Cryptolocker

This seems to be rather complete ↓....Good Luck...this is why we back up our files people...

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

As I said, I have back-ups and I can always call in our IT guy.

I think our software protection may have lapsed, since we're switching IT companies and I'm not the most regimented guy on the block.

So, flog away, but I'd like some expert opinions mixed in.

First question is do I turn the PC off? It is normally on all the time.

It needs to be disconnected from the internet to stop encryption process....Do you have version 2.0?...or the original?

Lyn: I'm curious what OS your using, and what virus scan program was active. I understand it (the virus scan application) may not have the latest scan files (which may not have helped if this is a java script that did this).

If you look at the browser history, can you figure out what web site did this?

I still am a believer in using a browser (e.g. firefox with addons) that automatically blocks all cookies and java script, and only you can enable these on a per site basis. It may be annoying to have to turn these on with new sites visited, but I think it worth my time.

Hope this never happens to me.

Edit:

I just read Solar Eagle's virus description link:

Looks like this comes from emails with exe attachments disguised as pdf.

Tricky

IE 9 or 10 and Malwarebytes, I think.

I've taken the PC off-line and turned it off, for now.

I'll give it to the IT guy on Monday and use my laptop.

My problem was probably assuming that our IT guy was on top of this.

I'll research this more over the weekend.

The good news is I have everything backed up, so starting over won't be a big ordeal.

I will report this..........................................

Probably does not matter what version of browser if this came through the email system.

For some reason I have a picture of Mr. T in my head saying "whos the damn fool who clicked on that file link!!".

This has got to be very frustrating.

So this is why winXP, 7 (never used 8) is always telling me that the program you are about to run can cause harm to your system, and makes you liable for damages by clicking 'yes'. I don't know that any virus scan program would detect this unless they were specifically designed to analyze for functional operation. I need to research this to see if this is detectable by existing products, as this can happen to any of us.

I don't know squat about this, but my son, the head of an IT dep't, does. I had a virus and he told me that some viruses (viri?) hide themselves from Windows, and that I should get the FREE BitDefender Rescue disc, which boots up your machine in Linux and then does a scan that nails the ones that can hide from Windows software. It worked for me. Some of the online instructions were pretty geek, though, and sketchy for speakers of plain English. At any rate, I think I'm going to send BitDefender some money.

You are assuming the infection occurred while browsing. With all the new hacker break throughs in firewall hacking, a direct attack on your IP is the preferred mode of attack. You just need to be connected to a network that has a gateway to the internet while your computer is on. Modern malware is propagated from a server. This allows the server to select a batch of attack routines specific to dozens of OSs.

The big news on that front is rourters and even DVRs are now infected with botnets. These can reinfect your computer as soon as you reconnect to your network. There isn't anyway to remove a botnet from a DVR that I know of. I guess you need to reflash the fiirmware and 'kill' the memory if that is even possible.

A back up is your only hope.

"The big news on that front is rourters and even DVRs are now infected with botnets."

You're making me glad I do all mt DVR'ing on VHS still.

Wait, they have't found a way to infect my tapes, have they?

No they don't want to infect tapes and probably can't. I doubt if there is a processor in a VCR or tape player.

Lo-tech is coming back!

Most think this is foolishness. I have a friend that thought I was paranoid but was wise enough to read some articles I sent him links to. He actually followed through and did some specific checks. He uncovered a smoking gun. He can't open his host file. Some malware has it opened exclusively not to stop him from reading it but to keep other malware from using it. By altering that a hacker can change the IP address for his automatic updates to come from a malware site. That computer is toast!

Searching for any protection vendors that prevent this, turns out does not exist. The links I found all indicated this happens via opening a realistic (but fraudulent) email attachment.

Your IT guy could not do anything to prevent this.

I'm not doing anything until I give it to the IT guy, but thanks.

I ran antivirus software and that MAY have found it, but I'm not taking any chances.

I don't mormally open anything I don't recognize as legitimate.

I do have a clerk who enters data for me after I go home each night. He and I will have a long talk tomorrow.

Thanks to all.

Certainly goriyaak can get that code for you...

goriyaak has gone on to that big trash heap.

No help there.

I hate those scareware and hostageware "programs". I had one that someone brought to work on a CD which was a bitch to get off of the system. It had a neat little feature that changed the BIOS splash screen to an all black bitmap. The server was booting up just fine, but you couldn't see anything. I memorized the keystrokes to reset the BIOS to the stored state, then finally moved forward.

IT guy says I've lost lots of sruff.

Said my antivirus was not working properly and had informed the office staff of this a month ago.

Only problem, nobody ever bothered to tell me.

Said my antivirus was not working properly and had informed the office staff of this a month ago.

Did that IT person bother to follow up on this?

Surely it is the IT dept's responsibility to actually make the anti virus work properly not just tell the office staff that it's not.

There is no "IT department".

We are a small non-profit.

There are 5 people with PC's and, yes, the idiots surely should have informed me.

The contract IT guy now knows that he is to deal with me.

I will conduct my own IT work, which I should have been doing all along.

I still don't know how much data I've lost.

Got my PC back this morning.

The IT guy said these scumbags are getting creative with the mal-ware.

Heart Bleed has been compromised, etc.

Anyway, the good news is that I got it back virus free.

The bad news is that I will have to restore some files from the back-ups. So far, I've been able to restore 99% of the files I needed today.

I may have lost some copies of parking tickets issued by our parking enforcement officers, but all of that evidence is intact or easily recoverable. I haven't gotten to those yet.

The scumbags are kind enough to leave a list of all the files they encrypt. There's a lot of junk that they copied that I needed to delete anyway, so all in all, it was an aggravation, not a disaster.

Thanks for the advice, and keep your anti-virus up to date and active in the background.