reading, Berkshire
    Age
    40
    Posts
    1,439

    Default

    If this is the trojan that I think it is, I don't think there's a way round it - it literally does encrypt every file. I've seen it before and it's very nasty.

  7. #7
    Shaun's Avatar
    Join Date
    May 2006
    Location
    Fife
    Age
    51
    Posts
    14,771

    Default

    Quote Originally Posted by rth_discos View Post
    If this is the trojan that I think it is, I don't think there's a way round it - it literally does encrypt every file. I've seen it before and it's very nasty.
    CryptoLocker rings a bell. Nasty nasty!

  8. #8

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    Quote Originally Posted by Shaun View Post
    I'm no expert on these things, but normally the t'internet can throw up some good solutions. Is there any indication of the name of this trojan. Is there anything coming up on the screen?


    I remember there was a particularly bad one of these a year or so ago, it was all over the news, and as far as I'm aware it was impossible to release the files without paying a fee via bitcoin to the unscrupulous thugs that implemented it. Hopefully you're situation isn't as serious. Best of luck.
    Being a geeky follower of this kind of thing, I remember there was a big hole found in cryptolocker infections at some stage - they used the same master encryption key or something similarly daft which made it easy to undo without ever paying somebody. Doubtless they redoubled their efforts & swapped things around to make it harder though.

    Sometimes the 'ransom' isn't too bad, but of course there's never any guarantee they'd let you have your files back once money has changed hands. If you're all backed up to the hilt, just ignore em, remove the infection & hope whatever circumstances that allowed em to take control in the first place don't happen again.

    Edit: Ahh here we go...

    http://www.bleepingcomputer.com/viru...mation#decrypt
    Last edited by Nakatomi; 15-05-2015 at 01:36 PM.

  9. #9
    DazzyD's Avatar
    Join Date
    Feb 2008
    Location
    Between Sunderland & Durham
    Age
    48
    Posts
    5,064

    Default

    I've been conversing with Peter via PM and I'm quite confident it's not CryptoLocker (if it was this would be a doddle!). However, I think I've established it's the TeslaCrypt ransonware that has been identified recently. TeslaCrypt is a new variant on the CryptoLocker theme but it encrypts your files with the extention *.exx which is the case with Peter's files. Thankfully, it's not the latest strain, AlphaCrypt because, with TeslaCrypt, there is a way to unlock your files. With AlphaCrypt, there is, as of yet, no known method of safe removal.

    Check the Kaspersky discussion boards for good and helpful info!

    HiJackThis is a good option but, as I advised Peter, the first stop I'd do would be to run with Kaspersky's RescueDisk which is a suite of utilities that auto-boot from a memory stick, which will help you take back control of your computer and files.

    A quick word of warning - if anyone gets infected with malware and searches online for a solution, don't just click willy-nilly on links promising to sort it for you. Do some research on everything that you might be tempted to install because, despite the amazing claims alongside links in Google, some things are not all they're cracked up to be!
    Dazzy D
    Lightning Disco & Entertainment

    Born to make you party!

  10. #10

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    Quote Originally Posted by DazzyD View Post
    I've been conversing with Peter via PM and I'm quite confident it's not CryptoLocker (if it was this would be a doddle!). However, I think I've established it's the TeslaCrypt ransonware that has been identified recently. TeslaCrypt is a new variant on the CryptoLocker theme but it encrypts your files with the extention *.exx which is the case with Peter's files. Thankfully, it's not the latest strain, AlphaCrypt because, with TeslaCrypt, there is a way to unlock your files. With AlphaCrypt, there is, as of yet, no known method of safe removal.

    Check the Kaspersky discussion boards for good and helpful info!

    HiJackThis is a good option but, as I advised Peter, the first stop I'd do would be to run with Kaspersky's RescueDisk which is a suite of utilities that auto-boot from a memory stick, which will help you take back control of your computer and files.

    A quick word of warning - if anyone gets infected with malware and searches online for a solution, don't just click willy-nilly on links promising to sort it for you. Do some research on everything that you might be tempted to install because, despite the amazing claims alongside links in Google, some things are not all they're cracked up to be!


    Yup. Definitely don't just click on any old link promising to disinfect your machine - if anything I only really trust advice from established antivirus program providers like Kapersky etc.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •