Hi guys, here's something you really need to be aware of. I've just been hit by a lethal virus called Cryptowall 3. It re-encrypts most of your system and is ransom based, in other words , they want 500 Euros to send you the decrypter file and double that if you delay a week. It is aimed at business based people like us and in my case, it came as an attachment to an email from a guy sending his resume.My AV didn't pick it up.

For me, I'm 95% backed up so not too bad but I will have to format my drive partitions and reinstall Windows.

Just thought I'd warn you because this one is the worst I've seen.

That reminds me in the very early days when I got my first pc, google didn't exist yet and you could download software to use as a search-engine, I found something which if I recall right was called Bullseye and as soon as I double clicked it to install my pc did shutdown, restarted and I got a black screen with with text which looked like instructions scrolling down and I did pull the plug by then. When I had my pc serviced because it didn't boot anymore Bullseye appeared to be a virus that deleted the content from your harddrive, fun days... :)

I now have a image that I can re install with window only and one with windows and programs just incase something goes really bad.

Sorry to hear that Chris. Thanks for the warning. Shame this has to occur out there.

I keep a clone of my operating system drive on the shelf so if anything goes wrong I can just swap drives and go on. I am a firm believer that anything with malware or viruses is best dealt with a clean slate.

Glad you were not harmed by this.

This happened on a TV series about lawyers - I think it was called 'The Good Wife' recently. A hacker in Russia was hacking their system and witheld all of their documents regarding clients. They ended up threatening the hacker back by editing a video to show him insulting Putin. He changed his stance.

It's terrible that this is even possible. How can you even trust them to give you back your stuff if you give them £500, surely they could just ask for another £500 thereafter?!

Unreal. The police need to do a better job regarding this.

Sorry to hear of your troubles - great to hear that you have it sorted with the back up - even if the reformatting is a pain.

Are you using Windows or Mac?

How can you even trust them to give you back your stuff if you give them £500, surely they could just ask for another £500 thereafter?!

They won't, it's part of the scam, they are only after your money.

which AV program were you using.

Some notes on that nastiness here: The dangers of opening suspicious emails: Crowti ransomware - Microsoft Malware Protection Center - Site Home - TechNet Blogs (http://blogs.technet.com/b/mmpc/archive/2014/10/28/the-dangers-of-opening-suspicious-emails-crowti-ransomware.aspx)

Up-to-date backups and malware protection is key. I think it would be best not to pay, as that would just begin a spiraling cycle of ransom notes.

I use an iPad to open any suspicious email attachments. Never on a computer I care about.

Along similar lines, earlier this week, I upgraded my blog to a newer Wordpress theme.

I guess my website provider does scans for malicious code, and it turns out the one I had downloaded contained backdoors and other stuff.... so my accounts were suspended, meaning my website, blog, and other sites I run were taken offline.

Been cleaning and working on this for almost 24 hours now.

I use an iPad to open any suspicious email attachments. Never on a computer I care about.

Why would you want to open suspicious email attachments? :) I never ever do that. If I don't know the sender or if family or friends forward me these funny emails they get from other people that all goes straight to the bin.

There are a number of quite nasty viruses out there, the old rule of NEVER opening an attachment or downloading a file from an unknown source still applies.

I do a bit of computer repair for friends and family, and have been seeing some nasty stuff that piggybacks on legit downloads, hijacks your browser, and proceeds to suck in all kinds of garbage programs/malware/who knows what....

Recently I've seem more nasties that require a "wipe" and reinstall/restore to get things back right... rather than a clean and quarantine... just be careful out there!!

Hey Chris

Bad luck on that one! I had a similar one many years ago that taught me the lesson about never opening attachments from someone you don't know. If a "bride" sent me an attachment I would also be very wary!! An enquiry never needs any attachment!!

We have had Malware Bytes on our machines now for ages and never an issue!

Hope you can get rid of it!!!

Chris

Worse still is when a manufacturer installs virus type software on purpose! My wife bought a cheap Lenovo laptop. It's actually rather nice, but after I installed Firefox she had about three hours use before all hell broke loose. Every entry into google hijacked the browser, opening tons of windows, and a bit of research showed this is deliberate. Avg didn't help, and removing it the first time was ok for about three hours again, when it reinstalled. I eventually found a removal tool on the avg site, which worked. A bit of googling shows Lenovo are very unpopular for this, and for a manufacturer to sell the laptops cheap, but install dodgy software stinks a bit, doesn't it .

You're right Paul, a manufacturer deliberately installing malware DOES stink.

My wife thinks I'm paranoid about computer security, but she bought a Lenovo laptop (Windows 8) about a year ago and let me check it out first. By that I mean I installed Firefox and Thunderbird, set Firefox preferences up to reject all but the cookies she allows and and delete the history on exit, then added my favourite security add-ons. I then scanned it with my toolbox which has things like Malware Bytes, CCleaner and SpyBot on it along with others, installed a good internet security suite and turned the silly Windows one off, cleaned off any malware found and she has had no troubles at all - so far, touch wood etc.

