Hacked By Ransomware
#31
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
How long woud you keep running this program?
Computer has an i7-740QM processor with a 256 GB SSD that is probably 90% full.
Here are the instructions I received from McAfee:
This has been running for 19 hours straight! No clue from McAfee on the phone what to do.
Opinions?
Here are the instructions I received from McAfee:
Create a folder in the root drive [C:] with the name “Scan” and download the zip file which has the “scan.exe” from the below link:
http://www.mcafeeasap.com/downloads/...32-6.0.1-l.zip
• Then download another zip file which has the latest “Beta Dat” files from the below link:
http://vil.nai.com/vil/virus-4d.aspx [Please select the file with the name “avvwin_netware_betadat.zip”]
Extract:
• Once the zip files downloaded, extract the “vscl-w32-6.0.1-l.zip” in the scan folder.
• Then extract the “avvwin_netware_betadat.zip” in the same folder.
• Move the files from the “vscl-w32-6.0.1-l” to the scan folder.
• Then move the files from “avvwin_netware_betadat” to the same scan folder.
NOTE: Please click on “Replace all” to replace the old dat files to the new one.
Create .bat file:
• Once the files extracted, follow the steps below to create a batch file to run the Command-line scan:
• Open a notepad and copy the command given below:
c:\scan\scan.exe /clean /all /adl /program /winmem /unzip /report c:\scan\scan-rpt.txt /rptall
• Save the notepad in the root drive [C:] with the name and extension as “Scan.bat”
Execute the scan in safe mode with command prompt:
Boot the computer in the safe with command prompt by tapping the F8 key while restarting the computer and selecting safe mode with command prompt in the advanced boot menu.
• Type the commands given below to start the SDAT scan:
Type cd\ and press enter.
Then type C:\Scan.bat and press enter.
• It will start the scan will take approximately 2-3 hours to complete the scan.
http://www.mcafeeasap.com/downloads/...32-6.0.1-l.zip
• Then download another zip file which has the latest “Beta Dat” files from the below link:
http://vil.nai.com/vil/virus-4d.aspx [Please select the file with the name “avvwin_netware_betadat.zip”]
Extract:
• Once the zip files downloaded, extract the “vscl-w32-6.0.1-l.zip” in the scan folder.
• Then extract the “avvwin_netware_betadat.zip” in the same folder.
• Move the files from the “vscl-w32-6.0.1-l” to the scan folder.
• Then move the files from “avvwin_netware_betadat” to the same scan folder.
NOTE: Please click on “Replace all” to replace the old dat files to the new one.
Create .bat file:
• Once the files extracted, follow the steps below to create a batch file to run the Command-line scan:
• Open a notepad and copy the command given below:
c:\scan\scan.exe /clean /all /adl /program /winmem /unzip /report c:\scan\scan-rpt.txt /rptall
• Save the notepad in the root drive [C:] with the name and extension as “Scan.bat”
Execute the scan in safe mode with command prompt:
Boot the computer in the safe with command prompt by tapping the F8 key while restarting the computer and selecting safe mode with command prompt in the advanced boot menu.
• Type the commands given below to start the SDAT scan:
Type cd\ and press enter.
Then type C:\Scan.bat and press enter.
• It will start the scan will take approximately 2-3 hours to complete the scan.
Opinions?
#32
FlyerTalk Evangelist
Join Date: Oct 2005
Location: Somewhere between here and there...
Programs: WWF, Appalachian Mountain Club
Posts: 11,595
#33
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,010
It's pretty hard to prosecute someone when you have no idea who they are, as they are using very sophisticated domain generation algorithms. There is far from a lack of interest. US-CERT and FBI-ICCC are working it rigorously.
#34
Join Date: May 2010
Posts: 542
My primary laptop was just hacked by ransomware. I am no sure if this is the kind I heard about recently on CNBC. I don't know if it has encrypted my files or is just blocking my computer.
The are demading $300 by MoneyPak or MoneyGram within 48 hours.
Any helpful advice will be appeciated. Please do not tel me I should have a Mac. That's not very hepful.
Note: I have and use regularly McAfee, Malwareytes (the free version) and SuperAntiSpyware (also the free version).
The are demading $300 by MoneyPak or MoneyGram within 48 hours.
Any helpful advice will be appeciated. Please do not tel me I should have a Mac. That's not very hepful.
Note: I have and use regularly McAfee, Malwareytes (the free version) and SuperAntiSpyware (also the free version).
Have you tried contacting their customer service to see what your options are?
The encryption the hackers to secure your files is very difficult to defeat. Seriously, this is a business now.
http://www.today.com/money/cryptoloc...ims-2D11586019
#35
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
#37
Join Date: Jul 2012
Location: @LAS
Programs: Concorde Connoisseur, ua 1mm
Posts: 152
Not just that... Frequent backups to a destination that is normally disconnected from your computer. Thankfully the current iterations of cryptolocker only prowl drive letters and not UNC shares. But if you have mapped network drives your system could be a conduit to a lot of destruction.
etc, i.e. something not random access) once in a while. Problem solved.
