I think that I may have crypt locker

[Onceler]

up popped up on my screen that if I don't pay thousands of dollars and that I have thirty days to pay or my files will be deleted.
Anyone know whats going on and if it is possible to recover without paying. Hoe can I tell if I am infected or not. As far as I can tell the d: drive files are playing just fine. I don't know about any of the others.
Thank you.

 

[Onceler]

I just thought about it and if my files were encryted I would not be able to open and play them. Am I right in assuming this?

 

[blurredvision]

I just thought about it and if my files were encryted I would not be able to open and play them. Am I right in assuming this?

This is correct.

 

[stinger608]

Jump on and download, install, and run Combofix!!!

http://www.bleepingcomputer.com/download/combofix/

Heavily infected systems can take several hours for Combofix to delete everything. It may seem as though nothing is going on, but leave it running until it finishes. I had one system that took almost 24 hours.

 

[Iron Woode]

Jump on and download, install, and run Combofix!!!

http://www.bleepingcomputer.com/download/combofix/

Heavily infected systems can take several hours for Combofix to delete everything. It may seem as though nothing is going on, but leave it running until it finishes. I had one system that took almost 24 hours.

or he may have to boot off a liveCD of either Ultimate Boot Disc or Hiren's Boot Disc or even a Kapersky Rescue Disc (http://support.kaspersky.com/4162).

 

[John Connor]

http://www.surfright.nl/en/kickstart

Next time use Sandboxie.

 

[code65536]

Jump on and download, install, and run Combofix!!!

http://www.bleepingcomputer.com/download/combofix/

Heavily infected systems can take several hours for Combofix to delete everything. It may seem as though nothing is going on, but leave it running until it finishes. I had one system that took almost 24 hours.

If he really does have CryptoLocker, then forcibly removing it would mean that he can no longer pay the ransom and would also mean that he loses all of the data that had been encrypted.

On the other hand, if this is a cheap scareware program that's trying to get him to cough up money by pretending to by CryptoLocker, then, yea, kill it with fire.

Note the CL only encrypts certain kinds of files. Mostly stuff used in office settings, like word processor documents, PDFs, spreadsheets, etc. Small, high-value irreplaceable stuff that it can get to quickly; it won't bother with large files that you can easily re-download, like, say, your porno collection. So check those your Word docs if you're trying to determine if you've really been it.

 

[compman25]

If you really have it I'd follow this guide, specifically #13 http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

 

[Ketchup]

or he may have to boot off a liveCD of either Ultimate Boot Disc or Hiren's Boot Disc or even a Kapersky Rescue Disc (http://support.kaspersky.com/4162).

Worked on a laptop with this one a few months ago and Kaspersky was able to take care of the major program removal.

 

[G73S]

how did you get it in the first place? are you one of those people who run without an AV thinking your common sense knows better? (no offense)

 

[code65536]

how did you get it in the first place? are you one of those people who run without an AV thinking your common sense knows better? (no offense)

Did you miss all the stories about Crypto Locker hitting victims who naïvely thought they were protected by AV? This one, for example.

Hint: Search for "fud crypter" and maybe you'll finally understand why AV is largely ineffective as a primary defense and why it's little more than money-grabbing security theater.

 

[G73S]

Did you miss all the stories about Crypto Locker hitting victims who naïvely thought they were protected by AV? This one, for example.

Hint: Search for "fud crypter" and maybe you'll finally understand why AV is largely ineffective as a primary defense and why it's little more than money-grabbing security theater.

wow, thanks a lot for that link, very informative and made me change my opinion of having an AV is not 100% secure against such new threats.

 

[Onceler]

I don't know how I got it, I do run AV but somehow this got through.
I don't have it anymore.

 

[John Connor]

Um, my post in #6 said run Sandboxie next time! Do so!

 

[G73S]

I don't know how I got it, I do run AV but somehow this got through.
I don't have it anymore.

which AV did you have when you got it?

 

[Onceler]

avg

 

[Hugh Jass]

This guy? On your PC? That's nasty stuff.

 

[nk215]

best way to protect yourself is to browse the web inside a Linux virtual machine. Zorin is looks just like WinXP and run fast under VMware environment.

 

[Kaido]

I've seen full-page ads on client machines twice this week pretending to be the Cryptolocker Moneypak virus - it bounces between tabs so you can't close it without killing the browser exe or rebooting. Pretty slick coding, but very annoying & scares you into thinking you got the crypto.