I would recommend any Windows user to make up a toolbox with privacy and security software on it. All freeware, it can be on a CD which is most secure, or a USB stick which is more convenient. The reason is, some malware searches out security tools which are installed on the computer and neutralises them (often called "denial of service"), so with the toolbox it's a fresh attack with software the malware didn't know was there, which has a much higher chance of success. A regular scan is best. I use my toolbox to help keep the family's machines in order.

Another thing worth doing is to download a Linux distribution, Puppy is most often recommended for this, again it can be put on a CD or USB stick. Puppy runs entirely in RAM, so can even boot a machine without a hard drive. It will boot a non-bootable Windows machine and, as long as the hard drive is working, be able to retrieve all stored files and save them to an external hard drive or similar. I'm not suggesting it will unscramble Chris' encrypted files, it won't! It can also be used to remove malware once the files have been identified. There are instructions how to do this on the 'net, just needs a search. I always have one ready.

Dave

Another thing to do for safety is to disable flash in your browsers, or just uninstall it all together. Its not hard at all. with directions, takes maybe 15 seconds,

I agree Robert. One of my favourite Firefox add-ons is called No Script and it prevents Flash from running until I allow it.

Dave

Another good bit of advice - if you can remove the infected drive and use a USB external case or whatever to attach it to a uninfected machine, you have better results cleaning the nasties off... Trying to get rid of some current virii while the drive is "live" is like shoveling snow in a blizzard...

Many of the latest viruses can mutate a bit, or even have a "time bomb" reinfection mode, PLUS block any effort to install or run any "anti" software, once they've got your browsers/OS under their control. By not booting the drive, you get a better shot at removing the infection.

Probably not a bad idea to attack the infected drive from another OS, but never had issues thus far just using another Win-ders machine to do the primary eradication.


The encryption virus is of course another animal as it scrambles your uninfected files, which can't be unlocked without the "ransom" paid for the decryption code... have not seen that one in action YET, hope not to!! Only a clean current detached backup will give you recovery options from that one from what I've read of it...

And yes, it's a good idea to have a "toolkit" just in case! VERY wise to have a few arrows in the quiver in case an infection does get in, but I've still run into a couple browser hijack exploits that rendered the machine unusable, requiring a re-install.... in which case, you'll need that backup!

Removing the drive and attaching it to an uninfected machine and attacking it with Puppy Linux are pretty much just different sides of the same coin, the only difference is that it is possible to infect the uninfected machine, whereas Linux cannot be infected with Windows malware (and you don't have to remove the drive).
Many of the latest viruses ...............even have a "time bomb" reinfection mode, That's usually caused by LSOs, Flash cookies or super cookies, call them what you will, that hold much more information than a normal cookie and are not deleted when normal cookies are deleted. They need to be deleted first, they're found in the Flash folder, or it's probably easier to download a free Flash cookie deleting tool, easy to find with a quick search.

Another of my favourite Firefox extensions is Better Privacy, which I have set to delete Flash cookies when I exit Firefox.

Dave

My parallel job is computer technician and the last year I had 2 cases that a virus encrypt the photos, music, videos and documents and ask for money for decrypt. My opinion is that if you even pay the ranson you they never gonna send you the "cure". If you google it you can find solutions regarding the history files of restore system. Don't panic and don't pay just search... And the most important always have a backup of everything not because of viruses but because of disk accidents.

Touch wood I've never had this problem but it can't harm to be prepared - can anyone recommend a good windows drive clone application?

You can create a system image from within Windows 7 including applications and settings but is it any good?

Pete

Thanks for all your advice, guys. Been busy restoring this system. Fortunately, my other PC, the edit one which is not online ever, was not affected.
For the last few years, I've been using Ghost as a drive backup for my system drive and that's saved me a few times but it wasn't able to save me this time as the virus had spread across all my partitions.
It seemed to affect jpegs but not PNG files and quite a few .exe programs, also text files and pdfs.....enough to warrant a complete reinstall. It gave me a chance to put a new drive in anyway as the original was getting tired.
I had Windows Security and MalwareBytes on the PC but neither intercepted this virus which is why I posted here to let everyone know.
I will take the advice re having a flash drive with security tools on, some of it I didn't know so thanks for that.
It wouldn't have mattered if I had no backups, I would never have paid them a cent!

The thing I've noticed is that "piggybacking" seems to be a new vector - you install something you believe is OK (I've even seen one bugger apparently ride in on an AVG download!), and some nasties sneak in behind it - not sure how, but seems to "fool" the AV programs, I guess because it thinks you OK'd the install? Must be careful what you install, and from whence it cometh... and be extra cautious of all the little checkboxes that try to automatically add in toolbar extensions, and crapola you don't need....

For drive cloning, Seagate and WD have free versions of Acronis that work as long as one of the drives being cloned is "their" brand. I usually have a spare WD or Seagate laying around that can be used as an intermediate should that be needed.

Why would you want to open suspicious email attachments? :) I never ever do that. If I don't know the sender or if family or friends forward me these funny emails they get from other people that all goes straight to the bin.

Even if they say they are HOT? :D

... and be extra cautious of all the little checkboxes that try to automatically add in toolbar extensions, and crapola you don't need....And sometimes the buggers install anyway even when you decline! On my toolbox USB stick I keep an uninstaller, one that does a deep scan and can force an uninstall for the difficult ones, for just such an occasion.

Dave