#38
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,312
Do you have unencrypted backups of the files you need to recover from that computer?
Do you understand that if your files are encrypted and you do not have unencrypted backups of the important files you should not remove the malware until your files are decrypted? The malware is the only thing that will decrypt them. Removing the malware will not decrypt your files.
Just making sure you understand this since you are running that McAfee thing.
-David
Do you understand that if your files are encrypted and you do not have unencrypted backups of the important files you should not remove the malware until your files are decrypted? The malware is the only thing that will decrypt them. Removing the malware will not decrypt your files.
Just making sure you understand this since you are running that McAfee thing.
-David
#39
Join Date: Jun 2001
Location: A small town in North Georgia
Programs: DL Platinum Medallion, AA
Posts: 1,627
Landing Gear,
If you look at the web site for consumer radio show host Clark Howard and search for ransom ware, you will find a lot of information and solutions.
www.clarkhoward.com
If you look at the web site for consumer radio show host Clark Howard and search for ransom ware, you will find a lot of information and solutions.
www.clarkhoward.com
#40
Join Date: Nov 2005
Location: SIN / SFO
Programs: UA GS, SQ PPS, Hyatt Globalist, Marriott Titanium, Hilton Diamond, Accor Gold
Posts: 1,217
If you are unfortunate enough to have picked up a CryptoLocker infestation, there is no known way to recover your data short of paying the ransom. Be careful as the price goes up substantially if you do not pay by their initial deadline. On the other hand, if you were lucky (a relative term here) enough to catch some other ransomware variant that does not actually encrypt your data, you should be able to recover your documents without paying.
As others have said—and this is not intended to be condescending—regular backups are critical as they provide an extremely simple solution to these types of issues. Unfortunately, most people do not realise just how valuable a backup can be until after they already need one.
Good luck.
As others have said—and this is not intended to be condescending—regular backups are critical as they provide an extremely simple solution to these types of issues. Unfortunately, most people do not realise just how valuable a backup can be until after they already need one.
Good luck.
#41
Join Date: Jun 2004
Location: Anchorage, AK
Programs: Lifetime AS 1MM & MVPG, AS MVPG100K, AA, DL, HH-G
Posts: 8,259
I don't know if this will help, but I got this virus about a year ago. I had set up a second account on my PC that I accessed and reset the computer to a previous restore point, prior to the virus. It went away and has not been back, yet......
In my case, it blocked me from using the computer. It would run for about a minute but then a ransom message popped up. It did not go after any files AFAICT.
Geek Squad basically told me to wipe out the hard drive & start over again. I was not willing to do that.
In my case, it blocked me from using the computer. It would run for about a minute but then a ransom message popped up. It did not go after any files AFAICT.
Geek Squad basically told me to wipe out the hard drive & start over again. I was not willing to do that.
Last edited by BOB W; Nov 21, 2013 at 7:30 pm
#42
FlyerTalk Evangelist
Join Date: Oct 2005
Location: Somewhere between here and there...
Programs: WWF, Appalachian Mountain Club
Posts: 11,595
Exactly. My reply was not meant to be condescending. It just appears the simplest, cheapest, most foolproof solution is escaping you. Its hindsight now as you did not have a backup, but investing in new anti-malware software is just not the way to ensure you do not have this problem again.
If I had a dime for every time the answer was 'Huh?' To someone saying to me 'Hey Tkey, it seems I've an issue here' and my very first question is 'Where's your backup'...
If I had a dime for every time the answer was 'Huh?' To someone saying to me 'Hey Tkey, it seems I've an issue here' and my very first question is 'Where's your backup'...
#43
Join Date: Jul 2012
Location: @LAS
Programs: Concorde Connoisseur, ua 1mm
Posts: 152
and copy your files to a usb hd and start over with a fresh windoze.
Or better yet, use ubuntu while it has its own quirks (but fewer) the
amount of malware out there to get you is orders of magnitude smaller.
#44
FlyerTalk Evangelist
Join Date: Mar 2004
Location: Newport Beach, California, USA
Posts: 36,062
I don't know if this will help, but I got this virus about a year ago. I had set up a second account on my PC that I accessed and reset the computer to a previous restore point, prior to the virus. It went away and has not been back, yet......
Geek Squad basically told me to wipe out the hard drive & start over again. I was not willing to do that.
Geek Squad basically told me to wipe out the hard drive & start over again. I was not willing to do that.
As for Geek Squad, don't waste your time or money -- my wife knows more about computers and she doesn't know anything about computers.