[GeekRick]

Greetings,

 

I am curious, though, I've never been infected with Cryptowall and wanted to know the strengths/weakness of Cryptroprevent? 

 

Question, does it "actually" work? 

 

Can anyone prove credibility that it works? 

 

Case in point, we've had clients that's been infected with Cryptowall. We want to ensure PC/Servers/OSX are properly hardening as I am learning toward Pentesting and compliance. Not a complete expert but learning.

 

I also hope this is the proper forum to ask such a question since it is technically still malware infected with encryption.

 

Thanks

 

[Advertisements]

It looks like it should work.  I recommend it to all of my clients and have it on my own PCs.   If you run FRST on a PC then install Cryptoprevent and run FRST again you can see a lot of what it does. ( FRST flags the entries:)

 

HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION

HKLM Group Policy restriction on software: *‮* <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION

 

Ron

[RKinner]

It looks like it should work.  I recommend it to all of my clients and have it on my own PCs.   If you run FRST on a PC then install Cryptoprevent and run FRST again you can see a lot of what it does. ( FRST flags the entries:)

 

HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION

HKLM Group Policy restriction on software: *‮* <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION

 

Ron

[GeekRick]

Thanks, Ron,

 

Do you have "premium" or free version?

 

We got another new client that has Crytolocker, and in the process of performing a format. Client didn't have File Restore (Win 8) or Previous version (win 7 and past OS) turned on, and no type of backups running.

 

Technically, backup jobs can be great, but I wonder if Cryptolocker encrypted drives not physically attached but on the server? There is no mapped drives to the backup drive, just the program pointing to the PC to backup. I was curious on linked connection to the backup drive would have any effect? I do know that mapped drives are affected.

 

Let me know... 

 

Thanks

 

 

FYI: How do I set my threads and threads I replied to to notify me a reply was made? I'm not getting any notifications. 

[RKinner]

Free version.  Premium just has an autoupdate feature.

 

I have a link to a guy who claims he can decrypt most cryptolocker files:

 

https://www.decryptcryptolocker.com/

 

However, if it's cryptowall it's probably toast:

 

http://www.bleepingc...are-information

 

For your replies, it should be automatic so make sure your email address associated with your account on g2g is correct and that your spam filter is not eating the replies.  

 

There is an option at the top of the topic to follow or unfollow the topic.  It should say Unfollow this Topic  if it says Follow this topic then clicking on it should start the emails flowing but just for this topic.  You might want to check your account setting:

 

Double click on your picture on this page and it should take you to your account.  In the upper right corner it should say Edit My Profile.  Click on that and then Notification Options.  This is what mine looks like:

 

[attachment=74194:g2gnoti.jpg]

 

 

[GeekRick]

Thanks for the reply, Ron,

 

I have used decryptor before, it isn't always perfect. 

 

However, do you know a website where it is contained an infection, like Cryptolocker? I want to test it in real time. Or has the link been taken down already?

 

Notification, I just ticked the "Immediately" box to activate the email notification. I have a spam filtered for reflexion, and don't see any *@g2g.com... or *@geektogo.com... 

 

Thanks!

[GeekRick]

PS: I just tested it and found a website that allows me to test variant of Cryptolocker.

 

It does actually work, not bad for a free version. Yet, free version doesn't get updates... which is fine.. I could always just download the updates myself and the clients.. 

[GeekRick]

I retract my comments about testing Cryptolocker... Do you or anyone know of a link that can truly test Cryptolocker?

 

Thanks

[RKinner]

Sorry No idea.  I expect as soon as one is identified it gets taken down.

[GeekRick]

I agreed... I was looking at a video that displayed the link contained Cryptolocker, 1 Channel by Vodly ***.com... 

 

Thanks