Exactly the point I was making, removal is trivial (doesn't get you very far) and protection is a constant race as it is recoded to avoid AV signature detection. I think it's been fairly well stated here people should have backups!
Cryptolocker
- Thread starter jmacavali
- Start date
Exactly the point I was making, removal is trivial (doesn't get you very far) and protection is a constant race as it is recoded to avoid AV signature detection. I think it's been fairly well stated here people should have backups!
tmc8295
Baseband Member
- Messages
- 51
- Location
- United States
It's funny. I always hear about people taking about data side of this virus however I've removed this virus off of 8 computers now easily and the data was completely fine. Files worked fine and all were accessible. Anybody actually have their data locked? Or just going by what the virus says? Because we all know how honest viruses can be! 
Sent from my SCH-I605 using Computer Forums mobile app
Sent from my SCH-I605 using Computer Forums mobile app
OP
OP
jmacavali
Fully Optimized
- Messages
- 4,867
There are several different versions. But this virus really does lock your files. No other virus has actually been able to do that effectively before. So it's unlikely you were removing the actual Cryptolocker virus and more likely it was one of the other viruses like this one.
tmc8295
Baseband Member
- Messages
- 51
- Location
- United States
No it was definitely the crypto locker. I'm the senior technician at a big local store and there was an outbreak of them coming in when crypto first emerged, computer and many things locked out, including many files. But running a virus removal through a PE environment and then rebooting into safe mode and running virus scans through two other programs as well. Afterwards everything was working, there some corrupted files but nothing near worrying about in comparison to the ransom money
Sent from my SCH-I605 using Computer Forums mobile app
Sent from my SCH-I605 using Computer Forums mobile app
If you had locked files and then those steps you mention made things came back, then I can categorically assure you that it wasn't the variant of cryptolocker being discussed here that encrypted them. None of the samples I've seen in the past 6 months have exhibited this behaviour.
You could have had a cryptolocker infection, but the machine must not have been connected to the internet when when it got installed (hence never performed the encryption) as the decryption key is never on your computer so any AV would not be able to do anything about it. Cryptolocker achieves this by using asymmetric cryptography rather than more traditional full-disk encryption tools which use symmetric ciphers such as AES.
